jvm-sandbox實(shí)戰(zhàn)之編寫(xiě)簡(jiǎn)單案例

我們來(lái)編寫(xiě)一個(gè)非常非常簡(jiǎn)單的黑名單用戶(hù)的案例。

編寫(xiě)一個(gè)方法,通過(guò)用戶(hù)編號(hào)獲取用戶(hù)信息,但是在黑名單內(nèi)的用戶(hù)訪(fǎng)問(wèn)的話(huà),會(huì)拋出一個(gè)異常:用戶(hù)鑒定沒(méi)有權(quán)限!,非黑名單的用戶(hù)則可以訪(fǎng)問(wèn)用戶(hù)信息。

構(gòu)建一個(gè)客戶(hù)端demo

首先我們構(gòu)建一個(gè)springboot的demo,具體環(huán)境就搭建了,直接上主流程代碼:

/**
 * 獲取用戶(hù)信息
 * @author liukaixiong
 * @Email liukx@elab-plus.com
 * @date 2021/11/5 - 13:38
 */
public class User {

    public String getUser(String userId) {
        System.out.println("獲取用戶(hù)編號(hào): " + userId);
        return userId;
    }

}

然后我們通過(guò)HTTP接口暴露一個(gè)服務(wù)接口,通過(guò)參數(shù)傳遞userid:

@GetMapping(value = "/user", produces = "application/json;charset=UTF-8")
public Map<String, Object> user(@RequestParam("body") String body) {
    new User().getUser(body);
    return trues();
}

正常情況的話(huà),無(wú)論誰(shuí)訪(fǎng)問(wèn)都不會(huì)拋出異常。

編寫(xiě)黑名單插件

通過(guò)寫(xiě)死一個(gè)標(biāo)記520、1314標(biāo)識(shí)參數(shù)的用戶(hù)拋出異常

import com.alibaba.jvm.sandbox.api.Information;
import com.alibaba.jvm.sandbox.api.LoadCompleted;
import com.alibaba.jvm.sandbox.api.Module;
import com.alibaba.jvm.sandbox.api.ProcessController;
import com.alibaba.jvm.sandbox.api.listener.ext.Advice;
import com.alibaba.jvm.sandbox.api.listener.ext.AdviceListener;
import com.alibaba.jvm.sandbox.api.listener.ext.EventWatchBuilder;
import com.alibaba.jvm.sandbox.api.resource.ModuleEventWatcher;
import com.google.common.collect.Sets;
import org.kohsuke.MetaInfServices;

import javax.annotation.Resource;
import java.util.Set;

/**
 * 用戶(hù)黑名單
 *
 * @author liukaixiong
 * @Email liukx@elab-plus.com
 * @date 2021/11/5 - 13:35
 */
@MetaInfServices(Module.class)
@Information(id = "debug-user-black-demo", version = "0.0.1", author = "liukaixiong")
public class BlackListModule implements Module, LoadCompleted {
    
    @Resource
    private ModuleEventWatcher moduleEventWatcher;

    /**
     * 黑名單用戶(hù),正常來(lái)說(shuō)是從數(shù)據(jù)庫(kù)讀取,這么先模擬
     */
    private Set<String> userBlackList = Sets.newHashSet("520", "1314");

    @Override
    public void loadCompleted() {
        
        new EventWatchBuilder(moduleEventWatcher)
                .onClass("com.sandbox.demo.example.User") // 攔截User類(lèi)
                .includeBootstrap()
                .onBehavior("getUser") // 并觀(guān)察getUser方法
                .onWatch(new AdviceListener() {
                    /**
                     * 調(diào)用方法之前,我需要判斷參數(shù)
                     * @param advice 通知信息
                     * @throws Throwable
                     */
                    @Override
                    protected void before(Advice advice) throws Throwable {

                        if (advice.getParameterArray().length == 0) {
                            System.out.println("沒(méi)有參數(shù),不處理!");
                            return;
                        }

