预防Dos攻击

Dos----拒绝服务攻击，一般是构造特殊的输入，使得后台的处理耗时远超正常水平，随着请求越来越多，后台服务越发疲于奔命，最后因资源耗尽，无法再接受新的请求，最终造成拒绝服务的效果。

特殊输入例如：
分页查询时传一个很大的pageSize；
入参是一个很大的集合。

对于前者，做一个公共函数检查pageSize的大小，确定合理的范围即可。
对于后者，往往是在post请求里，可以做一个filter来处理所有的incoming request。参考了一些资料，样例代码如下：

@Component
public class BodySizeLimitFilter implements Filter {private static final List<String> METHODS_WITH_BODY = Collections.unmodifiableList(Arrays.asList("POST", "PUT", "OPTIONS", "DELETE", "PATCH"));private static final String CONTENT_LENGTH_HEADER = "Content-Length";private static final int TOO_LARGE_STATUS = 413;@Value("${reqbody.maxsize:4096}")private long contentLengthLimit;@Overridepublic void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)throws IOException, ServletException {HttpServletRequest httpServletRequest = (HttpServletRequest) request;HttpServletResponse httpResponse = (HttpServletResponse) response;if (!METHODS_WITH_BODY.contains(httpServletRequest.getMethod())) {chain.doFilter(httpServletRequest, httpResponse);return;}long contentSize = getContentLength(httpServletRequest);if (contentSize > contentLengthLimit) {resetRespAndSetStatus(httpResponse, TOO_LARGE_STATUS);} else {chain.doFilter(request, response);}}private void resetRespAndSetStatus(HttpServletResponse response, int status) {response.reset();response.setStatus(status);}private long getContentLength(HttpServletRequest httpRequest) {String contentLength = httpRequest.getHeader(CONTENT_LENGTH_HEADER);return safeToLong(contentLength, 0);}
}