Java - doFilter

最新推荐文章于 2024-07-05 05:00:00 发布
最新推荐文章于 2024-07-05 05:00:00 发布
阅读量681 收藏
点赞数
分类专栏: Java
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/tina_tian1/article/details/78782339
版权

解决问题:

1. 在认证之前做个过滤InternalServerTokenFilter。如没有带内部token, 就不继续认证controller的处理了
2. 过滤拿走request 的body后,controller不可再次消费,此时需要重新生成一个InternalServerTokenRequestWrapper, 可永久保存request body
3. 过滤器需要捕捉异常,进行特殊处理返回给前端 InternalServerTokenFilter::exceptionHandle

 

 

public class InternalServerTokenFilter extends GenericFilterBean {
	private static final Logger logger = LoggerFactory
			.getLogger(InternalServerTokenFilter.class);
	private InternalServerUiConf internalServerUiConf;
	private InternalTokenService internalTokenService;

	@Override
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws ServletException, IOException {

		if (false == internalServerUiConf.getEnable()) {
			// Disable: do nothing
			chain.doFilter(request, response);
			return;
		}

		// Enable: validate it.
		// Consume input stream of request and wrap a new request for control
		// consumption.
		// Because input stream can be consumed only once.
		InternalServerTokenRequestWrapper requestWrapper = new InternalServerTokenRequestWrapper(
				(HttpServletRequest) request);
		String body = requestWrapper.getBody();
		try {
			internalTokenService.validate(body);
		} catch (InvalidInternalTokenException e) {
			exceptionHandle((HttpServletRequest) request,
					(HttpServletResponse) response, e);
			return;
		} catch (Exception e) {
			logger.error("internal token filter exception. ", e.getMessage());
			throw new ServletException(e);
		}

		// Pass through
		chain.doFilter((ServletRequest) requestWrapper, response);
	}

	private void exceptionHandle(HttpServletRequest request,
			HttpServletResponse response, InvalidInternalTokenException e)
			throws IOException {

		response.setStatus(HttpStatus.FORBIDDEN.value());

		InternalTokenResponse internalTokenResponse = new InternalTokenResponse(
				e.getCode(), e.getMessage());
		JSONObject objResponse = JSONObject.fromObject(internalTokenResponse);
		String strResponse = objResponse.toString();
		PrintWriter outBody = response.getWriter();
		outBody.println(strResponse);
		outBody.flush();
		outBody.close();
	}

	public InternalTokenService getInternalTokenService() {
		return internalTokenService;
	}
	public void setInternalTokenService(
			InternalTokenService internalTokenService) {
		this.internalTokenService = internalTokenService;
	}

	public InternalServerUiConf getInternalServerUiConf() {
		return internalServerUiConf;
	}

	public void setInternalServerUiConf(
			InternalServerUiConf internalServerUiConf) {
		this.internalServerUiConf = internalServerUiConf;
	}
}
 

 

package com.hp.ccue.identity.utilities;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;

import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

public class InternalServerTokenRequestWrapper
		extends
			HttpServletRequestWrapper {

	private final String body;
	public InternalServerTokenRequestWrapper(HttpServletRequest request)
			throws IOException {
		super(request);
		StringBuilder stringBuilder = new StringBuilder();
		BufferedReader bufferedReader = null;
		try {
			InputStream inputStream = request.getInputStream();
			if (inputStream != null) {
				bufferedReader = new BufferedReader(
						new InputStreamReader(inputStream));
				char[] charBuffer = new char[1024];
				int bytesRead = -1;
				while ((bytesRead = bufferedReader.read(charBuffer)) > 0) {
					stringBuilder.append(charBuffer, 0, bytesRead);
				}
			} else {
				stringBuilder.append("");
			}
		} catch (IOException e) {
			throw e;
		} finally {
			if (bufferedReader != null) {
				try {
					bufferedReader.close();
				} catch (IOException e) {
					throw e;
				}
			}
		}
		body = stringBuilder.toString();
	}

	@Override
	public ServletInputStream getInputStream() throws IOException {
		final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(
				body.getBytes());
		ServletInputStream servletInputStream = new ServletInputStream() {
			public int read() throws IOException {
				return byteArrayInputStream.read();
			}
		};
		return servletInputStream;
	}

	@Override
	public BufferedReader getReader() throws IOException {
		return new BufferedReader(new InputStreamReader(this.getInputStream()));
	}

	public String getBody() {
		return this.body;
	}
}

 

 

 

 

 

    <bean id="internalServerTokenFilter" class="com.hp.ccue.identity.filter.InternalServerTokenFilter">
        <property name="internalServerUiConf" ref="internalServerUiConf"/>
        <property name="internalTokenService" ref="internalTokenService"/>
    </bean>
   <security:http pattern="/../v0/.." use-expressions="true" auto-config="false">
        <security:csrf disabled="true" />
        <security:custom-filter ref="internalServerTokenFilter" />
        <security:http-basic />
    </security:http>
 

 

 


 
 

 

 


                

        

        

    




    

      

        

            

              
                
                  tina_tian1
                
              
            

            

                关注
              
            

        

        

          
    
            
  • 
              
                
                
                
                
                      0
                
              
              
    点赞
    
            
    • 
            
  • 
              
                
                
                
              
              
    
            
    • 
            
  • 
              
                
                
                
                
                    0
                
              
              
    
                
    
                  
                    收藏
                  
                
    
              
    
              
    
                
    
                  觉得还不错?
                  