                        Object userId = advice.getParameterArray()[0];
                        System.out.println("進(jìn)入判斷用戶(hù)流程");
                        if (userId != null && userBlackList.contains(userId.toString())) {
                            ProcessController.throwsImmediately(new UserTokenException("用戶(hù)鑒定沒(méi)有權(quán)限!"));
                        }
                    }
                });
    }

    class UserTokenException extends Exception {

        public UserTokenException(String message) {
            super(message);
        }
    }
}

插件已經(jīng)編寫(xiě)完畢了,這個(gè)時(shí)候我們將插件和案例結(jié)合運(yùn)行。

另外再提一句:

通過(guò)@Comand("")命令代表的是以插件的形式加載比如通過(guò)命令行指定參數(shù)開(kāi)啟,而通過(guò)*LoadCompleted*則是沙箱啟動(dòng)的時(shí)候,默認(rèn)就會(huì)啟動(dòng)。

啟動(dòng)并且訪(fǎng)問(wèn)接口

啟動(dòng)

先上傳插件模塊到沙箱的sandbox-module目錄下,隨著sandbox沙箱的啟動(dòng),會(huì)自動(dòng)加載這個(gè)目錄下的所有包。

源碼放在下篇重點(diǎn)說(shuō)說(shuō)。

然后啟動(dòng)客戶(hù)端demo服務(wù)

java -javaagent:/elab/tools/sandbox/lib/sandbox-agent.jar -Djavax.net.debug=ssl -Xdebug  -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5050 -jar z-demo-1.3.3.jar

參數(shù)稍微解釋下:

# 1. 這里是遠(yuǎn)程調(diào)試參數(shù),開(kāi)啟一個(gè)5050端口,可以在IDEA中源碼調(diào)試
-Djavax.net.debug=ssl -Xdebug  -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5050
# 這里是代理的agent參數(shù)
-javaagent:/elab/tools/sandbox/lib/sandbox-agent.jar
# SpringBoot的啟動(dòng)方式。
java -jar z-demo-1.3.3.jar

需要注意的是-javaagent參數(shù)不需要加-D,之前也是這里卡了一會(huì)。

如何看代理是否成功?

# 查看java進(jìn)程的pid,比如7695
jps -l
# 查看端口進(jìn)程
netstat -ntpl

# 查看7695是否是有兩個(gè)進(jìn)程,一個(gè)是agent的,一個(gè)是應(yīng)用端口的

訪(fǎng)問(wèn)遠(yuǎn)程

通過(guò)訪(fǎng)問(wèn)

http://xxxx:5505/user?body=520

查看后臺(tái)日志是否出現(xiàn)異常:

com.alibaba.jvm.sandbox.module.debug.BlackListModule$UserTokenException: 用戶(hù)鑒定沒(méi)有權(quán)限!
    at com.alibaba.jvm.sandbox.module.debug.BlackListModule$1.before(BlackListModule.java:59) ~[na:na]
    at com.alibaba.jvm.sandbox.api.listener.ext.AdviceAdapterListener.switchEvent(AdviceAdapterListener.java:99) ~[na:na]
    at com.alibaba.jvm.sandbox.api.listener.ext.AdviceAdapterListener.onEvent(AdviceAdapterListener.java:39) ~[na:na]
    at com.alibaba.jvm.sandbox.core.enhance.weaver.EventListenerHandler.handleEvent(EventListenerHandler.java:117) ~[na:na]
    at com.alibaba.jvm.sandbox.core.enhance.weaver.EventListenerHandler.handleOnBefore(EventListenerHandler.java:353) ~[na:na]
    at java.com.alibaba.jvm.sandbox.spy.Spy.spyMethodOnBefore(Spy.java:164) ~[na:na]
    at com.sandbox.demo.example.User.getUser(User.java) ~[classes!/:na]
    at com.sandbox.demo.controller.DemoController.user(DemoController.java:43) ~[classes!/:na]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_302]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_302]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_302]
    at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_302]
    at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190) ~[spring-web-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138) ~[spring-web-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:105) ~[spring-webmvc-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:878) ~[spring-webmvc-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:792) ~[spring-webmvc-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) ~[spring-webmvc-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040) ~[spring-webmvc-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943) ~[spring-webmvc-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) ~[spring-webmvc-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898) ~[spring-webmvc-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:626) ~[tomcat-embed-core-9.0.39.jar!/:4.0.FR]
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) ~[spring-webmvc-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:733) ~[tomcat-embed-core-9.0.39.jar!/:4.0.FR]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) ~[tomcat-embed-core-9.0.39.jar!/:9.0.39]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.39.jar!/:9.0.39]
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) ~[tomcat-embed-websocket-9.0.39.jar!/:9.0.39]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.39.jar!/:9.0.39]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.39.jar!/:9.0.39]
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.39.jar!/:9.0.39]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.39.jar!/:9.0.39]
    at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.39.jar!/:9.0.39]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.39.jar!/:9.0.39]
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.10.RELEASE.jar!/:5.2.10.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.39.jar!/:9.0.39]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.39.jar!/:9.0.39]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) ~[tomcat-embed-core-9.0.39.jar!/:9.0.39]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) [tomcat-embed-core-9.0.39.jar!/:9.0.39]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542) [tomcat-embed-core-9.0.39.jar!/:9.0.39]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143) [tomcat-embed-core-9.0.39.jar!/:9.0.39]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [tomcat-embed-core-9.0.39.jar!/:9.0.39]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) [tomcat-embed-core-9.0.39.jar!/:9.0.39]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat-embed-core-9.0.39.jar!/:9.0.39]
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374) [tomcat-embed-core-9.0.39.jar!/:9.0.39]
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) [tomcat-embed-core-9.0.39.jar!/:9.0.39]
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) [tomcat-embed-core-9.0.39.jar!/:9.0.39]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590) [tomcat-embed-core-9.0.39.jar!/:9.0.39]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.39.jar!/:9.0.39]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_302]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_302]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.39.jar!/:9.0.39]
    at java.lang.Thread.run(Thread.java:748) [na:1.8.0_302]

換成其他的參數(shù),又可以正常訪(fǎng)問(wèn),說(shuō)明代理成功了。

插件已經(jīng)生效了!

至此,我們可以思考一些更有價(jià)值的騷操作啦~

容我好好想想,然后再出一些更高級(jí)的demo。

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀(guān)點(diǎn),簡(jiǎn)書(shū)系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

  • 一、前言 在開(kāi)始之前,我們先來(lái)模擬一下以下的場(chǎng)景: 小李:“小明,你的接口沒(méi)有返回?cái)?shù)據(jù),麻煩幫忙看一下?” 小明:...
    自渡獨(dú)自閱讀 895評(píng)論 0 0
  • Selenium是一款強(qiáng)大的基于瀏覽器的開(kāi)源自動(dòng)化測(cè)試工具,最初由 Jason Huggins 于 2004 年在...
    FifiZhuang閱讀 7,884評(píng)論 5 71
  • 用戶(hù)認(rèn)證 1. cookie&session cookie:因?yàn)閔ttp請(qǐng)求是無(wú)狀態(tài)的,第一次和服務(wù)器連接后并且登...
    DayBreakL閱讀 627評(píng)論 0 3
  • 16宿命:用概率思維提高你的勝算 以前的我是風(fēng)險(xiǎn)厭惡者,不喜歡去冒險(xiǎn),但是人生放棄了冒險(xiǎn),也就放棄了無(wú)數(shù)的可能。 ...
    yichen大刀閱讀 8,175評(píng)論 0 4
  • 公元:2019年11月28日19時(shí)42分農(nóng)歷:二零一九年 十一月 初三日 戌時(shí)干支:己亥乙亥己巳甲戌當(dāng)月節(jié)氣:立冬...
    石放閱讀 7,526評(píng)論 0 2

友情鏈接更多精彩內(nèi)容