一.过滤器概述
过滤器是servlet最重要的特性之一,客户端与servlet中间的一个传递者,能够实现对访问的路径、资源进行限定拦截,实现特有的功能。比如URL级别的权限认证,session验证,Referer 过滤等等操作。
举个简单的例子,应用系统中的一个接口(携带大量数据),如何不做限定操作,浏览器直接访问该路径的话会直接得到数据,那么用户数据就被泄露了。于是,我们就需要对相关路径进行拦截,来确保调用这个接口的是已经登录过的系统用户.
过滤器执行示意图:
二.过滤器的实现
1.通过FilterRegistrationBean将自定义的filter加入web应用的过滤器链
(1).自定义filter类
package com.zhourui.filter;
import javax.servlet.*;
import java.io.IOException;
/**
* @author zhourui
* @date 2019/11/30 19:01
*/
public class FilterTest1 implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("filter1.....before");
filterChain.doFilter(servletRequest,servletResponse);
System.out.println("filter1......after");
}
@Override
public void destroy() {
}
}
(2)使用FilterRegistrationBean注册filter到web应用的过滤器链
package com.zhourui.filter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
* @author zhourui
* @date 2019/11/30 19:07
*/
@Configuration
public class FilterConfiguration {
@Bean
public FilterRegistrationBean registrationFilter1(){
FilterRegistrationBean registration=new FilterRegistrationBean(new FilterTest1());
registration.addUrlPatterns("/*");
registration.addInitParameter("paramName", "paramValue");
registration.setName("filter1");
registration.setOrder(1);
return registration;
}
@Bean
public FilterRegistrationBean registrationFilter2(){
FilterRegistrationBean registration=new FilterRegistrationBean(new FilterTest1());
registration.addUrlPatterns("/*");
registration.addInitParameter("paramName", "paramValue");
registration.setName("filter2");
registration.setOrder(2);
return registration;
}
@Bean
public FilterRegistrationBean registrationFilter3(){
FilterRegistrationBean registration=new FilterRegistrationBean(new FilterTest1());
registration.addUrlPatterns("/*");
registration.addInitParameter("paramName", "paramValue");
registration.setName("filter3");
registration.setOrder(3);
return registration;
}
}
2.@WebFilter+启动类上加@ServletComponentScan
注意:网上说的@WebFilter+@Componet是无法配置拦截路径的,拦截的是/*,和第三种一样,是不对的
@WebFilter 用于将一个类声明为过滤器,该注解将会在部署时被容器处理,容器将根据具体的属性配置将相应的类部署为过滤器。该注解具有下表给出的一些常用属性 ( 以下所有属性均为可选属性,但是 value、urlPatterns、servletNames 三者必需至少包含一个,且 value 和 urlPatterns功能相似,都是设置拦截路径, 不能共存,如果同时指定,通常忽略 value 的取值 )
package com.zhourui.filter;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import java.io.IOException;
/**
* @author zhourui
* @date 2019/11/30 19:34
*/
@WebFilter(filterName = "filterTest", urlPatterns = "/*", asyncSupported=true)
public class FilterTest implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("webfilter....before");
filterChain.doFilter(servletRequest,servletResponse);
System.out.println("webfilter....after");
}
@Override
public void destroy() {
}
}
3.直接在Filter的实现类上加@Componet,拦截/*
package com.zhourui.filter;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import java.io.IOException;
/**
* @author zhourui
* @date 2019/11/29 7:22
*/
@Component
public class TestFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
System.out.println("filter ....before");
filterChain.doFilter(request,response);
System.out.println("filter....after");
}
@Override
public void destroy() {
}
}