3.安装sdk
您可以通过Maven方式获取和安装SDK,首先需要在您的操作系统中下载并安装Maven ,安装完成后您只需要在Java项目的pom.xml文件中加入相应的依赖项即可。
使用服务端SDK前,您需要安装“huaweicloud-sdk-cfw”,具体的SDK版本号请参见 SDK开发中心 。
Copied!
<dependency>
<groupId>com.huaweicloud.sdk</groupId>
<artifactId>huaweicloud-sdk-cfw</artifactId>
<version>3.1.14</version>
</dependency>
4.开始使用
4.1 导入依赖模块
Copied!
import com.huaweicloud.sdk.cfw.v1.CfwClient;
import com.huaweicloud.sdk.cfw.v1.model.ListEipResourcesRequest;
import com.huaweicloud.sdk.cfw.v1.model.ListEipResourcesResponse;
import com.huaweicloud.sdk.cfw.v1.model.EipResource;
import com.huaweicloud.sdk.cfw.v1.model.AddBlackWhiteListUsingPostRequest;
import com.huaweicloud.sdk.cfw.v1.model.AddBlackWhiteListUsingPostResponse;
import com.huaweicloud.sdk.cfw.v1.model.AddBlackWhiteListDto;
import com.huaweicloud.sdk.cfw.v1.model.ListBlackWhiteListsUsingGetRequest;
import com.huaweicloud.sdk.cfw.v1.model.ListBlackWhiteListsUsingGetResponse;
import com.huaweicloud.sdk.cfw.v1.model.ListAccessControlLogsRequest;
import com.huaweicloud.sdk.cfw.v1.model.ListAccessControlLogsResponse;
import com.huaweicloud.sdk.cfw.v1.model.UpdateBlackWhiteListUsingPutRequest;
import com.huaweicloud.sdk.cfw.v1.model.UpdateBlackWhiteListDto;
import com.huaweicloud.sdk.cfw.v1.model.UpdateBlackWhiteListUsingPutResponse;
import com.huaweicloud.sdk.cfw.v1.model.DeleteBlackWhiteListUsingDeleteRequest;
import com.huaweicloud.sdk.cfw.v1.model.DeleteBlackWhiteListUsingDeleteResponse;
import com.huaweicloud.sdk.cfw.v1.region.CfwRegion;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
4.2 初始化认证信息
Copied!
String ak = System.getenv("HUAWEICLOUD_SDK_AK");
String sk = System.getenv("HUAWEICLOUD_SDK_SK");
BasicCredentials auth = new BasicCredentials().withAk(ak).withSk(sk);
4.3 初始化防火墙客户端
Copied!
CfwClient client = CfwClient.newBuilder().withCredential(auth).withRegion(KafkaRegion.valueOf("<REGION ID>")).build();
4.4 创建黑白名单并使用
此节4.4.1-4.4.6示范了在console界面上如何操作,4.4.7示范了代码如何实现上述操作。
4.4.1 通过查询防护eip列表查询到一条防护eip的地址
4.4.2 添加一条将防护eip设置为目的地址、协议为TCP、端口为0-65535、地址类型为ipv4的黑白名单,并获取黑名单id
4.4.3 通过查询黑名单列表获取黑名单id
4.4.4 查询访问控制日志,获得阻断的访问控制日志
4.4.5 更新黑白名单为一个非防护eip的值,其余不变
4.4.6 删除黑白名单
4.4.7 示例代码
Copied!
