最近研究了下Spring的HandlerInterceptor和Java的Filter,因为经常搞混它们两个,今天整理个笔记记录一下。
HandlerInterceptor 是Spring里面的拦截器
Filter是Java里面的过滤器
共同点 还是贴下Java里面的注释吧,解释还是很到位的:
*
A HandlerInterceptor gets called before the appropriate HandlerAdapter
* triggers the execution of the handler itself. This mechanism can be used
* for a large field of preprocessing aspects, e.g. for authorization checks,
* or common handler behavior like locale or theme changes. Its main purpose
is to allow for factoring out repetitive handler code.
HandlerInterceptor is basically similar to a Servlet 2.3 Filter, but in
- contrast to the latter it just allows custom pre-processing with the option
- of prohibiting the execution of the handler itself, and custom post-processing.
- Filters are more powerful, for example they allow for exchanging the request
- and response objects that are handed down the chain. Note that a filter
- gets configured in web.xml, a HandlerInterceptor in the application context.
* As a basic guideline, fine-grained handler-related preprocessing tasks are
- candidates for HandlerInterceptor implementations, especially factored-out
- common handler code and authorization checks. On the other hand, a Filter
- is well-suited for request content and view content handling, like multipart
- forms and GZIP compression. This typically shows when one needs to map the
filter to certain content types (e.g. images), or to all requests.
HandlerInteceptor一般用于权限验证,以及一些处理风格本地化等公共代码。
Filter一般用于修改请求内容和界面的解析处理相关。
1.HandlerInterceptor
package com.vip.colfile.admin.interceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
public class LoginInterceptor implements HandlerInterceptor {
private Logger logger = LoggerFactory.getLogger(LoginInterceptor.class);
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
logger.info("inter interceptor");
Object sessionObj = request.getSession().getAttribute("s_account_name");
// 如果Session为空,则跳转到指定页面
if (sessionObj == null) {
response.sendRedirect("/login");
return false;
} else {
logger.debug("the user was not logged in...");
}
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
logger.info("postHandle");
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
logger.info("afterCompletion");
}
}
2.mvc-servlet.xml中配置
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**"/>
<mvc:exclude-mapping path="/osp/upload"/>
<mvc:exclude-mapping path="/frontend/**"/>
<mvc:exclude-mapping path="/_health_check"/>
<mvc:exclude-mapping path="/external/**"/>
<mvc:exclude-mapping path="/login"/>
<mvc:exclude-mapping path="/changepassword"/>
<mvc:exclude-mapping path="/userAccount/getVerificationCode"/>
<mvc:exclude-mapping path="/userAccount/login"/>
<mvc:exclude-mapping path="/userAccount/updatePassword"/>
<bean class="com.vip.colfile.admin.interceptor.LoginInterceptor"/>
</mvc:interceptor>
</mvc:interceptors>
3.Filter
package com.vip.colfile.admin.interceptor;
public class CustomInterceptor implements Filter {
private final Logger logger = LoggerFactory.getLogger(CustomInterceptor.class);
private static final String FILTERED_REQUEST = "@ @sesion_context_filtered_request";
// 不需要登录的页面
private static final String[] INHERENT_ESCAPE_URIS = { "/index.html", "/index", "/index.jsp", "/changepassword",
"/changepassword.html", "/changepassword.jsp", "/userAccount/getVerificationCode", "/userAccount/login",
"/userAccount/updatePassword" };
@Override
public void init(FilterConfig filterConfig) throws ServletException {
logger.info("filter init.....");
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain)
throws IOException, ServletException {
logger.info("filter doFilter.....");