                    一键收藏
                  
                 
                
    
              
    
            
    • 
          
  • 
            
    
              
              
            
    
              
              
              
                    0
              
            
            
    评论
    
          
    • 
          
  • 
          
    • 
          
  • 
            
              
            
              
    
            
              
                
            
    
          
    • 
        

      

      

            

                专栏目录
          










                



	

		

			

				
					
JavaWeb过滤器(Filter

				
			

			

				

					小白学编程
				

				

					05-27
					
					7281
					
				

			

		

		

			
				
开发工具与关键技术:javaWeb,过滤器(Filter)
撰时间:2019-05-26

总结上述所有表达
第一点:过滤器是什么
第二点:客户端到服务端的流程
第三点:过滤器如何编
第四点:Filter接口的生命周期及方法执行时期
第五点:三个方法中的重要参数了解及理解doFilter
第六点:web.xml的配置及四种拦截方式
第七点:目标资源与过滤器的执行顺序
第八点:多个...

			
		

	



                

              
                



	

		

			

				
					
java dofilter_Java 中的过滤器Filter

				
			

			

				

					weixin_35408656的博客
				

				

					02-16
					
					2471
					
				

			

		

		

			
				
Filter也就是java中的过滤器filter,联想到现实中的过滤器其实我们很容易想到它存在的意义和功能。但实际上总会有一些出入,本文我们就来详细地介绍一下这个在web开发中举足轻重的角色。Filter是是Servlet技术中引人入胜的一种技术,它能够对目标资源的请求和响应进行截取,过滤字符编码,做一些业务逻辑上的判断等。WEB开发人员通过Filter技术,对web服务器管理的所有web资源:例...

			
		

	



                


  
              

                


	

		

			

				
					
Java过滤器doFilter里chain.doFilter()函数的理解

					
最新发布

				
			

			

				

					Andrew_Chenwq的博客
				

				

					07-05
					
					823
					
				

			

		

		

			
				
所以说chain.doFilter(request,response)是过滤器的必要操作,目的是如果有多个过滤器需要处理同一个url时把请求传给下一个过滤器。

			
		

	





	

		

			

				
					
Java过滤器

				
			

			

				

					qq_53773837的博客
				

				

					08-14
					
					217
					
				

			

		

		

			
				
过滤器:

如果想要使用过滤器,首先需要实现Filter类,并重三个需要的方法:

init方法:    容器在创建当前过滤器的时候自动调用;

destroy方法:  容器在销毁当前过滤器的时候自动调用

doFilter方法:  过滤器的主要代码在这个地方、

@WebFilter("/*") public class Filter01 implements Filter {

@Override

public void init(FilterConfig filterConfig) throws

			
		

	



		

			
		



	

		

			

				
					
JavaWeb——过滤器

				
			

			

				

					weixin_44212870的博客
				

				

					03-25
					
					1758
					
				

			

		

		

			
				
【代码】JavaWeb——过滤器。

			
		

	





	

		

			

				
					
java中的Filter过滤器

				
			

			

				

					A_cup的博客
				

				

					05-19
					
					279
					
				

			

		

		

			
				
里面主要有三个方法:init()初始化方法;doFilter()方法;该方法里有一个chain.doFilter();在他之前都属于请求过滤,在他之后都属于相应过滤!(走到该方法的时候会走去下一个过滤器,没有下一个过滤器会执行最后的servlet)

			
		

	





	

		

			

				
					
java-property-utils-1.9.1.jar

				
			

			

				

					09-07
				

			

		

		

			
				
开发者可以创建一个实现了`javax.servlet.Filter`接口的类,并在`doFilter()`方法中调用库提供的API来设置响应头。当Web应用接收到请求时,过滤器会先于目标资源执行,添加必要的CORS头部,从而确保跨域请求能够成功...

			
		

	





	

		

			

				
					
Java-filter测试程序

				
			

			

				

					11-16
				

			

		

		

			
				
在这个"Java-filter测试程序"中,我们可以深入理解Filter的工作原理及其在实际应用中的作用。  FilterJava Web应用程序中扮演着中间件的角色,它可以对请求进行预处理,也可以对响应进行后处理。例如,我们可以...

