分析下Java web中的过滤器 、拦截器
过滤器:当用户请求(request)服务器时可以添加多个过滤器对请求进行过滤,
每个过滤器对请求有不同的过滤处理
多个过滤器就会形成一个过滤器链条
当过滤链条完成之后,server开始对请求处理
处理完成之后返回结果response
response还会逆序被过滤链条处理
完成之后返回用户 如下图:
代码部分:
请求与返回对象
public class Request {
public String RequestString;
}
public class Response {
public String ResponseString;
}
//过滤接口
public interface Filter {
public void doFilter(Request request , Response response , FilterChain chain);
}
过滤实现类
public class HtmlFilter implements Filter{
@Override
public void doFilter(Request request, Response response, FilterChain chain) {
request.RequestString = request.RequestString.replace("<", "[").replace(">", "]");
System.out.println("HtmlFilter request 处理完成 request.RequestString = "+request.RequestString);
chain.doFilter(request, response, chain);
response.ResponseString = response.ResponseString + " |HtmlFilter response 处理";
System.out.println("HtmlFilter response 返回处理完成 response.ResponseString = "+response.ResponseString);
}
}
public class SensitiveFilter implements Filter{
@Override
public void doFilter(Request request, Response response, FilterChain chain) {
request.RequestString = request.RequestString.replace("敏感", "**");
System.out.println("SensitiveFilter request 处理完成 request.RequestString = "+request.RequestString);
chain.doFilter(request, response, chain);
response.ResponseString = response.ResponseString + " | SensitiveFilter response 处理 ";
System.out.println("SensitiveFilter response 返回处理完成 response.ResponseString = "+response.ResponseString);
}
}
过滤链条
public class FilterChain {
private List<Filter> filters = new ArrayList<Filter>();
public FilterChain addFilter(Filter filter){
filters.add(filter);
return this;
}
int index = -1;
public void doFilter(Request request,Response response , FilterChain chain){
if(filters.size() > ++ index){
filters.get(index).doFilter(request, response, chain);
}else if(filters.size() == index){
response.ResponseString = "【server处理代码部分】";
System.out.println("业务逻辑处理之后的返回:" + response.ResponseString);
}
}
}
测试类
public class MainTest {
public static void main(String[] args) {
Request req = new Request();
req.RequestString = "O(∩_∩)O哈哈~ <script> <style> 我是敏感词";
Response res = new Response();
FilterChain chain = new FilterChain();
chain.addFilter(new HtmlFilter())
.addFilter(new SensitiveFilter());
chain.doFilter(req, res, chain);
}
}
执行结果
HtmlFilter request 处理完成 request.RequestString = O(∩_∩)O哈哈~ [script] [style] 我是敏感词
SensitiveFilter request 处理完成 request.RequestString = O(∩_∩)O哈哈~ [script] [style] 我是**词
业务逻辑处理之后的返回:【server处理代码部分】
SensitiveFilter response 返回处理完成 response.ResponseString = 【server处理代码部分】 | SensitiveFilter response 处理
HtmlFilter response 返回处理完成 response.ResponseString = 【server处理代码部分】 | SensitiveFilter response 处理 |HtmlFilter response 处理
小结:请求 ——>htmlFilter过滤——>sensitiveFilter过滤——>server处理返回response——>sensitiveFilter处理——>htmlFilter处理
问题:如果遇到一些非法请求需要直接返回该如果做
代码如下:
添加非法过滤类
public class ErrorFilter implements Filter{
@Override
public void doFilter(Request request, Response response, FilterChain chain) {
request.RequestString = request.RequestString.replace("(:", "^-_-^");
System.out.println("ErrorFilter request 处理完成 request.RequestString = "+request.RequestString);
System.out.println("**********在这里出错拦截返回**********");
boolean flag = false;
//模拟错误请求
if(flag){
chain.doFilter(request, response, chain);
}
System.out.println("**********在这里出错拦截返回**********");
response.ResponseString = response.ResponseString + " |ErrorFilter response 处理";
System.out.println("ErrorFilter response 返回处理完成 response.ResponseString = "+response.ResponseString);
}
}
修改测试代码
将错误过滤器放在html 与 sensitive之间
public class MainTest {
public static void main(String[] args) {
Request req = new Request();
req.RequestString = "O(∩_∩)O哈哈~ <script> <style> 我是敏感词";
Response res = new Response();
FilterChain chain = new FilterChain();
chain.addFilter(new HtmlFilter())
.addFilter(new ErrorFilter())
.addFilter(new SensitiveFilter());
chain.doFilter(req, res, chain);
}
}
执行结果
HtmlFilter request 处理完成 request.RequestString = O(∩_∩)O哈哈~ [script] [style] 我是敏感词
ErrorFilter request 处理完成 request.RequestString = O(∩_∩)O哈哈~ [script] [style] 我是敏感词
**********在这里出错拦截返回**********
**********在这里出错拦截返回**********
ErrorFilter response 返回处理完成 response.ResponseString = null |ErrorFilter response 处理
HtmlFilter response 返回处理完成 response.ResponseString = null |ErrorFilter response 处理 |HtmlFilter response 处理
看以看到response返回结果中的Null值
该值代表没有经过server直接返回
而且也没有经过sensitiveFilter处理
总结:
在过滤器中如果遇到非法请求 需要直接返回 则不需要调用chain.doFilter() 函数 请求会直接返回.