项目老的用spring写的,新的升级到了springboot,原代码中有在web.xml中定义过滤器,在boot中,自然没法这样用了,因而看了看boot如何使用自定义过滤器。
在springboot 中,主要是靠FilterRegistrationBean 这个类来提供这样的功能。具体而言:
自定义Filter需要两个步骤:
实现Filter【javax.servlet.Filter】接口,实现Filter方法
添加 @Configuration 注解,将自定义Filter加入过滤链
老的代码:
<filter>
<filter-name>WebAccessAuthorizeFilterMvc</filter-name>
<filter-class>com.cmb.bip.filter.ManageAccessFilter</filter-class>
<init-param>
<param-name>EXCEPTION_URI</param-name>
<param-value>login.html,*.js</param-value>
</init-param>
<init-param>
<param-name>ERR_URL</param-name>
<param-value>login.html</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>WebAccessAuthorizeFilterMvc</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
首先是注册过滤器Filter类
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.web.context.support.WebApplicationContextUtils;
import com.cmb.bip.develop.api.common.ThreadLocalMap;
import com.cmb.bip.develop.api.model.auth.AuthSession;
import com.cmb.bip.develop.api.model.auth.User;
import com.cmb.bip.develop.api.model.auth.UserEntity;
import com.cmb.bip.develop.api.service.UserService;
import com.cmb.bip.filter.BaseWebAccessAuthorizeFilter;
import com.cmb.bip.filter.WkeUserEntity;
import com.cmb.bip.filter.utils.CookieUtils;
import com.cmb.bip.filter.utils.UUIDGenerator;
import com.cmb.bip.utils.StringUtil;
public class ManageAccessFilter extends BaseWebAccessAuthorizeFilter{
public static final String LOGIN_FLAG = "login_random";
@Override
public String processRedirectUrl(HttpServletRequest httpRequest, String redirectUrl) {
int exitTime = 3;
String cp = httpRequest.getContextPath();
if (StringUtil.isBlank(cp)) {
// 部署至paas后,contextPath为空
exitTime -= 1;
}
StringBuilder redSB = new StringBuilder("");
String reqUri = httpRequest.getRequestURI();
String[] uriArr = reqUri.split("/");
if (uriArr.length > exitTime) {
for (int i = exitTime; i < uriArr.length; i++) {
redSB.append("../");
}
}
redSB.append(redirectUrl);
return redSB.toString();
}
}
(这里还有其他的业务逻辑,代码太长就不展示了。)
public class BaseWebAccessAuthorizeFilter implements Filter
{
private static final Logger LOGGER = Logger.getLogger(BaseWebAccessAuthorizeFilter.class);
public static final String MODULE_ID = "";
public static final String DATA = "Data";
public static final String TOKEN = "Token";
public static final String COOKIE_DATA = "" + "Data";
public static final String COOKIE_TOKEN = "" + "Token";
public static final String COOKIE_USER_ID = "" + "USER_ID";
protected String LOGIN_URL = "LOGIN_URL";
protected String EXCEPTION_URI = "EXCEPTION_URI";
protected String errurl;
protected List<String> excludeUriList;
protected String salt = "BIP";
protected SecurityVerifyFactory securityFactory;
protected String loginHanlderUrl = "res/loginInfoHandle";
protected String loginRegisterUrl = "res/registerLoginInfo";
protected int vailDay = 86400000;
public BaseWebAccessAuthorizeFilter() {
errurl = "";
excludeUriList = null;
}
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException
{
HttpServletRequest httpRequest = (HttpServletRequest)servletRequest;
HttpServletResponse httpResponse = (HttpServletResponse)servletResponse;
setResponseHeader(httpResponse);
String url = httpRequest.getRequestURI();
if ((!url.contains(loginHanlderUrl)) && (!url.contains(loginRegisterUrl))) {
httpResponse.setHeader("P3P", "CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'");
if ((!isLoginInSession(httpRequest, httpResponse)) && (!isLogin(httpRequest, httpResponse)) &&
(!doLogin(httpRequest, httpResponse)) && (!isExcludeUri(httpRequest)))
{
doDispatcherUri(httpRequest, httpResponse, errurl);
return;
}
}
filterChain.doFilter(servletRequest, servletResponse);
}
public void setResponseHeader(HttpServletResponse response) {
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with, content-type, Content-Disposition");
response.setHeader("Access-Control-Allow-Credentials", "true");
}
public void init(FilterConfig filterConfig) throws ServletException {
String excludeUrl = filterConfig.getInitParameter("EXCEPTION_URI");
if (excludeUrl != null) {
String[] uris = excludeUrl.replace(",", ",").replace(";", ",").split(",");
if (uris != null) {
excludeUriList = new ArrayList();
String[] arr$ = uris;
int len$ = arr$.length;
for (int i$ = 0; i$ < len$; i$++) {
String u = arr$[i$];
excludeUriList.add(u);
}
}
}
errurl = filterConfig.getInitParameter("ERR_URL");
if (errurl != null)
if (excludeUriList == null) {
excludeUriList = new ArrayList();
excludeUriList.add(errurl);
} else if (!excludeUriList.contains(errurl)) {
excludeUriList.add(errurl);
}
securityFactory = new SecurityVerifyFactory();
MD5SecurityVerifyStrategy md5 = new MD5SecurityVerifyStrategy(salt, vailDay);
md5.setDataParser(new BIDataParser());
OAMSSecurityVerifyStrategy omas = new OAMSSecurityVerifyStrategy(vailDay);
omas.setDataParser(new OAMSDataParser());
List<SecurityVerify> securityVerifys = new ArrayList();
securityVerifys.add(md5);
securityVerifys.add(omas);
securityFactory.setSecurityVerify(securityVerifys);
initSelf();
}
protected void initSelf() {}
public void destroy() {}
同理,业务代码太长,主要是拦截登录的url,进行一些token的校验之类的。主体是这个类必须去实现Filter接口,实现Filter方法!
然后就是实现过滤器类
package com.cmb.bip.develop.api.config;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class WebFilterregistration {
@Bean
public FilterRegistrationBean registerFilter() {
FilterRegistrationBean registration = new FilterRegistrationBean();
String errUrl = "login.html";
registration.setFilter(new ManageAccessFilter());
registration.addUrlPatterns("/*");
registration.addInitParameter("ERR_URL", errUrl);
registration.setName("WebAccessAuthorizeFilterMvc");
return registration;
}
}
注意这里的setFilter就是你所定义的过滤器filter类。另外当你有多个拦截器的时候,可以再添加registratrion.setOrder(**)进行设置。
这里还有拦截的过滤规则
//过滤应用程序中所有资源,当前应用程序根下的所有文件包括多级子目录下的所有文件,注意这里*前有“/”
registration.addUrlPatterns("/*");
//过滤指定的类型文件资源, 当前应用程序根目录下的所有html文件,注意:*.html前没有“/”,否则错误
registration.addUrlPatterns(".html");
//过滤指定的目录下的所有文件,当前应用程序根目录下的folder_name子目录(可以是多级子目录)下所有文件
registration.addUrlPatterns("/folder_name/*");
//过滤指定文件
registration.addUrlPatterns("/index.html");