			
		

	





	

		

			

				
					
Java-filter过滤器在项目开发中的应用.docx

				
			

			

				

					12-13
				

			

		

		

			
				
Java-filter过滤器在项目开发中的应用  Java-filter过滤器是一种Java EE规范中的一种组件,用于拦截和处理Servlet请求和响应。在项目开发中,Java-filter过滤器可以应用于解决各种问题,以下是其中的两种应用:  ...

			
		

	





	

		

			

				
					
java-servlet-filter-1:筛选侦听器详细信息

				
			

			

				

					04-29
				

			

		

		

			
				
按照`<filter-mapping>`的顺序,Filter会先执行`doFilter()`方法。  - **调用目标资源**:Filter可以决定是否允许请求继续到下一个Filter或直接传递到目标Servlet。  - **清理资源**:请求处理完成后,Filter会调用`...

			
		

	





	

		

			

				
					
Java-Web应用开发基础》综合练习3.docx

				
			

			

				

					12-19
				

			

		

		

			
				
Java-Web应用开发基础知识点总结  以下是从给定的文件中提炼出的相关知识点:  1. COOKIE:Cookie是小段的文本信息,通过使用Cookie可以标识用户身份、记录用户名及密码、跟踪重复用户。Cookie在服务器端生成并发...

			
		

	





	

		

			

				
					
dofilter过滤器

				
			

			

				

					09-24
				

			

		

		

			
				
是一个关于doFilter过滤器的执行过程的,详细介绍

			
		

	





	

		

			

				
					
过滤器的doFilter

				
			

			

				

					刘利新
				

				

					05-12
					
					464
					
				

			

		

		

			
				
http://sites.google.com/site/xinshuguang/dofilter

			
		

	





	

		

			

				
					
Java 过滤器Filter

				
			

			

				

					baidu_32935221的博客
				

				

					04-14
					
					2700
					
				

			

		

		

			
				
Filter也称之为过滤器,它是Servlet技术中最实用的技术,Web开发人员通过Filter技术,对web服务器管理的所有web资源:例如Jsp, Servlet, 静态图片文件或静态 html 文件等进行拦截,从而实现一些特殊的功能。Filter接口中有一个doFilter方法,当开发人员编Filter,并配置对哪个web资源进行拦截后,Web服务器每次在调用web资源的service方法之前,都会先调用一下filter的doFilter方法。过滤器的执行顺序有两种。

			
		

	





	

		

			

				
					
dofilterjava中_关于java:Servlet的doFilter方法中的StringBuffer或StringBuilder?

				
			

			

				

					weixin_42365234的博客
				

				

					03-03
					
					120
					
				

			

		

		

			
				
本问题已经有最佳答案,请猛点这里访问。我正在实现我的自定义筛选器:public class MyFilter implements javax.servlet.Filter我应该在这个doFilter方法中使用哪一个?stringbuffer或stringbuilder?我想用这种方式:StringBuffer stringBuffer = new StringBuffer();stringBuf...

			
		

	





	

		

			

				
					
JavaWeb之Filter过滤器

				
			

			

				

					weixin_65824274的博客
				

				

					03-01
					
					362
					
				

			

		

		

			
				
JavaWeb三大组件之一,其余两大组件是:Servlet程序和Listener监听器。3.到 web.xml 中去配置 Filter 的拦截路径。进入首页,再进入zhuye.jsp被拦截;1.编一个类去实现 Filter 接口。2.实现过滤方法 doFilter()JavaEE规范,是一个接口。作用:拦截请求、过滤响应。

			
		

	





	

		

			

				
					
JavaWeb--快速入门Filter过滤器,java面试问题

				
			

			

				

					m0_60634964的博客
				

				

					03-29
					
					661
					
				

			

		

		

			
				
Override。

			
		

	





	

		

			

				
					
java过滤器(Filter

					
热门推荐

				
			

			

				

					爪哇人的博客
				

				

					10-19
					
					3万+
					
				

			

		

		

			
				
filter也称之为过滤器,它是javaWeb三大组件之一(Servlet程序、Listener监听器、Filter过滤器)既可以对请求进行拦截,也可以对响应进行处理。权限检查,日记操作、拦截请求、过滤操作、对请求字符设置编码。要想介绍filter,就必须介绍Filter中的三个方法。/*** web应用启动时,web服务器将创建Filter的实例对象,并调用init方法,读取web.xml的配置,完成对象的初始化功能,

			
		

	





	

		

			

				
					
SpringBoot整合JWT 用java-jwt依赖包实现

				
			

			

				

					05-20
				

			

		

		

			
				
可以通过以下步骤在Spring Boot中集成JWT:

1. 添加java-jwt依赖包到pom.xml文件中:

```xml
<dependency>
    <groupId>com.auth0</groupId>
    <artifactId>java-jwt</artifactId>
    <version>3.18.1</version>
</dependency>
```

