请求拦截之filter、interceptor、aop

1 场景

web程序中,对用户的请求,经常会对请求进行拦截处理,常用的处理方式如下:

  • Filter
  • Interceptor
  • AOP

本文基于SpringBoot的web程序,进行这三种拦截方式的说明。

2 区别

三种拦截方式的区别如下:

依赖Servlet容器Spring WebSpring
基于实现回调机制反射机制(AOP思想)动态代理
类别FilterInterceptorAOP
实现方式实现接口Filter实现接口HandlerInterceptor注解@Aspect
作用范围所有URL请求(可过滤)所有Controller的action
包括自己定义的和其他组件定义的
spring的bean(可过滤)
可操作数据原始Http请求信息:
ServletRequest request,
ServletResponse response
(1)Http请求信息:
HttpServletRequest request,
HttpServletResponse response,

(2)springMvc执行的方法信息:
HandlerMethod handlerMethod

(3)返回结果(执行Action方法后,不报错):
ModelAndView modelAndView

(4)异常信息(执行Action方法后):
Exception ex
请求参数
返回结果
异常信息
不可操作数据执行方法相关信息ResponseBody的返回结果http请求信息
相关方法doFilterpreHandle
postHandle
afterCompletion@
@Aspect
@Pointcut
@Before
@After
@Around
用途字符编码,
鉴权操作,
防重复提交
记录执行时间,
脱敏信息、
过滤敏感词、
多租户切换
字符编码
鉴权操作
防重复提交
异常记录
日志记录
异常记录
数据源切换
请求埋点

3 请求顺序

基于SpringBoot的web程序,Filter、Interceptor、Aop的请求顺序如下:

Filter->Interceptor->AOP->Controller

请求顺序.png

4 版本

4.1 maven依赖

Filter和Interceptor有spring-boot-starter-web依赖即可:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-web</artifactId>
    <version>2.2.9.RELEASE</version>
</dependency>

AOP依赖的aspectJ需要额外的maven依赖:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-aop</artifactId>
    <version>2.2.9.RELEASE</version>
</dependency>
4.2 测试Controller
package com.pdd.module.lanjie.controller;

import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import java.util.HashMap;
import java.util.Map;

@RestController
@RequestMapping("/my")
public class MyController {
    
    @RequestMapping("test")
    public Map<String,Object> test(String userName, String age) {
        String message = "[Controller Action]:userName=" + userName + ";age=" + age;
        System.out.println(message);
        Map<String,Object> map = new HashMap<>();
        map.put("success",true);
        map.put("message",message);
        return map;
    }
}

5 Filter代码实现

5.1 说明

(1)实现接口

实现接口:javax.servlet.Filter

(2)核心方法

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException;
5.2 定义

(1) 定义Filter

package com.pdd.module.lanjie.filter;

import javax.servlet.*;
import java.io.IOException;
import java.util.Date;

/**
 * 计算执行时间Filter
 */
public class TimerFilter implements Filter {
    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        long begin = new Date().getTime();
        System.out.println("[Filter-Time]:进入Filter");
        // 执行servlet方法(如拦截请求,不执行Servlet,可不执行此方法)
        chain.doFilter(request, response);
        long end = new Date().getTime();
        System.out.println("[Filter-Time]:结束Filter,共" + (end - begin) + "毫秒");
    }
}

(2)配置

package com.pdd.module.lanjie.filter.config;

import com.pdd.module.lanjie.filter.TimerFilter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.Arrays;

@Configuration
public class WebFilterConfig {
    @Bean
    public FilterRegistrationBean timerFilter() {
        FilterRegistrationBean registrationBean = new FilterRegistrationBean();
        // 设置:实现类
        registrationBean.setFilter(new TimerFilter());
        // 设置:UrlPatterns
        registrationBean.setUrlPatterns(Arrays.asList("/*"));
        // 设置:优先级
        registrationBean.setOrder(1);
        return registrationBean;
    }
}
5.3 测试

