Java中的filter操作,其实在spring框架中已经存在大量的filter的默认实现的。这个默认的实现质量非常的高的,所以,对应的实际的处理问题的逻辑应该是这样的:
1.使用spring框架中已经实现和处理好的过滤器,这样的话,效率更高的;
2.在框架不支持的情况下,尝试使用别人已经实现好的,但是没有收录到spring中的;
3.自己编写filter实现自定义操作实现。
下面是一个典型的filter的操作实现的:
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
- 功能描述 增加http的响应头信息
- @since 2021-11-17
/
@Component
public class AddResponseHeaderFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
FilterChain filterChain) throws ServletException, IOException {
httpServletResponse.addHeader(“X-Frame-Options”, “DENY”);
httpServletResponse.addHeader(“Cache-Control”, “no-cache, no-store, must-revalidate, max-age=0”);
httpServletResponse.addHeader(“Cache-Control”, “no-cache=‘set-cookie’”);
httpServletResponse.addHeader(“Pragma”, “no-cache”);
httpServletResponse.addHeader(“Expires”, “0”);
httpServletResponse.addHeader(“Access-Control-Allow-Origin”, "");
httpServletResponse.addHeader(“Access-Control-Allow-Methods”, “POST,GET,OPTIONS”);
httpServletResponse.addHeader(“X-Frame-Options”, “SAMEORIGIN”);
httpServletResponse.addHeader(“X-Content-Type-Options”, “nosniff”);
httpServletResponse.addHeader(“X-XSS-Protection”, “1;mode=block”);
httpServletResponse.addHeader(“Strict-Transport-Security”, “max-age=31536000; includeSubDomains”);
httpServletResponse.addHeader(“Content-Security-Policy”,
“default-src ‘self’; child-src ‘none’; object-src ‘none’; frame-ancestors ‘none’”);
filterChain.doFilter(httpServletRequest, httpServletResponse);
}
}