Spring Boot中使用过滤器和拦截器
过滤器(filter)
过滤器实际上就是对web资源进行拦截,做一些处理后再交给下一个过滤器或servlet处理
通常都是用来拦截request进行处理的,也可以对返回的response进行拦截处理
流程图如下
应用场景
自动登录
统一设置编码格式
访问权限控制
敏感字符过滤等
创建filter
继承filter 重写filter 三个方法,
package javax.servlet;
import java.io.IOException;
public interface Filter {
default void init(FilterConfig filterConfig) throws ServletException {
}
void doFilter(ServletRequest var1, ServletResponse var2, FilterChain var3) throws IOException, ServletException;
default void destroy() {
}
}
@Component注解让TimeFilter成为Spring上下文中的一个Bean,@WebFilter注解的urlPatterns属性配置了哪些请求可以进入该过滤器,/*表示所有请求。
启动项目时可以看到控制台输出了过滤器初始化
/**
* Created by craywen on 2020/1/15 22:42
*
* @description
*/
@WebFilter(urlPatterns = {"/*"})
@Component
public class TimeFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("过滤器初始化");
}
@Override
public void destroy() {
System.out.println("过滤器销毁");
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
/*过滤方法 主要是对request和response进行一些处理,然后交给下一个过滤器或Servlet处理*/
System.out.println("开始执行过滤器");
Long start = new Date().getTime();
filterChain.doFilter(servletRequest, servletResponse); //交给下一个过滤器或servlet处理
System.out.println("【过滤器】耗时 " + (new Date().getTime() - start));
System.out.println("结束执行过滤器");
}
}
配置方式二
除了在过滤器类上加注解外,我们也可以通过FilterRegistrationBean来注册过滤器。
定义一个WebConfig类,加上@Configuration注解表明其为配置类,然后通过FilterRegistrationBean来注册过滤器:
@Configuration
public class WebConfig {
@Bean
public FilterRegistrationBean timeFilter() {
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
TimeFilter timeFilter = new TimeFilter();
filterRegistrationBean.setFilter(timeFilter);
List<String> urlList = new ArrayList<>();
urlList.add("/*");
filterRegistrationBean.setUrlPatterns(urlList);
return filterRegistrationBean;
}
}
FilterRegistrationBean除了注册过滤器TimeFilter外还通过setUrlPatterns方法配置了URL匹配规则。
使用filter设置跨域
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class SimpleCORSFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
System.out.println("--------------------" + request.getRequestURI());
String originHeader = request.getHeader("Origin");
response.setHeader("Access-Control-Allow-Origin", originHeader);
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "*");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Key, Authorization");
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(req, res);
}
}
public void init(FilterConfig filterConfig) {}
public void destroy() {}
}
通过过滤器我们只可以获取到servletRequest对象,所以并不能获取到方法的名称,所属类,参数等额外的信息。
拦截器 (Interceptor)
- 定义一个TimeInterceptor类,实现org.springframework.web.servlet.HandlerInterceptor接口:
/**
* Created by craywen on 2020/1/15 22:50
*
* @description
*/
@Component
public class TimeInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
System.out.println("处理拦截之前");
request.setAttribute("startTime", new Date().getTime());
//HandlerMethod handlerMethod = (HandlerMethod) handler;
System.out.println(((HandlerMethod)handler).getBean().getClass().getName());
System.out.println(((HandlerMethod) handler).getMethod().getName());
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable ModelAndView modelAndView) throws Exception {
System.out.println("开始处理拦截");
Long start = (Long) request.getAttribute("startTime");
System.out.println("【拦截器】耗时 " + (new Date().getTime() - start));
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable Exception ex) throws Exception {
System.out.println("处理拦截之后");
Long start = (Long) request.getAttribute("startTime");
System.out.println("【拦截器】耗时 " + (new Date().getTime() - start));
System.out.println("异常信息 " + ex);
}
}
TimeInterceptor实现了HandlerInterceptor接口的三个方法。preHandle方法在处理拦截之前执行,postHandle只有当被拦截的方法没有抛出异常成功时才会处理,afterCompletion方法无论被拦截的方法抛出异常与否都会执行。
通过这三个方法的参数可以看到,相较于过滤器,拦截器多了Object和Exception对象,所以可以获取的信息比过滤器要多的多。但过滤器仍无法获取到方法的参数等信息,我们可以通过切面编程来实现这个目的
要使拦截器在Spring Boot中生效,还需要如下两步配置:
1.在拦截器类上加入@Component注解;
2.在WebConfig中通过InterceptorRegistry注册过滤器:
/**
* Created by craywen on 2020/1/15 22:55
*
* @description
* 或者实现 WebMvcConfigurer
*/
@Configuration
public class WebConfig extends WebMvcConfigurationSupport {
@Autowired
private TimeInterceptor timeInterceptor;
@Override
protected void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(timeInterceptor);
super.addInterceptors(registry);
}
}
可看到过滤器要先于拦截器执行,晚于拦截器结束。下图很好的描述了它们的执行时间区别:
参考
https://blog.csdn.net/yuzhiqiang_1993/article/details/81288912