// 保证一次请求只调一次
if (servletRequest != null && servletRequest.getAttribute(FILTERED_REQUEST) != null) {
chain.doFilter(servletRequest, servletResponse);
} else {
// 设置过滤标识,防止一次请求多次过滤
servletRequest.setAttribute(FILTERED_REQUEST, Boolean.TRUE);
HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
UserAccountModel userContext = getSessionUser(httpServletRequest);
// 用户未登录且需要登录才能访问
if (userContext == null && isURILogin(httpServletRequest.getRequestURI(), httpServletRequest)) {
String tourl=httpServletRequest.getRequestURL().toString();
if(!StringUtils.isEmpty(httpServletRequest.getQueryString())){
tourl +="?"+httpServletRequest.getQueryString();
}
//保存用户请求的url到session,用于登录成功后,跳到目标url
httpServletRequest.getSession().setAttribute(SystemConstant.LOGIN_TO_URL, tourl);
//转发到登录页面
servletRequest.getRequestDispatcher("/login").forward(servletRequest, servletResponse);
return ;
}
chain.doFilter(servletRequest, servletResponse);
}
}
@Override
public void destroy() {
System.out.println("destroy.....");
}
private boolean isURILogin(String requestURI, HttpServletRequest request) {
if (request.getContextPath().equalsIgnoreCase(requestURI)
|| (request.getContextPath() + "/").equalsIgnoreCase(requestURI)) {
return true;
}
for (String uri : INHERENT_ESCAPE_URIS) {
if (requestURI != null && requestURI.indexOf(uri) >= 0) {
return true;
}
}
return false;
}
protected UserAccountModel getSessionUser(HttpServletRequest request) {
return (UserAccountModel) request.getSession().getAttribute(SystemConstant.SESSION_Context);
}
}
4.web.xml中配置
<!--自定义 filter get request-->
<filter>
<filter-name>customFilter</filter-name>
<filter-class>com.vip.colfile.admin.interceptor.CustomInterceptor</filter-class>
</filter>
<filter-mapping>
<filter-name>customFilter</filter-name>
<url-pattern>*.html</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>customFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<!--end -->
测试结果顺序:
[2016-10-25 14:10:49.550] [INFO] [http-bio-80-exec-13] [com.admin.interceptor.LoginInterceptor] >>> inter interceptor
[2016-10-25 14:10:49.550] [INFO] [http-bio-80-exec-13] [com.admin.interceptor.LoginInterceptor] >>> postHandle
[2016-10-25 14:10:49.551] [INFO] [http-bio-80-exec-13] [com.admin.interceptor.LoginInterceptor] >>> afterCompletion
[2016-10-25 14:10:49.556] [INFO] [http-bio-80-exec-10] [c.admin.interceptor.CustomInterceptor] >>> filter doFilter.....
[2016-10-25 14:10:49.557] [INFO] [http-bio-80-exec-10] [c.admin.manager.controller.AuthPageController] >>> ----------login page ------
5.getRequestDispatcher()与sendRedirect()的区别
1.request.getRequestDispatcher()是请求转发,前后页面共享一个request ;
response.sendRedirect()是重新定向,前后页面不是一个request。
request.getRequestDispather();返回的是一个RequestDispatcher对象。
2.RequestDispatcher.forward()是在服务器端运行;
HttpServletResponse.sendRedirect()是通过向客户浏览器发送命令来完成.
所以RequestDispatcher.forward()对于浏览器来说是“透明的”;
而HttpServletResponse.sendRedirect()则不是。
3.ServletContext.getRequestDispatcher(String url)中的url只能使用绝对路径; 而
ServletRequest.getRequestDispatcher(String url)中的url可以使用相对路径。因为
ServletRequest具有相对路径的概念;而ServletContext对象无次概念。
RequestDispatcher对象从客户端获取请求request,并把它们传递给服务器上的servlet,html或
jsp。它有两个方法:
1.void forward(ServletRequest request,ServletResponse response)
用来传递request的,可以一个Servlet接收request请求,另一个Servlet用这个request请求来产生response。request传递的请求,response是客户端返回的信息。forward要在response到达客户端之前调用,也就是 before response body output has been flushed。如果不是的话,它会报出异常。
2.void include(ServletRequest request,ServletResponse response)
用来记录保留request和response,以后不能再修改response里表示状态的信息。
如果需要把请求转移到另外一个Web App中的某个地址,可以按下面的做法:
1. 获得另外一个Web App的ServletConext对象(currentServletContext.getContext(uripath)).
