SpringMVC拦截器与Filter过滤器
SpringMVC拦截器与Filter过滤器
在系统中,经常需要在处理用户请求之前和之后执行一些行为,例如:检测用户的权限、或者将请求的信息记录到日志中,即:平常所说的“权限检测”及“日志记录”。
当然不仅仅这些,所以需要一种机制,拦截用户的请求,在请求之后添加处理逻辑。
SpringMVC提供了Interceptor拦截器机制,用于请求的预处理和后处理。
相比过滤器,拦截器作用的范围比较小,而拦截器几乎可以过滤所有请求。
拦截器的作用:
[1]用户请求拦截处理;
[2]针对一个或者多个或者全部的Controller返回结果进行拦截处理;
[3]页面渲染之后,响应给浏览器之间进行拦截处理。
过滤器和拦截器的区别?
[1]过滤器在请求到达项目组间之前工作;拦截器在前端控制器之后工作;
[2]过滤器依赖Servlet容器;拦截器是SpringMVC的,它不依赖于servlet容器,而是由Spring容器进行初始化;
Note that a filter gets configured in web.xml, a HandlerInterceptor in the application context.
[3]拦截器只能对action动态请求起作用(静态请求,例如:不会对js、css、img等静态资源的请求起到拦截作用);而过滤器可以对所有的请求起作用,无法实现细粒度的请求拦截;
[4]在action的生命周期中,拦截器可以多次被调用,而过滤器只能在容器初始化时被调用一次。
拦截器可以访问action上下文、值栈里的对象,而过滤器不能访问。
[5]拦截器可以获取IOC容器中的各个bean,而过滤器就不太方便,这点很重要,在拦截器里注入一个service,可以调用业务逻辑。
Spring MVC拦截器的定义
需要实现HandlerInterceptor接口。
package com.xwd.interceptor;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* @ClassName AppInterceptor
* @Description: com.xwd.interceptor
* @Auther: xiwd
* @Date: 2022/3/1 - 03 - 01 - 22:12
* @version: 1.0
*/
public class AppInterceptor implements HandlerInterceptor {
//properties
//methods
/**
* 在请求到达定义的Handler处理器(Controller)之前,工作
* @param request 请求对象
* @param response 响应对象
* @param handler 目标要调用的handler
* @return true-继续向前执行,可以到达handler(Controller层);false-拒绝继续执行
* @throws Exception
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
System.out.println("AppInterceptor preHandle");
/**/
//解决POST乱码问题
//判断是否登录
//用户权限控制
System.out.println(handler);
return true;
}
/**
* handler处理单元返回ModelAndView对象时候工作
* @param request
* @param response
* @param handler
* @param modelAndView
* @throws Exception
*/
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
System.out.println("AppInterceptor postHandle");
//在handler(Controller控制层)返回ModelAndView对象时候进行拦截
//控制视图-修改
//控制数据-敏感数据过滤(敏感词)
}
/**
* 页面渲染完毕,但是还没有响应给浏览器客户端之前,工作
* @param request
* @param response
* @param handler
* @param ex
* @throws Exception
*/
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
System.out.println("AppInterceptor afterCompletion");
//一般用于做资源的释放操作---该方法无论是否出现异常都会执行
}
}
SpringMVC拦截器的配置
需要在SpringMVC配置文件中配置HandlerInterceptor接口。
(有别于Filter过滤器,需要在web.xml中使用filter标签配置)
<!--注册拦截器-->
<mvc:interceptors>
<!--[1]拦截所有的URL请求,那么直接指定bean即可-->
<!-- <bean class="com.xwd.interceptor.AppInterceptor"></bean>-->
<!--[2]拦截特定的请求,需要使用mvc:interceptor标签来限定被拦截的访问路径-->
<mvc:interceptor>
<mvc:mapping path="/login.do"/>
<bean class="com.xwd.interceptor.AppInterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>
SpringMVC拦截器HandlerInterceptor接口
HandlerInterceptor接口中定义了3个方法,分别用于对某一个/某一些特定的请求进行预处理或者后处理。
【1】HandlerInterceptor拦截器
HandlerInterceptor是一个工作流程(workflow)接口,允许自定义request请求的处理执行链(handler execution chains)。对于某一组特定的handler(controller控制器),应用程序可以注册任意数量的自定义拦截器(Interceptor),在不改变原有接口实现类的前提下,实现一组通用处理行为。
【2】HandlerInterceptor拦截器工作流程
一个HandlerInterceptor(拦截器)在HandlerAdapter(处理器适配器)触发handler(控制器之前)被调用(具体是:default boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)方法被调用——请求预处理)。
拦截器机制可以实现一组切面(Aspects)的预处理操作,例如:权限检测(Authorization Checks)、或者一组通用的处理行为(例如:区域设置-locale或者主题修改theme changes),拦截器可以分解出重复性的代码,形成一组通用的操作。
[0]在HandlerAdapter处理器适配器调用handler(Controller控制器)之前,preHandle()方法被调用;
[1]在异步处理场景下,在没有调用postHandle()方法或者faterCompletion()方法之前(此时Handler/Controller控制器尚未执行完毕),处理器可能在一个独立线程中执行。
[2]当并发处理器Handler(即:控制器)(concurrent handler)执行完毕,携带处理结果的Model、ModeAndView等对象被返回给HandlerAdapter处理器适配器时, postHandle()方法就会被调用,可以用于实现数据、视图的进一步处理或者数据过滤操作;
[3]当HandlerAdapter处理器适配器将封装ModeAndView对象返回给DispatcherServlet前端处理器之后,前端处理器就开始调用ViewResolver视图解析器,处理得到View视图对象,在将View视图对象响应给前端浏览器之前,faterCompletion()方法就会被调用。通常用于实现资源清理工作。
【3】SpringMVC拦截器适用场景:与细粒度预处理任务相关的功能实现,优先考虑通过实现HandlerInterceptor接口,定义拦截器的方式。尤其是:分解出通用处理代码、权限检查等。
Filter过滤器适用场景:Filter过滤器更适合用来处理request请求内容、view视图内容处理,例如:multipart表单和GZip压缩处理。