2. 创建一个JWT工具类来生成和验证JWT令牌:

```java
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;

import java.util.Date;

public class JwtUtils {

    private static final long EXPIRATION_TIME = 86400000; // 24 hours
    private static final String SECRET = "mySecret";
    private static final String ISSUER = "myIssuer";

    public static String generateToken(String username) {
        Date now = new Date();
        Date expiryDate = new Date(now.getTime() + EXPIRATION_TIME);

        return JWT.create()
                .withSubject(username)
                .withIssuer(ISSUER)
                .withIssuedAt(now)
                .withExpiresAt(expiryDate)
                .sign(Algorithm.HMAC512(SECRET));
    }

    public static String getUsernameFromToken(String token) throws JWTVerificationException {
        DecodedJWT jwt = JWT.require(Algorithm.HMAC512(SECRET))
                .withIssuer(ISSUER)
                .build()
                .verify(token);

        return jwt.getSubject();
    }
}
```

3. 在Spring Security配置中添加JWT过滤器,以验证JWT令牌:

```java
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@Configuration
@Order(1)
public class JwtConfig extends SecurityConfigurerAdapter<javax.servlet.Filter, HttpSecurity> {

    @Autowired
    private JwtAuthenticationProvider jwtAuthenticationProvider;

    @Override
    public void configure(HttpSecurity http) throws Exception {
        JwtAuthenticationFilter jwtAuthenticationFilter = new JwtAuthenticationFilter();
        jwtAuthenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
        jwtAuthenticationFilter.setAuthenticationFailureHandler(new JwtAuthenticationFailureHandler());
        http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
    }

    private class JwtAuthenticationFilter extends UsernamePasswordAuthenticationFilter {

        @Override
        public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
            String token = request.getHeader("Authorization");

            if (token == null || !token.startsWith("Bearer ")) {
                throw new JwtAuthenticationException("Invalid JWT token");
            }

            String username = JwtUtils.getUsernameFromToken(token.substring(7));

            if (username == null) {
                throw new JwtAuthenticationException("Invalid JWT token");
            }

            return jwtAuthenticationProvider.authenticate(new UsernamePasswordAuthenticationToken(username, ""));
        }

        @Override
        protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException {
            super.successfulAuthentication(request, response, chain, authResult);
            chain.doFilter(request, response);
        }
    }

    private class JwtAuthenticationFailureHandler extends HttpStatusEntryPoint {

        @Override
        public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
            response.setStatus(HttpStatus.UNAUTHORIZED.value());
        }
    }
}
```

4. 创建一个JwtAuthenticationProvider来验证用户名和密码:

```java
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;

@Component
public class JwtAuthenticationProvider implements AuthenticationProvider {

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String username = authentication.getName();
        String password = (String) authentication.getCredentials();

        UserDetails userDetails = userDetailsService.loadUserByUsername(username);

        if (!passwordEncoder.matches(password, userDetails.getPassword())) {
            throw new JwtAuthenticationException("Invalid username or password");
        }

        return new UsernamePasswordAuthenticationToken(username, password, userDetails.getAuthorities());
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return authentication.equals(UsernamePasswordAuthenticationToken.class);
    }
}
```

5. 在Spring Security配置中添加JwtConfig:

```java
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private JwtAuthenticationProvider jwtAuthenticationProvider;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(jwtAuthenticationProvider);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .antMatcher("/**")
                .authorizeRequests()
                .antMatchers("/login").permitAll()
                .anyRequest().authenticated()
                .and()
                .apply(new JwtConfig());
    }
}
```

现在你就可以在Spring Boot应用程序中使用JWT进行身份验证了。

			
		

	



              




          




        



    





    



      

      

        
      

      





	

		评论	
	

	
	




  

    

      添加红包
      
    

    

      

        
        

          
          
        

        
请填写红包祝福语或标题

      

      

        
        

          
          
        

        
红包个数最小为10个

      

      

        
        

          
          
        

        
红包金额最低5元

      

      

        
        

          当前余额3.43前往充值 >
        

      

      

        

          需支付:10.00

        
        
      

    

  





  

    
    
  

  

    
    
  








  

    

      

        

          

            
            
成就一亿技术人!

          

          

        

        

          

          

            领取后你会自动成为博主和红包主的粉丝
            规则
          

        

      

      

        

          

            
              
            
            

              
hope_wisdom
 发出的红包
            

          

        

        

          

          

          

        

      

    

    

  



      
      

      
实付

      
使用余额支付

      

        

          

            
            点击重新获取
          

        

        
扫码支付

      

      

        
          
            
          
          
        
      

      

        
        钱包余额
          0
          

            
            

              

                
抵扣说明:

                
 1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
 2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

              

            

          

      

      余额充值