工作原理
利用strust2的action通配对保护的图片得到后返回流文件,如果目录下没有找到图片,则返回未找到图片提示;对请求的IP进行对比,如果不在允许的IP列表时则返回没有权限的图片。
首先在struts.properties文件中添加查询后缀,struts的默认为action,可以添加多个,中间用“,”隔开
struts.i18n.encoding = UTF-8 struts.action.extension = html,jpg struts.devMode=true struts.custom.i18n.resources=messageResource struts.locale=zh_CN struts.multipart.saveDir=javax.servlet.context.tempdir struts.ui.theme=simple struts.enable.DynamicMethodInvocation=true
添加action类Test,其中有两个属性:String contentType,InputStream bis,前者是制定输出的流文件类型,后一个是文件流
package test.com.eca.service; import java.io.BufferedInputStream; import java.io.BufferedOutputStream; import java.io.FileInputStream; import java.io.IOException; import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.servlet.http.HttpServletRequest; import main.com.eca.util.JsonUtil; import org.apache.struts2.ServletActionContext; import org.nail.common.BaseAction; import com.opensymphony.xwork2.Action; public class Test extends BaseAction { private BufferedOutputStream bos = null; private BufferedInputStream bis = null; private String imgPath; private String contentType; public String testImg() throws Exception { HttpServletRequest request = ServletActionContext.getRequest(); System.out.println("request.getHeader(\"user-agent\")" + request.getHeader("user-agent")); System.out.println("请求来源于浏览器 :"+BrowseTool.checkBrowse(request.getHeader("user-agent"))); // 访问图片后缀 StringBuffer requestUrl = request.getRequestURL(); String fileType = requestUrl.substring(requestUrl.lastIndexOf(".")); // 得到访问的IP String reqIp = IpUtils.getIpAddr(request); System.out.println("img : " + imgPath + fileType); System.out.println("ip : " + reqIp); // 的到允许的IP的Map if ("127.0.0.1".equals(reqIp)) { bis = new BufferedInputStream(new FileInputStream( "D:/images/no_acc_image.jpg")); return Action.SUCCESS; } // 判断是否有权限 try { try { bis = new BufferedInputStream(new FileInputStream("D:/images/" + imgPath + fileType)); } catch (Exception e) { // e.printStackTrace(); bis = new BufferedInputStream(new FileInputStream( "D:/images/no_image.jpg")); } } catch (final IOException e) { e.printStackTrace(); } catch (Exception e) { e.printStackTrace(); } return Action.SUCCESS; } public static void main(String[] args) throws Exception { System.out.println("abcds".substring("abcds".indexOf("c"))); } public BufferedOutputStream getBos() { return bos; } public void setBos(BufferedOutputStream bos) { this.bos = bos; } public BufferedInputStream getBis() { return bis; } public void setBis(BufferedInputStream bis) { this.bis = bis; } public String getImgPath() { return imgPath; } public String getContentType() { return contentType; } public void setContentType(String contentType) { this.contentType = contentType; } public void setImgPath(String imgPath) { this.imgPath = imgPath; } } /** * * @author cc 20120307 */ class BrowseTool { private final static String IE5_5 = "MSIE 5.5"; private final static String IE9 = "MSIE 9.0"; private final static String IE8 = "MSIE 8.0"; private final static String IE7 = "MSIE 7.0"; private final static String IE6 = "MSIE 6.0"; private final static String MAXTHON = "Maxthon"; private final static String QQ = "QQBrowser"; private final static String GREEN = "GreenBrowser"; private final static String SE360 = "360SE"; private final static String FIREFOX = "Firefox"; private final static String OPERA = "Opera"; private final static String CHROME = "Chrome"; private final static String SAFARI = "Safari"; private final static String OTHER = "其它"; public static String checkBrowse(String userAgent) { if (regex(OPERA, userAgent)) { return OPERA; } else if (regex(CHROME, userAgent)) { return CHROME; } else if (regex(FIREFOX, userAgent)) { return FIREFOX; } else if (regex(SAFARI, userAgent)) { return SAFARI; } else if (regex(SE360, userAgent)) { return SE360; } else if (regex(GREEN, userAgent)) { return GREEN; } else if (regex(QQ, userAgent)) { return QQ; } else if (regex(MAXTHON, userAgent)) { return MAXTHON; } else if (regex(IE9, userAgent)) { return IE9; } else if (regex(IE8, userAgent)) { return IE8; } else if (regex(IE7, userAgent)) { return IE7; } else if (regex(IE6, userAgent)) { return IE6; } else if (regex(IE5_5, userAgent)) { return IE5_5; } return OTHER; } private static boolean regex(String regex, String str) { Pattern p = Pattern.compile(regex, Pattern.MULTILINE); Matcher m = p.matcher(str); return m.find(); } } class IpUtils { public static String getIpAddr(HttpServletRequest request) { String ip = request.getHeader("X-Forwarded-For"); if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("Proxy-Client-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("WL-Proxy-Client-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("HTTP_CLIENT_IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("HTTP_X_FORWARDED_FOR"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getRemoteAddr(); } return ip; } }
在actionContext.xml文件中加入bean配置:
<bean id="test" class="test.com.eca.service.Test" parent="baseAction" scope="prototype"> </bean>
之后配置action配置
<package name="test" extends="struts-default" namespace="/images"> <!-- 测试图片权限管理 --> <action name="*" class="test" method="testImg"> <param name="imgPath">{1}</param> <result type="stream"> <param name="contentType">image/jpeg</param> <param name="inputName">bis</param> <!-- 指定下载的文件名 --> <!--<param name="contentDisposition">filename="wjc_lgo.jpg"</param>--> <!-- 指定下载文件时的缓冲大小 --> <!--<param name="bufferSize">1024</param>--> </result> </action> </package>其中注意,namespace要加入“/”,否则输入地址“http://xxx/images/abc.jpg”则无法找到,平配置意思为地址路径为“http://xxx/images/”开头的,已“.jpg”结尾的所有的请求都转为处理。
例如:“http://xxx/images/abc.jpg”并将“imgPath”作为参数调用action的方法
inputName指定为action的文件流的名称
下载的文件名、缓冲区大小在此不配置也可以
完成后地址栏输入“http://192.168.2.15:5050/ecs/images/tomcat.jpg”后就可以看到成果了