- 调用ServletContext.getRequestDispatcher(String url)方法。
eg:ServletContext.getRequestDispatcher(“smserror.jsp”).forward(request,response);
http://lanew.blog.ccidnet.com/blog-htm-do-showone-type-blog-itemid-3690834-uid-327434.html
二者区别:
response.sendRedirect(url)跳转到指定的URL地址,产生一个新的request,所以要传递参数只有在url后加参
数,如:
url?id=1.
request.getRequestDispatcher(url).forward(request,response)是直接将请求转发到指定URL,所以该请求
能够直接获得上一个请求的数据,也就是说采用请求转发,request对象始终存在,不会重新创建。而
sendRedirect()会新建request对象,所以上一个request中的数据会丢失。
更具体来说就是这样的:
redirect 会首先发一个response给浏览器, 然后浏览器收到这个response后再发一个requeset给服务器, 然后
服务器发新的response给浏览器. 这时页面收到的request是一个新从浏览器发来的.
forward 发生在服务器内部, 在浏览器完全不知情的情况下发给了浏览器另外一个页面的response. 这时页面
收到的request不是从浏览器直接发来了,可能己经用request.setAttribute在request里放了数据.在转到的页
面可直接用request.getAttribute获得数据。
最基本的用法就如上了,其他的一些应注意的地方如下:
跳转方式
http://localhost:8080/Test应用
运用forward方法只能重定向到同一个Web应用程序中的一个资源。而sendRedirect方法可以让你重定向到任何
URL。
表单form的action=”/uu”;sendRedirect(“/uu”);表示相对于服务器根路径。如http://localhost:8080/Test应
用(则提交至http://localhost:8080/uu);
Forward代码中的”/uu”则代表相对与WEB应用的路径。如http://localhost:8080/Test应用(则提交至
http://localhost:8080/Test/uu);
(运用RequestDispatcher接口的Forward)方法
forward()无法重定向至有frame的jsp文件,可以重定向至有frame的html文件,
同时forward()无法在后面带参数传递,比如servlet?name=frank,这样不行,可以程序内通过
response.setAttribute(“name”,name)来传至下一个页面.
重定向后浏览器地址栏URL不变.
只有在客户端没有输出时才可以调用forward方法。如果当前页面的缓冲区(buffer)不是空的,那么你在调用
forward方法前必须先清空缓冲区。
“/”代表相对与web应用路径
RequestDispatcher rd = request.getRequestDispatcher(“/ooo”);
rd.forward(request, response);提交至http://localhost:8080/Test/ooo
RequestDispatcher rd = getServletContext().getRequestDispatcher(“/ooo”);
rd.forward(request, response);提交至http://localhost:8080/Test/ooo
RequestDispatcher rd =getServletContext().getNamedDispatcher(“TestServlet”);(TestServlet为一个
)
rd.forward(request, response);提交至名为TestServlet的servlet
如果在之前有很多输出,前面的输出已使缓冲区满,将自动输出到客户端,那么该语句将不起作用,
这一点应该特别注意。
另外要注意:它不能改变浏览器地址,刷新的话会导致重复提交
从http://localhost:8080/Test/gw/page.jsp中转发
在JSP页面被解析后转换成pageContext.forward(“OtherPage.jsp”);
“/OtherPage.jsp”提交到http://localhost:8080/Test/OtherPage.jsp
“OtherPage.jsp”提交到http://localhost:8080/Test/gw/OtherPage.jsp
(运用HttpServletResponse接口的sendRedirect)方法302
是在用户的浏览器端工作,sendRedirect()可以带参数传递,比如servlet?name=frank传至下个页面,
同时它可以重定向至不同的主机上,sendRedirect()可以重定向有frame.的jsp文件.
假设转发代码包含于注册的servlet-url为/ggg/tt;jsp为/ggg/tt.jsp:
绝对路径:response.sendRedirect(“http://www.brainysoftware.com
根路径:response.sendRedirect(“/ooo”)发送至http://localhost:8080/ooo
相对路径:response.sendRedirect(“ooo”)发送至http://localhost:8080/Test/ggg/ooo,
sendRedirect等同于此方式
response.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY);
String newLocn = “/newpath/jsa.jsp”;
response.setHeader(“Location”,newLocn);
(Meta Refresh)方法200
这种方法是由HTML提供的,Meta本身就是HTML标签。使用方法是:
String content=stayTime+";URL="+URL;
response.setHeader("REFRESH",content);
使用response.sendRedirect()地址栏将改变
使用request.getRequestDispatcher().forward(request,response)地址栏中的信息保持不变.
request.setAttribute存的东西
只用通过方法2跳转 才能在新页取出来