public static void main(String[] args) {
String ak = System.getenv("HUAWEICLOUD_SDK_AK");
String sk = System.getenv("HUAWEICLOUD_SDK_SK");
BasicCredentials auth = new BasicCredentials().withAk(ak).withSk(sk);
CfwClient client = CfwClient.newBuilder().withCredential(auth).withRegion(CfwRegion.valueOf("<REGION ID>")).build();
try {
String publicEIp = queryEip(client);
String blackWhiteListId = addBlackWhiteList(client, publicEIp);
queryBlackWhiteList(client);
queryAccessControlLong(client, publicEIp);
updateBlackWhiteList(client, blackWhiteListId);
deleteBlackWhiteList(client, blackWhiteListId);
} catch (ConnectionException e) {
System.out.println(e.getMessage());
} catch (RequestTimeoutException e) {
System.out.println(e.getMessage());
} catch (ServiceResponseException e) {
System.out.println(e.getHttpStatusCode());
System.out.println(e.getErrorCode());
System.out.println(e.getErrorMsg());
}
}
private static void deleteBlackWhiteList(CfwClient client, String blackWhiteListId) {
DeleteBlackWhiteListUsingDeleteRequest deleteBlackWhiteListUsingDeleteRequest
= new DeleteBlackWhiteListUsingDeleteRequest();
deleteBlackWhiteListUsingDeleteRequest.setListId(blackWhiteListId);
DeleteBlackWhiteListUsingDeleteResponse deleteBlackWhiteListUsingDeleteResponse
= client.deleteBlackWhiteListUsingDelete(deleteBlackWhiteListUsingDeleteRequest);
System.out.println(deleteBlackWhiteListUsingDeleteResponse.toString());
}
private static void updateBlackWhiteList(CfwClient client,String blackWhiteListId) {
UpdateBlackWhiteListUsingPutRequest updateBlackWhiteListUsingPutRequest = new UpdateBlackWhiteListUsingPutRequest();
updateBlackWhiteListUsingPutRequest.setListId(blackWhiteListId);
UpdateBlackWhiteListDto updateBlackWhiteListDto = new UpdateBlackWhiteListDto();
updateBlackWhiteListDto.setAddress("1.1.1.1");
updateBlackWhiteListDto.setAddressType(0);
updateBlackWhiteListDto.setDirection(1);
updateBlackWhiteListDto.setPort("0-65535");
updateBlackWhiteListDto.setProtocol(6);
updateBlackWhiteListDto.setListType(UpdateBlackWhiteListDto.ListTypeEnum.NUMBER_4);
updateBlackWhiteListDto.setObjectId("<YOUR ObjectId>");
updateBlackWhiteListUsingPutRequest.setBody(updateBlackWhiteListDto);
UpdateBlackWhiteListUsingPutResponse updateBlackWhiteListUsingPutResponse = client.updateBlackWhiteListUsingPut(updateBlackWhiteListUsingPutRequest);
System.out.println(updateBlackWhiteListUsingPutResponse.toString());
}
private static void queryAccessControlLong(CfwClient client,String publicEIp) {
ListAccessControlLogsRequest listAccessControlLogsRequest = new ListAccessControlLogsRequest();
listAccessControlLogsRequest.setDstIp(publicEIp);
listAccessControlLogsRequest.setFwInstanceId("<YOUR FirewallInstanceId>");
listAccessControlLogsRequest.setStartTime(1670427589817L);
listAccessControlLogsRequest.setEndTime(1670431189817L);
listAccessControlLogsRequest.setLimit(10);
ListAccessControlLogsResponse listAccessControlLogsResponse = client.listAccessControlLogs(listAccessControlLogsRequest);
System.out.println(listAccessControlLogsResponse.toString());
}
private static String queryBlackWhiteList(CfwClient client) {
ListBlackWhiteListsUsingGetRequest listBlackWhiteListsUsingGetRequest = new ListBlackWhiteListsUsingGetRequest();
listBlackWhiteListsUsingGetRequest.setObjectId("<YOUR ObjectId>");
listBlackWhiteListsUsingGetRequest.setListType(ListBlackWhiteListsUsingGetRequest.ListTypeEnum.NUMBER_4);
listBlackWhiteListsUsingGetRequest.setOffset(0);
listBlackWhiteListsUsingGetRequest.setLimit(10);