(1)测试请求

http://localhost:8080/my/test?userName=张三&age=23

(2)输出结果

[Filter-Time]:进入Filter
[Controller Action]:userName=张三;age=23
[Filter-Time]:结束Filter,共90毫秒
5.4 配置顺序
// 设置:优先级
registrationBean.setOrder(1);

6 HandlerInterceptor代码实现

6.1 说明

(1)实现接口

实现接口:org.springframework.web.servlet.HandlerInterceptor

(2)核心方法

// 调用Controller方法之前
boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception;

// 调用Controller方法之后(不抛出异常)
void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,@Nullable ModelAndView modelAndView) throws Exception;

// 调用Controller方法之后(无论是否抛出异常)
void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,@Nullable Exception ex) throws Exception;
6.2 定义

(1)定义Interceptor

package com.pdd.module.lanjie.interceptor;

import com.alibaba.fastjson.JSONObject;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;

/**
 * 鉴权Interceptor
 */
@Component
public class AuthInterceptor implements HandlerInterceptor {
    
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        System.out.println("[Interceptor-auth]:进入preHandle");
        if (handler instanceof HandlerMethod) {
            HandlerMethod handlerMethod = (HandlerMethod) handler;
            System.out.println("[Interceptor-auth]:访问信息=" + handlerMethod.getShortLogMessage());
            // 获取head鉴权信息
            String sign = request.getHeader("sign");
            if (!"123456".equals(sign)) {
                // 鉴权不通过
                response.setCharacterEncoding("utf-8");
                response.setContentType("application/json; charset=utf-8");
                PrintWriter writer = response.getWriter();
                JSONObject jsonObject = new JSONObject();
                jsonObject.put("success", false);
                jsonObject.put("message", "鉴权失败");
                writer.write(jsonObject.toJSONString());
                writer.flush();
                writer.close();
                System.out.println("[Interceptor-auth]:----------鉴权不通过----------");
                System.out.println("[Interceptor-auth]:结束preHandle");
                return false;
            } else {
                // 鉴权通过
                System.out.println("[Interceptor-auth]:----------鉴权通过----------");
                System.out.println("[Interceptor-auth]:结束preHandle");
                return true;
            }
        }
        System.out.println("[Interceptor-auth]:结束preHandle");
        // 返回true为通过校验,返回false为不通过校验
        return true;
    }
    
    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
        System.out.println("[Interceptor-auth]:postHandle ModelAndView=" + JSONObject.toJSONString(modelAndView));
    }
    
    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
        System.out.println("[Interceptor-auth]:afterCompletion Exception=" + JSONObject.toJSONString(ex));
    }
}

(2)配置

package com.pdd.module.lanjie.interceptor.config;

import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

import javax.annotation.Resource;

/**
 * WEB统一配置
 */
@Component
public class GlobalWebMvcConfigurer implements WebMvcConfigurer {
    
    @Resource
    private HandlerInterceptor authInterceptor;
    
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        // 可按照顺序定义多个
        registry.addInterceptor(authInterceptor).addPathPatterns("/**");
        
        // 支持定义多个PathPattern和excludePathPatterns
        //registry.addInterceptor(xxxInterceptor).addPathPatterns("/xxx","/**").excludePathPatterns("/yyy","/zzz");
    }
}
6.3 测试
6.3.1 正向测试

(1)测试请求

http://localhost:8080/my/test?userName=张三&age=23

请求head:sign=123456

(2)输出结果

  • 控制台输出
[Interceptor-auth]:进入preHandle
[Interceptor-auth]:访问信息=com.pdd.module.lanjie.controller.MyController#test[2 args]
[Interceptor-auth]:----------鉴权通过----------
[Interceptor-auth]:结束preHandle
[Controller Action]:userName=张三;age=23
[Interceptor-auth]:postHandle ModelAndView=null
[Interceptor-auth]:afterCompletion Exception=null
  • 请求结果
{
    "success": true,
    "message": "[Controller Action]:userName=张三;age=23"
}
6.3.2 逆向测试

