Shulou(Shulou.com)06/02 Report--

This article mainly introduces how to achieve intrusion detection in Java Web, the article introduces in great detail, has a certain reference value, interested friends must read it!

There are two kinds of Java Web applications, one is pure JSP (+ Java Bean), the other is based on framework (such as Struts, EasyJWeb, etc.). The first way of Java Web can be realized through the Filter interface in Java Servlet, that is, to implement a Filter interface, insert the intrusion detection program in its doFilter method, and then make a simple configuration in web.xml. In framework-based Web applications, because all applications have an entry, the intrusion detection program can be directly inserted into the framework entry engine to make the framework itself support the intrusion detection function. Of course, it can also be achieved by implementing the Filter interface.

In the EasyJWeb framework, a simple intrusion detection program has been placed, so here we take the EasyJWeb framework as an example to introduce the specific implementation method and source code, the complete code can be found in the EasyJWeb source code.

In EasyJWeb-based Java Web applications (such as http://www.easyjf.com/bbs/), by default, as long as you refresh the page too many times in a row, the following error will pop up:

EasyJWeb frame friendly Tip!: -):

You refreshed the page too fast, please wait 60 seconds before refreshing the page!

Second, user access information recording UserConnect.java class

This class is a simple Java Bean that mainly represents the user's information, including user name, IP, first access time, last login time, login times, user status, and so on. All

The code is as follows:

Package com.easyjf.web

Import java.util.Date

/ * *

*

*

Title: user authentication information

*

Description: record user login information and judge user login status

*

Copyright: Copyright (c) 2006

*

Company: www.easyjf.com

* @ author Tsai Shiyou

* @ version 1.0

, /

Public class UserConnect {

Private String userName

Private String ip

Private Date firstFailureTime

Private Date lastLoginTime

Number of private int failureTimes;// user login failures

Private int status=0;// user status 0 indicates normal, and-1 indicates locked

Public int getFailureTimes () {

Return failureTimes

}

Public void setFailureTimes (int failureTimes) {

This.failureTimes = failureTimes

}

Public Date getFirstFailureTime () {

Return firstFailureTime

}

Public void setFirstFailureTime (Date firstFailureTime) {

This.firstFailureTime = firstFailureTime

}

Public String getIp () {

Return ip

}

Public void setIp (String ip) {

This.ip = ip

}

Public Date getLastLoginTime () {

Return lastLoginTime

}

Public void setLastLoginTime (Date lastLoginTime) {

This.lastLoginTime = lastLoginTime

}

Public String getUserName () {

Return userName

}

Public void setUserName (String userName) {

This.userName = userName

}

Public int getStatus () {

Return status

}

Public void setStatus (int status) {

This.status = status

}

}

3. Monitoring thread UserConnectManage.java class

This is the core part of intrusion detection, mainly to achieve specific intrusion detection, recording, judging user information, online user refresh and other functions, and provide other applications to use this component call interface.

Package com.easyjf.web

Import java.util.Date

Import java.util.HashMap

Import java.util.HashSet

Import java.util.Iterator

Import java.util.Map

Import java.util.Set

Import org.apache.log4j.Logger

/ * *

*

*

Title: user intrusion detection information

*

Description: used to check the refresh status of users. The default is that 10 consecutive connections within 10 seconds is a timeout.

*

Copyright: Copyright (c) 2006

*

Company: www.easyjf.com

* @ author Tsai Shiyou

* @ version 1.0

, /

Public class UserConnectManage {

Private static final Logger logger = (Logger) Logger.getLogger (UserConnectManage.class.getName ())

Maximum number of login failures for private static int maxFailureTimes=10;//

Private static long maxFailureInterval=10000;// milliseconds to reach the maximum number of logins and within this time range

Wait time for accepting connection after private static long waitInterval=60000;// failure. Default is 1 minute.

The maximum number of simultaneous online private static int maxOnlineUser=200;//

Private final static Map users=new HashMap (); / / use ip+userName to store user login information for key UserLoginAuth

Private static Thread checkThread=null

Private static class CheckTimeOut implements Runnable {

Private Thread parentThread

Public CheckTimeOut (Thread parentThread)

{

This.parentThread=parentThread

Synchronized (this) {

If (checkThread==null) {

CheckThread= new Thread (this)

/ / System.out.println ("create a new thread!")

CheckThread.start ()

}

}

}

Public void run () {

While (true)

{

If (parentThread.isAlive ()) {

Try {

Thread.sleep (2000)

Int iTunes 0

If (users.size () > maxOnlineUser) / / clear when the maximum number of users is reached

{

Synchronized (users) {/ / perform delete operation

Iterator it=users.keySet () .iterator ()

Set set=new HashSet ()

Date now=new Date ()

While (it.hasNext ())

{

Object key=it.next ()

UserConnect user= (UserConnect) users.get (key)

If (now.getTime ()-user.getFirstFailureTime (). GetTime () > maxFailureInterval) / / Delete users who time out

{

Set.add (key)

ITunes +

}

}

If (imaxFailureTimes)

{

/ / if within a limited time interval, the information that the user connection is rejected is returned.

If ((now.getTime ()-auth.getFirstFailureTime (). GetTime ()) {

Ret=false

Auth.setStatus (- 1)

}

Else if (auth.getStatus () =-1 & & (now.getTime ()-auth.getFirstFailureTime (). GetTime ())

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.