ListBlackWhiteListsUsingGetResponse listBlackWhiteListsUsingGetResponse = client.listBlackWhiteListsUsingGet(listBlackWhiteListsUsingGetRequest);
String listId = listBlackWhiteListsUsingGetResponse.getData().getRecords().get(0).getListId();
System.out.println(listId);
return listId;
}
private static String addBlackWhiteList(CfwClient client,String publicEIp) {
AddBlackWhiteListUsingPostRequest addBlackWhiteListUsingPostRequest = new AddBlackWhiteListUsingPostRequest();
AddBlackWhiteListDto addBlackWhiteListDto = new AddBlackWhiteListDto();
addBlackWhiteListDto.setListType(4);
addBlackWhiteListDto.setObjectId("<YOUR ObjectId>");
addBlackWhiteListDto.setDirection(1);
addBlackWhiteListDto.setAddress(publicEIp);
addBlackWhiteListDto.setProtocol(6);
addBlackWhiteListDto.setPort("0-65535");
addBlackWhiteListDto.setAddressType(0);
addBlackWhiteListUsingPostRequest.setBody(addBlackWhiteListDto);
AddBlackWhiteListUsingPostResponse addBlackWhiteListUsingPostResponse = client.addBlackWhiteListUsingPost(addBlackWhiteListUsingPostRequest);
String blackWhiteListId = addBlackWhiteListUsingPostResponse.getData().getId();
System.out.println(blackWhiteListId);
return blackWhiteListId;
}
private static String queryEip(CfwClient client) {
ListEipResourcesRequest listEipResourcesRequest = new ListEipResourcesRequest();
listEipResourcesRequest.setObjectId("<YOUR ObjectId>");
listEipResourcesRequest.setLimit(10);
listEipResourcesRequest.setOffset(0);
listEipResourcesRequest.setSync(ListEipResourcesRequest.SyncEnum.NUMBER_1);
ListEipResourcesResponse listEipResourcesResponse = client.listEipResources(listEipResourcesRequest);
EipResource eipResource = listEipResourcesResponse.getData().getRecords().get(0);
String publicEIp = eipResource.getPublicIp();
System.out.println(publicEIp);
return publicEIp;
}
5.FAQ
5.1 ObjectId是什么,如何获取
ObjectId是创建云防火墙后用于区分互联网边界防护和VPC边界防护的标志id,可通过调用API Explorer 查询防火墙实例 获取防护对象id(ObjectId),注意type为0的为互联网边界防护,type为1的为VPC边界防护。
5.2 FirewallInstanceId是什么,如何获取
FirewallInstanceId是创建云防火墙后用于标志防火墙由系统自动生成的标志id,可通过调用API Explorer 查询防火墙实例 获取防火墙id(FirewallInstanceId)
0.版本说明
本示例基于华为云SDK V3.0版本开发。
1.简介
华为云提供了CFW服务端SDK,您可以直接集成服务端SDK来调用CFW的相关API,从而实现对CFW的快速操作。 该示例展示如何通过CFW服务对已防护的eip采用黑白名单的方式进行防护,并通过增删改查的方式操作黑白名单,同时查询因此生成的访问控制日志。
2.开发前准备
3.安装sdk
您可以通过Maven方式获取和安装SDK,首先需要在您的操作系统中下载并安装Maven ,安装完成后您只需要在Java项目的pom.xml文件中加入相应的依赖项即可。
使用服务端SDK前,您需要安装“huaweicloud-sdk-cfw”,具体的SDK版本号请参见 SDK开发中心 。
<dependency> <groupId>com.huaweicloud.sdk</groupId> <artifactId>huaweicloud-sdk-cfw</artifactId> <version>3.1.14</version> </dependency>4.开始使用
4.1 导入依赖模块
import com.huaweicloud.sdk.cfw.v1.CfwClient; import com.huaweicloud.sdk.cfw.v1.model.ListEipResourcesRequest; import com.huaweicloud.sdk.cfw.v1.model.ListEipResourcesResponse; import com.huaweicloud.sdk.cfw.v1.model.EipResource; import com.huaweicloud.sdk.cfw.v1.model.AddBlackWhiteListUsingPostRequest; import com.huaweicloud.sdk.cfw.v1.model.AddBlackWhiteListUsingPostResponse; import com.huaweicloud.sdk.cfw.v1.model.AddBlackWhiteListDto; import com.huaweicloud.sdk.cfw.v1.model.ListBlackWhiteListsUsingGetRequest; import com.huaweicloud.sdk.cfw.v1.model.ListBlackWhiteListsUsingGetResponse; import com.huaweicloud.sdk.cfw.v1.model.ListAccessControlLogsRequest; import com.huaweicloud.sdk.cfw.v1.model.ListAccessControlLogsResponse; import com.huaweicloud.sdk.cfw.v1.model.UpdateBlackWhiteListUsingPutRequest; import com.huaweicloud.sdk.cfw.v1.model.UpdateBlackWhiteListDto; import com.huaweicloud.sdk.cfw.v1.model.UpdateBlackWhiteListUsingPutResponse; import com.huaweicloud.sdk.cfw.v1.model.DeleteBlackWhiteListUsingDeleteRequest; import com.huaweicloud.sdk.cfw.v1.model.DeleteBlackWhiteListUsingDeleteResponse; import com.huaweicloud.sdk.cfw.v1.region.CfwRegion; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException;4.2 初始化认证信息
