我想让Facebook抓取我的网站,但它需要用户身份验证。 Facebook表示解决这个问题的一种方法是将他们的ips列入白名单。我正在使用Apache Shiro,我知道你可以通过从BasicHttpAuthenticationFilter调用getHost来获取客户端的ip,但是我不知道如何让某些ip地址通过身份验证。
答案 0 :(得分:1)
您可能需要构建Shrio的自定义实现
POPSpringAnimation *anim = [POPSpringAnimation animationWithPropertyNamed:kPOPLayerBounds];
CGRect startRect = signupButton.layer.bounds;
startRect.size.width = 0.0;
anim.fromValue = [NSValue valueWithCGRect:startRect];
anim.toValue = [NSValue valueWithCGRect:signupButton.layer.bounds];
[anim setValue:@"progressBar" forKey:@"animName"];
anim.delegate = self;
//anchor on the center left
CGPoint center = signupButton.layer.position;
signupButton.layer.anchorPoint = CGPointMake(0, 0.5);
signupButton.layer.position = CGPointMake(center.x - signupButton.layer.bounds.size.width * 0.5, center.y);
[signupButton.layer pop_addAnimation:anim forKey:@"signupButton"];
最低限度地,你将不得不通过扩展它并添加逻辑跳过BasicHttpAuthenticationFilter如果请求被从白名单的IP地址来定制BasicHttpAuthenticationFilter。
org.apache.shiro.web.filter.authc.AuthenticatingFilter
在你的'shiro.ini'中
package com.acme.web.filter.authc;
import java.io.IOException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
public class WhitelistedBasicHttpAuthenticationFilter extends BasicHttpAuthenticationFilter {
private Set<String> whitelist = Collections.emptySet();
public void setWhitelist(String list) {
whitelist = new HashSet<String>();
Collections.addAll(whitelist, list.split(",")); //make sure there are no spaces in the string!!!!
}
@Override
protected boolean isEnabled (ServletRequest request, ServletResponse response) throws ServletException, IOException
{
if (whitelist.contains(request.getRemoteAddr())) {
return false;
}
return super.isEnabled(request, response);
}
}