附:HandlerInterceptor处理器拦截器接口源码
public interface HandlerInterceptor {
/**
* Intercept the execution of a handler. Called after HandlerMapping determined
* an appropriate handler object, but before HandlerAdapter invokes the handler.
* <p>DispatcherServlet processes a handler in an execution chain, consisting
* of any number of interceptors, with the handler itself at the end.
* With this method, each interceptor can decide to abort the execution chain,
* typically sending an HTTP error or writing a custom response.
* <p><strong>Note:</strong> special considerations apply for asynchronous
* request processing. For more details see
* {@link org.springframework.web.servlet.AsyncHandlerInterceptor}.
* <p>The default implementation returns {@code true}.
* @param request current HTTP request
* @param response current HTTP response
* @param handler chosen handler to execute, for type and/or instance evaluation
* @return {@code true} if the execution chain should proceed with the
* next interceptor or the handler itself. Else, DispatcherServlet assumes
* that this interceptor has already dealt with the response itself.
* @throws Exception in case of errors
*/
default boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
return true;
}
/**
* Intercept the execution of a handler. Called after HandlerAdapter actually
* invoked the handler, but before the DispatcherServlet renders the view.
* Can expose additional model objects to the view via the given ModelAndView.
* <p>DispatcherServlet processes a handler in an execution chain, consisting
* of any number of interceptors, with the handler itself at the end.
* With this method, each interceptor can post-process an execution,
* getting applied in inverse order of the execution chain.
* <p><strong>Note:</strong> special considerations apply for asynchronous
* request processing. For more details see
* {@link org.springframework.web.servlet.AsyncHandlerInterceptor}.
* <p>The default implementation is empty.
* @param request current HTTP request
* @param response current HTTP response
* @param handler the handler (or {@link HandlerMethod}) that started asynchronous
* execution, for type and/or instance examination
* @param modelAndView the {@code ModelAndView} that the handler returned
* (can also be {@code null})
* @throws Exception in case of errors
*/
default void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
@Nullable ModelAndView modelAndView) throws Exception {
}
/**
* Callback after completion of request processing, that is, after rendering
* the view. Will be called on any outcome of handler execution, thus allows
* for proper resource cleanup.
* <p>Note: Will only be called if this interceptor's {@code preHandle}
* method has successfully completed and returned {@code true}!
* <p>As with the {@code postHandle} method, the method will be invoked on each
* interceptor in the chain in reverse order, so the first interceptor will be
* the last to be invoked.
* <p><strong>Note:</strong> special considerations apply for asynchronous
* request processing. For more details see
* {@link org.springframework.web.servlet.AsyncHandlerInterceptor}.
* <p>The default implementation is empty.
* @param request current HTTP request
* @param response current HTTP response
* @param handler the handler (or {@link HandlerMethod}) that started asynchronous
* execution, for type and/or instance examination
* @param ex any exception thrown on handler execution, if any; this does not
* include exceptions that have been handled through an exception resolver
* @throws Exception in case of errors
*/
default void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,
@Nullable Exception ex) throws Exception {
}
}