// 认证用的ak和sk直接写到代码中有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全; // 本示例以ak和sk保存在环境变量中来实现身份验证为例,运行本示例前请先在本地环境中设置环境变量HUAWEICLOUD_SDK_AK和HUAWEICLOUD_SDK_SK。 String ak = System.getenv("HUAWEICLOUD_SDK_AK"); String sk = System.getenv("HUAWEICLOUD_SDK_SK"); BasicCredentials auth = new BasicCredentials().withAk(ak).withSk(sk);4.3 初始化防火墙客户端
CfwClient client = CfwClient.newBuilder().withCredential(auth).withRegion(KafkaRegion.valueOf("<REGION ID>")).build();4.4 创建黑白名单并使用
此节4.4.1-4.4.6示范了在console界面上如何操作,4.4.7示范了代码如何实现上述操作。
4.4.1 通过查询防护eip列表查询到一条防护eip的地址
4.4.2 添加一条将防护eip设置为目的地址、协议为TCP、端口为0-65535、地址类型为ipv4的黑白名单,并获取黑名单id
4.4.3 通过查询黑名单列表获取黑名单id
4.4.4 查询访问控制日志,获得阻断的访问控制日志
4.4.5 更新黑白名单为一个非防护eip的值,其余不变
4.4.6 删除黑白名单
4.4.7 示例代码
public static void main(String[] args) { // 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全; // 本示例以ak和sk保存在环境变量中来实现身份认证为例,运行示例前请先在本地环境中设置环境变量HUAWEICLOUD_SDK_AK和HUAWEICLOUD_SDK_SK。 String ak = System.getenv("HUAWEICLOUD_SDK_AK"); String sk = System.getenv("HUAWEICLOUD_SDK_SK"); BasicCredentials auth = new BasicCredentials().withAk(ak).withSk(sk); CfwClient client = CfwClient.newBuilder().withCredential(auth).withRegion(CfwRegion.valueOf("<REGION ID>")).build(); try { /* 4.4.1 通过查询防护eip列表查询到一条防护eip的地址 */ String publicEIp = queryEip(client); /* 4.4.2 添加一条将防护eip设置为目的地址、协议为TCP、端口为0-65535、地址类型为ipv4的黑白名单,并获取黑名单id */ String blackWhiteListId = addBlackWhiteList(client, publicEIp); /* 4.4.3 通过查询黑名单列表获取黑名单id */ queryBlackWhiteList(client); /* 4.4.4 查询访问控制日志,获得阻断的访问控制日志 */ queryAccessControlLong(client, publicEIp); /* 4.4.5 更新黑白名单为一个非防护eip的值,其余不变 */ updateBlackWhiteList(client, blackWhiteListId); /* 4.4.6 删除黑白名单 */ deleteBlackWhiteList(client, blackWhiteListId); } catch (ConnectionException e) { System.out.println(e.getMessage()); } catch (RequestTimeoutException e) { System.out.println(e.getMessage()); } catch (ServiceResponseException e) { System.out.println(e.getHttpStatusCode()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } private static void deleteBlackWhiteList(CfwClient client, String blackWhiteListId) { DeleteBlackWhiteListUsingDeleteRequest deleteBlackWhiteListUsingDeleteRequest = new DeleteBlackWhiteListUsingDeleteRequest(); deleteBlackWhiteListUsingDeleteRequest.setListId(blackWhiteListId); DeleteBlackWhiteListUsingDeleteResponse deleteBlackWhiteListUsingDeleteResponse = client.deleteBlackWhiteListUsingDelete(deleteBlackWhiteListUsingDeleteRequest); System.out.println(deleteBlackWhiteListUsingDeleteResponse.toString()); } private static void updateBlackWhiteList(CfwClient client,String blackWhiteListId) { UpdateBlackWhiteListUsingPutRequest updateBlackWhiteListUsingPutRequest = new UpdateBlackWhiteListUsingPutRequest(); updateBlackWhiteListUsingPutRequest.setListId(blackWhiteListId); UpdateBlackWhiteListDto updateBlackWhiteListDto = new UpdateBlackWhiteListDto(); updateBlackWhiteListDto.setAddress("1.1.1.1"); updateBlackWhiteListDto.setAddressType(0); updateBlackWhiteListDto.setDirection(1); updateBlackWhiteListDto.setPort("0-65535"); updateBlackWhiteListDto.setProtocol(6); updateBlackWhiteListDto.setListType(UpdateBlackWhiteListDto.ListTypeEnum.NUMBER_4); updateBlackWhiteListDto.setObjectId("<YOUR