登录ip限制

o2server/x_base_core_project/src/main/java/com/x/base/core/project/http/HttpToken.java

@@ -38,7 +38,7 @@ public class HttpToken {
 
 	public EffectivePerson who(HttpServletRequest request, HttpServletResponse response, String key) throws Exception {
 		EffectivePerson effectivePerson = this.who(this.getToken(request), key);
-		effectivePerson.setRemoteAddress(this.remoteAddress(request));
+		effectivePerson.setRemoteAddress(HttpToken.remoteAddress(request));
 		effectivePerson.setUserAgent(this.userAgent(request));
 		effectivePerson.setUri(request.getRequestURI());
 		// 加入调试标记
@@ -191,7 +191,7 @@ public class HttpToken {
 		request.setAttribute(X_Person, effectivePerson);
 	}
 
-	private String remoteAddress(HttpServletRequest request) {
+	public static String remoteAddress(HttpServletRequest request) {
 		String value = Objects.toString(request.getHeader("X-Forwarded-For"), "");
 		if (StringUtils.isEmpty(value)) {
 			value = Objects.toString(request.getRemoteAddr(), "");

o2server/x_organization_assemble_authentication/src/main/java/com/x/organization/assemble/authentication/jaxrs/authentication/BaseAction.java

@@ -4,6 +4,8 @@ import java.util.ArrayList;
 import java.util.Comparator;
 import java.util.Date;
 import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 
 import javax.servlet.http.HttpServletRequest;
@@ -72,6 +74,11 @@ abstract class BaseAction extends StandardJaxrsAction {
 		EffectivePerson effectivePerson = new EffectivePerson(person.getDistinguishedName(), tokenType,
 				Config.token().getCipher());
 		if ((null != request) && (null != response)) {
+			String clientIp = HttpToken.remoteAddress(request);
+			logger.debug("{} client ip is : {}",person.getDistinguishedName(), clientIp);
+			if(!this.checkIp(clientIp, person.getIpAddress())){
+				throw new ExceptionInvalidIpAddress(clientIp);
+			}
 			httpToken.setToken(request, response, effectivePerson);
 		}
 		t.setToken(effectivePerson.getToken());
@@ -283,4 +290,25 @@ abstract class BaseAction extends StandardJaxrsAction {
 		}
 	}
 
+	protected boolean checkIp(String clientIp, String ipAddress){
+		boolean returnValue = true;
+		if(StringUtils.isNotEmpty(clientIp) && StringUtils.isNotEmpty(ipAddress)){
+			try {
+				String[] ipAddressArr = StringUtils.split(ipAddress, ",");
+				for (String regIp : ipAddressArr) {
+					if(StringUtils.isNotEmpty(regIp)) {
+						Pattern pattern = Pattern.compile(regIp.trim());
+						Matcher matcher = pattern.matcher(clientIp);
+						returnValue = matcher.find();
+						if(returnValue){
+							break;
+						}
+					}
+				}
+			} catch (Exception e) {
+			}
+		}
+		return returnValue;
+	}
+
 }

o2server/x_organization_assemble_authentication/src/main/java/com/x/organization/assemble/authentication/jaxrs/authentication/ExceptionInvalidIpAddress.java

@@ -0,0 +1,12 @@
+package com.x.organization.assemble.authentication.jaxrs.authentication;
+
+import com.x.base.core.project.exception.PromptException;
+
+class ExceptionInvalidIpAddress extends PromptException {
+
+	private static final long serialVersionUID = -4915257511363100070L;
+
+	ExceptionInvalidIpAddress(String ip) {
+		super("客户端IP限制，当前IP：{}.", ip);
+	}
+}

o2server/x_organization_core_entity/src/main/java/com/x/organization/core/entity/Person.java

@@ -265,6 +265,13 @@ public class Person extends SliceJpaObject {
 	@CheckPersist(allowEmpty = true)
 	private String lastLoginClient;
 
+	public static final String ipAddress_FIELDNAME = "ipAddress";
+	@FieldDescribe("允许登录的IP.")
+	@Column(length = JpaObject.length_128B, name = ColumnNamePrefix + ipAddress_FIELDNAME)
+	@Index(name = TABLE + IndexNameMiddle + ipAddress_FIELDNAME)
+	@CheckPersist(allowEmpty = true)
+	private String ipAddress;
+
 	public static final String mail_FIELDNAME = "mail";
 	@Flag
 	@FieldDescribe("邮件地址.")
@@ -818,4 +825,12 @@ public class Person extends SliceJpaObject {
 	public void setWeLinkHash(String weLinkHash) {
 		this.weLinkHash = weLinkHash;
 	}
+
+	public String getIpAddress() {
+		return ipAddress;
+	}
+
+	public void setIpAddress(String ipAddress) {
+		this.ipAddress = ipAddress;
+	}
 }