tomcat 过滤器
官网:Apache Tomcat 10 Configuration Reference (10.0.14) - Container Provided Filters
***************
tomcat 内置过滤器
过滤器说明
AddDefaultCharsetFilter:如果响应体content-type不包含encoding设置,添加默认的encoding编码,预防xss攻击
SetCharacterEncodingFilter:设置请求的字符编码
ExpiresFilter:设置header有效期
FailedRequestFilter:失败请求过滤
HttpHeaderSecurityFilter:响应体中添加请求头,提升连接安全性
WebdavFixFilter:修复windows 80端口连接故障
CorsFilter:跨域防护过滤器
CsrfPreventionFilter:提供CSRF(跨站请求伪造)保护
RestCsrfPreventionFilter:rest接口csrf保护
RemoteAddrFilter:验证请求ip地址,根据过滤规则判断是否对请求进行处理
RemoteHostFilter:验证请求host地址,根据过滤规则判断是否对请求进行处理
RemoteCIDRFilter:比较客户端ip和网关地址,根据比较结果判断是否对请求进行处理
RemoteIpFilter:替换代理服务器的ip地址、scheme (http/https)、port、request.secure
RequestDumperFilter:请求、响应信息在日志中输出
SessionInitializerFilter:请求处理前生成session
***************
springboot 过滤器注册
*************
filter 层
CustomFilter:自定义过滤器
public class CustomFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
Enumeration<String> headers = request.getHeaderNames();
while (headers.hasMoreElements()){
String name = headers.nextElement();
System.out.println(name + " ==> " + request.getHeader(name));
}
filterChain.doFilter(servletRequest, servletResponse);
}
}
*************
config 层
WebConfig:注册自定义的过滤器
@Configuration
public class WebConfig {
@Bean
public FilterRegistrationBean<CustomFilter> registerCustomFilter(){
FilterRegistrationBean<CustomFilter> filterFilterRegistrationBean = new FilterRegistrationBean<>();
CustomFilter customFilter = new CustomFilter();
filterFilterRegistrationBean.setFilter(customFilter);
filterFilterRegistrationBean.addUrlPatterns("/hello");
return filterFilterRegistrationBean;
}
}
*************
controller 层
HelloController
@RestController
public class HelloController {
@RequestMapping("/hello")
public String hello(){
return "success";
}
}
*************
使用测试
localhost:8080/hello,控制台输出:
2021-12-21 10:44:40.775 INFO 1336 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2021-12-21 10:44:40.776 INFO 1336 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 1 ms
host ==> localhost:8080
user-agent ==> Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:95.0) Gecko/20100101 Firefox/95.0
accept ==> text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language ==> zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
accept-encoding ==> gzip, deflate
connection ==> keep-alive
upgrade-insecure-requests ==> 1
sec-fetch-dest ==> document
sec-fetch-mode ==> navigate
sec-fetch-site ==> none
sec-fetch-user ==> ?1