一、关系图理解
二、区别
1.过滤器
- 过滤器是在web应用启动的时候初始化一次, 在web应用停止的时候销毁
- 可以对请求的URL进行过滤, 对敏感词过滤
- 挡在拦截器的外层
- 实现的是 javax.servlet.Filter 接口 ,是 Servlet 规范的一部分
- 在请求进入容器后,但在进入servlet之前进行预处理,请求结束是在servlet处理完以后
- 依赖Web容器
- 会多次执行
过滤器简介
过滤器的英文名称为 Filter, 是 Servlet 技术中最实用的技术。如同它的名字一样,过滤器是处于客户端和服务器资源文件之间的一道过滤网,帮助我们过滤掉一些不符合要求的请求,通常用作 Session 校验,判断用户权限,如果不符合设定条件,则会被拦截到特殊的地址或者基于特殊的响应。
过滤器的使用
首先需要实现 Filter接口然后重写它的三个方法
•init 方法:在容器中创建当前过滤器的时候自动调用
•destory 方法:在容器中销毁当前过滤器的时候自动调用
•doFilter 方法:过滤的具体操作
1.1HttpServletRequestWrapper
在请求到达之前对 request 进行修改
package com.dingwen.lir.filter;
import lombok.extern.slf4j.Slf4j;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.util.Arrays;
@Slf4j
public class RequestWrapper extends HttpServletRequestWrapper {
public RequestWrapper(HttpServletRequest request) {
super(request);
log.info("RequestWrapper");
}
@Override
public String getParameter(String name) {
// 可以对请求参数进行过滤
return super.getParameter(name);
}
@Override
public String[] getParameterValues(String name) {
// 对请求参数值进行过滤
// String[] values =super.getRequest().getParameterValues(name);
// return super.getParameterValues(name);
return "t e s t".split(" ");
}
}1.2 OncePerRequestFilter
OncePerRequestFilter,顾名思义,它能够确保在一次请求中只通过一次filter
package com.dingwen.lir.filter;
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Arrays;
@Slf4j
public class RequestFilter extends OncePerRequestFilter {
@Override
public void destroy() {
super.destroy();
log.info("RequestFilter destroy");
}
@Override
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
try {
RequestWrapper requestWrapper = new RequestWrapper(httpServletRequest);
filterChain.doFilter(requestWrapper, httpServletResponse);
log.info("RequestFilter");
log.info(Arrays.toString(requestWrapper.getParameterValues("name")));
} catch (Exception exception) {
httpServletResponse.setCharacterEncoding("utf-8");
httpServletResponse.setContentType("application/json; charset=utf-8");
PrintWriter writer = httpServletResponse.getWriter();
writer.write(exception.toString());
}
}
}1.3 配置
package com.dingwen.lir.configuration;
import com.dingwen.lir.filter.RequestFilter;
import com.dingwen.lir.filter.RequestWrapper;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import javax.servlet.Filter;
@Configuration
public class FilterConfig {
@Bean
public RequestFilter requestFilter(){
return new RequestFilter();
}
@Bean
public FilterRegistrationBean<RequestFilter> registrationBean() {
FilterRegistrationBean<RequestFilter> registrationBean = new FilterRegistrationBean<>();
registrationBean.setFilter(requestFilter());
registrationBean.addUrlPatterns("/filter
@Component
public class PageInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
User user = (User)request.getSession().getAttribute("user");
if (!ObjectUtils.isEmpty(user)) {
return true;
} else {
// 不管是转发还是重定向,必须返回false。否则出现多次提交响应的错误
redirect(request, response);
return false;
}
}
public void redirect(HttpServletRequest request, HttpServletResponse response) throws IOException {
if("XMLHttpRequest".equals(request.getHeader("X-Requested-With"))){// ajax
//获取当前请求的路径
response.setHeader("Access-Control-Expose-Headers", "REDIRECT,CONTENT_PATH");
//告诉ajax我是重定向
response.setHeader("REDIRECT", "REDIRECT");
//告诉ajax我重定向的路径
StringBuffer url = request.getRequestURL();
String contextPath = request.getContextPath();
response.setHeader("CONTENT_PATH", url.replace(url.indexOf(contextPath) + contextPath.length(), url.length(), "/").toString());
}else{// http
response.sendRedirect( "/page/login");
}
response.getWriter().write(403);
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
}
}2.2配置
package com.dingwen.lir.configuration;
import com.dingwen.lir.interceptor.PageInterceptor;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class MyWebMvcConfigurer implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
// 拦截器默认的执行顺序,就是它的注册顺序,也可以通过Order手动设置控制,值越小越先执行。
// registry.addInterceptor(new PageInterceptor()).addPathPatterns("
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/page/ajax").setViewName("ajax");
}
// @Override
// public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/static
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new PageInterceptor()).addPathPatterns("/**")
.excludePathPatterns("/page/login", "/user/login","/page/ajax","/static/**");
}SpringBoot2.x 自定义静态资源映射
spring:
mvc:
static-path-pattern: /static/**默认目录
classpath:/META-INF/resources
classpath:/resources
classpath:/static
classpath:/public
优先级:META-INF/resources > resources > static > public
2.登录拦截ajax重定向
由于ajax是异步的,还在当前页面进行的局部请求。当拦截到登录请求时,即使重定向也无法生效。需采用服务端给地址由前端进行跳转。详细见登录拦截器代码。
// 前端处理
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>AJAX</title>
<script src="https://code.jquery.com/jquery-3.0.0.min.js"></script>
</head>
<body>
<button>USER</button>
</body>
</html>
<script>
$.ajaxSetup({
complete:function(xhr,status){
//拦截器实现超时跳转到登录页面
let win = window;
// 通过xhr取得响应头
let REDIRECT = xhr.getResponseHeader("REDIRECT");
//如果响应头中包含 REDIRECT 则说明是拦截器返回的需要重定向的请求
if (REDIRECT === "REDIRECT")
{
while (win !== win.top)
{
win = win.top;
}
win.location.href = xhr.getResponseHeader("CONTEXTPATH");
}
}
});
$("button").click(function(){
$.get("/page/user", function(result){
$("div").html(result);
});
});
</script>四、测试
代码地址:https://gitee.com/dingwen-gitee/filter-interceptor-study.git
1.拦截器测试
1.1启动项目访问首页
http://localhost:8080/page/index
由于没有登录,直接重定向到了登录页
1.2输入用户名密码完成登录,调转到用户页
此时在访问首页
1.2 退出登录
成功退出后,访问为授权的页面也相对会被重定向到登录页
1.3 ajax未授权访问测试
点击访问user ,由于未登录,没有全权访问。在前端进行了页面跳转,转到了登录页。
2.过滤器测试
可以看到过滤器进行了相对应的处理,重写的getParameterValues()也生效了。配合使用HttpServletRequestWrapper & OncePerRequestFilter 实现了对request的修改。
到此这篇关于SpringBoot 过滤器、拦截器、监听器对比及使用场景分析的文章就介绍到这了,更多相关SpringBoot 过滤器、拦截器、监听器内容请搜索编程网以前的文章或继续浏览下面的相关文章希望大家以后多多支持编程网!