(1)测试请求

http://localhost:8080/my/test?userName=张三&age=23

请求head:无

(2)输出结果

  • 控制台输出
[Interceptor-auth]:进入preHandle
[Interceptor-auth]:访问信息=com.pdd.module.lanjie.controller.MyController#test[2 args]
[Interceptor-auth]:----------鉴权不通过----------
[Interceptor-auth]:结束preHandle
  • 请求结果
{
    "success": false,
    "message": "鉴权失败"
}
6.4 配置顺序
public void addInterceptors(InterceptorRegistry registry) {
    // 可按照顺序定义多个
    registry.addInterceptor(xxxInterceptor).addPathPatterns(xxx);
    registry.addInterceptor(yyyInterceptor).addPathPatterns(yyy);
}

7 AOP代码实现

7.1 说明

相关注解

org.aspectj.lang.annotation.Aspect
org.aspectj.lang.annotation.Pointcut
org.aspectj.lang.annotation.Before
org.aspectj.lang.annotation.After
org.aspectj.lang.annotation.Around
7.2 定义
import com.alibaba.fastjson.JSONObject;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.*;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

@Component
@Order(1)
@Aspect
public class LogAop {
    
    @Pointcut("execution(public * com.pdd..controller..*(..))")
    public void log() {
        
    }
    
    @Before("log()")
    public void doBefore(JoinPoint joinPoint) {
        System.out.println("[AOP-log]:Before");
    }
    
    @After("log()")
    public void doAfter(JoinPoint joinPoint) {
        System.out.println("[AOP-log]:After");
    }
    
    @Around("log()")
    public Object doAround(ProceedingJoinPoint joinPoint) throws Throwable {
        System.out.println("[AOP-log]:Around-进入");
        // 请求参数
        System.out.println("[AOP-log]:Around-请求参数="+ JSONObject.toJSONString(joinPoint.getArgs()));
        
        // 执行切面方法
        Object object = joinPoint.proceed();
        
        // 执行结果
        System.out.println("[AOP-log]:Around-执行结果="+ JSONObject.toJSONString(object));
        System.out.println("[AOP-log]:Around-结束");
        return object;
    }
    
}
7.3 测试

(1)测试请求

http://localhost:8080/my/test?userName=张三&age=23

(2)后台日志

[AOP-log]:Around-进入
[AOP-log]:Around-请求参数=["张三","23"]
[AOP-log]:Before
[Controller Action]:userName=张三;age=23
[AOP-log]:After
[AOP-log]:Around-执行结果={"success":true,"message":"[Controller Action]:userName=张三;age=23"}
[AOP-log]:Around-结束

(2)请求结果

{"success":true,"message":"[Controller Action]:userName=张三;age=23"}
7.4 配置顺序

通过spring注解org.springframework.core.annotation.Order,来定义顺序。

@Component
@Order(1)
@Aspect
public class LogAop {
	//......
}

8 汇总测试

同时打开上述的Filter,Interceptor,AOP,一起来拦截请求。

(1)测试请求

http://localhost:8080/my/test?userName=张三&age=23

请求head:sign=123456

(2)输出结果

  • 控制台输出
[Filter-Time]:进入Filter
[Interceptor-auth]:进入preHandle
[Interceptor-auth]:访问信息=com.pdd.module.lanjie.controller.MyController#test[2 args]
[Interceptor-auth]----------鉴权通过----------
[Interceptor-auth]:结束preHandle
[AOP-log]:Around-进入
[AOP-log]:Around-请求参数=["张三","23"]
[AOP-log]:Before
[Controller Action]:userName=张三;age=23
[AOP-log]:After
[AOP-log]:Around-执行结果={"success":true,"message":"[Controller Action]:userName=张三;age=23"}
[AOP-log]:Around-结束
[Interceptor-auth]:postHandle ModelAndView=null
[Interceptor-auth]:afterCompletion Exception=null
[Filter-Time]:结束Filter,共326毫秒

将输出内容,进行标注,和3 请求顺序,部分讲解的一致。

1615296824839.png

  • 请求结果
{
    "success": true,
    "message": "[Controller Action]:userName=张三;age=23"
}
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值