本文主要用于记录在SpringBoot中过滤器的使用,以及使用过滤器进行防盗链。
一、使用过滤器强制用户登录后进入主页面。
/**
* 登录过滤器
*
* @author LIUTAO
* @version 2017/5/3
* @see
* @since
*/
@WebFilter(filterName="loginFilter",urlPatterns="/admin/*")
public class LoginFilter implements Filter {
private Logger logger = LoggerFactory.getLogger(LoginFilter.class);
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
logger.debug("enter login filter");
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpSession session = request.getSession();
String path = request.getRequestURI();
AdmAccount user = (AdmAccount) session.getAttribute("admAccount");
//防止未登录用户从其他路径进入
if ("/admin/login".equals(path)) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
if (user == null) {
logger.debug("enter error");
response.sendRedirect("/admin/login");
} else {
logger.debug("enter success");
filterChain.doFilter(request, response);
}
}
@Override
public void destroy() {
}
}
@EnableFeignClients(basePackages={"com.hongtu.supplychain.main"})
@EnableDiscoveryClient
@SpringBootApplication
@ServletComponentScan(basePackages = {"com.hongtu.supplychain"})
@ComponentScan(basePackages={"com.hongtu.supplychain.main"})
public class MainApplication {
public static void main(String[] args) {
SpringApplication.run(MainApplication.class, args);
}
}
注意:(1)在SpringBoot中使用过滤器需要在过滤器类上加@WebFilte注解,里面的参数filterName和urlPatterns分别是过滤器名称和需要过滤的地址。
(2)需要在程序启动类上添加@ServletComponentScan注解。
二、使用过滤器实现防盗链
package com.hongtu.supplychain.finance.filter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* 防盗链过滤器
*
* @author LIUTAO
* @version 2017/5/3
* @see
* @since
*/
@WebFilter(filterName="loginFilter",urlPatterns="/*")
public class LoginFilter implements Filter {
private Logger logger = LoggerFactory.getLogger(LoginFilter.class);
@Autowired
private Environment env;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
//防盗链
String mainReferer = env.getProperty("main.referer.url");
String purAndTraReferer = env.getProperty("purAndTra.referer.url");
String breakupOrderReferer = env.getProperty("breakupOrder.referer.url");
String batchModifyReferer = env.getProperty("batchModify.referer.url");
String referer = request.getHeader("referer");
if (referer.startsWith(mainReferer)||referer.startsWith(purAndTraReferer)||referer.startsWith(breakupOrderReferer)||referer.startsWith(batchModifyReferer)) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}else{
response.sendRedirect("/hongtu/v1/error");
}
}
@Override
public void destroy() {
}
}
注意:针对防盗链,需要获取到请求头的refer,然后将refer和放行的链接地址进行比对。