ObjectId>"); updateBlackWhiteListUsingPutRequest.setBody(updateBlackWhiteListDto); UpdateBlackWhiteListUsingPutResponse updateBlackWhiteListUsingPutResponse = client.updateBlackWhiteListUsingPut(updateBlackWhiteListUsingPutRequest); System.out.println(updateBlackWhiteListUsingPutResponse.toString()); } private static void queryAccessControlLong(CfwClient client,String publicEIp) { ListAccessControlLogsRequest listAccessControlLogsRequest = new ListAccessControlLogsRequest(); listAccessControlLogsRequest.setDstIp(publicEIp); listAccessControlLogsRequest.setFwInstanceId("<YOUR FirewallInstanceId>"); listAccessControlLogsRequest.setStartTime(1670427589817L); listAccessControlLogsRequest.setEndTime(1670431189817L); listAccessControlLogsRequest.setLimit(10); ListAccessControlLogsResponse listAccessControlLogsResponse = client.listAccessControlLogs(listAccessControlLogsRequest); System.out.println(listAccessControlLogsResponse.toString()); } private static String queryBlackWhiteList(CfwClient client) { ListBlackWhiteListsUsingGetRequest listBlackWhiteListsUsingGetRequest = new ListBlackWhiteListsUsingGetRequest(); listBlackWhiteListsUsingGetRequest.setObjectId("<YOUR ObjectId>"); listBlackWhiteListsUsingGetRequest.setListType(ListBlackWhiteListsUsingGetRequest.ListTypeEnum.NUMBER_4); listBlackWhiteListsUsingGetRequest.setOffset(0); listBlackWhiteListsUsingGetRequest.setLimit(10); ListBlackWhiteListsUsingGetResponse listBlackWhiteListsUsingGetResponse = client.listBlackWhiteListsUsingGet(listBlackWhiteListsUsingGetRequest); String listId = listBlackWhiteListsUsingGetResponse.getData().getRecords().get(0).getListId(); System.out.println(listId); return listId; } private static String addBlackWhiteList(CfwClient client,String publicEIp) { AddBlackWhiteListUsingPostRequest addBlackWhiteListUsingPostRequest = new AddBlackWhiteListUsingPostRequest(); AddBlackWhiteListDto addBlackWhiteListDto = new AddBlackWhiteListDto(); addBlackWhiteListDto.setListType(4); addBlackWhiteListDto.setObjectId("<YOUR ObjectId>"); addBlackWhiteListDto.setDirection(1); addBlackWhiteListDto.setAddress(publicEIp); addBlackWhiteListDto.setProtocol(6); addBlackWhiteListDto.setPort("0-65535"); addBlackWhiteListDto.setAddressType(0); addBlackWhiteListUsingPostRequest.setBody(addBlackWhiteListDto); AddBlackWhiteListUsingPostResponse addBlackWhiteListUsingPostResponse = client.addBlackWhiteListUsingPost(addBlackWhiteListUsingPostRequest); String blackWhiteListId = addBlackWhiteListUsingPostResponse.getData().getId(); System.out.println(blackWhiteListId); return blackWhiteListId; } private static String queryEip(CfwClient client) { ListEipResourcesRequest listEipResourcesRequest = new ListEipResourcesRequest(); listEipResourcesRequest.setObjectId("<YOUR ObjectId>"); listEipResourcesRequest.setLimit(10); listEipResourcesRequest.setOffset(0); listEipResourcesRequest.setSync(ListEipResourcesRequest.SyncEnum.NUMBER_1); ListEipResourcesResponse listEipResourcesResponse = client.listEipResources(listEipResourcesRequest); EipResource eipResource = listEipResourcesResponse.getData().getRecords().get(0); String publicEIp = eipResource.getPublicIp(); System.out.println(publicEIp); return publicEIp; }5.FAQ
5.1 ObjectId是什么,如何获取
ObjectId是创建云防火墙后用于区分互联网边界防护和VPC边界防护的标志id,可通过调用API Explorer 查询防火墙实例 获取防护对象id(ObjectId),注意type为0的为互联网边界防护,type为1的为VPC边界防护。
5.2 FirewallInstanceId是什么,如何获取
FirewallInstanceId是创建云防火墙后用于标志防火墙由系统自动生成的标志id,可通过调用API Explorer 查询防火墙实例 获取防火墙id(FirewallInstanceId)
6.参考
更多信息请参考API Explorer
7.修订记录