SSM-Springboot笔记(7)- Servlet3.0和SpringBoot过滤器和拦截器
1 SpringBoot过滤器
- 什么是过滤器
filter简单理解:⼈--->检票员(filter)---> 景点 - SpringBoot2.X⾥⾯的过滤器
ApplicationContextHeaderFilter
OrderedCharacterEncodingFilter
OrderedFormContentFilter
OrderedRequestContextFilter
- 过滤器优先级
Ordered.HIGHEST_PRECEDENCE Ordered.LOWEST_PRECEDENCE
低位值意味着更⾼的优先级 Higher values are interpreted as lower priority
⾃定义Filter,避免和默认的Filter优先级⼀样,不然会冲突 - 注册Filter配置两种⽅式
bean FilterRegistrationBean
Servlet3.0 webFileter
2 使用Servlet3.0注解开发⾃定义的过滤器
- 使⽤Servlet3.0的注解进⾏配置步骤
启动类⾥⾯增加 @ServletComponentScan,进⾏扫描
新建⼀个Filter类,implements Filter,并实现对应的接⼝
@WebFilter 标记⼀个类为filter,被spring进⾏扫描
urlPatterns:拦截规则,⽀持正则
控制chain.doFilter的⽅法的调⽤,来实现是否通过放⾏
不放⾏,web应⽤resp.sendRedirect("/index.html") 或者 返回json字符串 - 使用场景
权限控制、⽤户登录状态控制,也可以交给拦截器处理等 - 示例:用户登录过滤器
2.1 新建controller同级包filter
2.2 创建登录过滤器类LoginFilter
@WebFilter(urlPatterns = "/app/v1/pri/*", filterName = "loginFilter")
public class LoginFilter implements Filter {private static final ObjectMapper objectMapper = new ObjectMapper(); // 处理对象与json的转换/*** 容器加载的时候* @param filterConfig* @throws ServletException*/@Overridepublic void init(FilterConfig filterConfig) throws ServletException {System.out.println("init LoginFilter======");}@Overridepublic void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {System.out.println("doFilter LoginFilter======");HttpServletRequest req = (HttpServletRequest) servletRequest;HttpServletResponse resp = (HttpServletResponse) servletResponse;String token = req.getHeader("token");if(StringUtils.isEmpty(token)){token = req.getParameter("token");}if(!StringUtils.isEmpty(token)){//判断token是否合法User user = UserServiceImpl.sessionMap.get(token);if(user!=null){filterChain.doFilter(servletRequest,servletResponse);} else {// 有token,但token无效RetData retData = RetData.RetError(-2,"登录失败,token无效");String jsonStr = objectMapper.writeValueAsString(retData);renderJson(resp,jsonStr);}}else {// 没有登录RetData retData = RetData.RetError(-3,"未登录");String jsonStr = objectMapper.writeValueAsString(retData);renderJson(resp,jsonStr);}}/*** 容器销毁的时候*/@Overridepublic void destroy() {System.out.println("destroy LoginFilter======");}/*** @param response* @param json*/private void renderJson(HttpServletResponse response,String json){response.setCharacterEncoding("UTF-8");response.setContentType("application/json");try(PrintWriter writer = response.getWriter()){writer.print(json);}catch (Exception e){e.printStackTrace();}}
}
2.3 测试
没有登录访问
{"code": -3,"data": null,"message": "未登录"
}
错误的token访问
{"code": -2,"data": null,"message": "登录失败,token无效"
}
登录之后使用正确的token访问
{"code": 0,"data": "下单成功!","message": "success"
}
3 使⽤ Servlet3.0的注解⾃定义原⽣Servlet
编写Servlet类继承HttpServlet
/*** 使用servlet3.0开发原生接口*/
@WebServlet(name = "userServlet", urlPatterns = "/api/v1/test/customs" )
public class UserServlet extends HttpServlet {@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {PrintWriter writer = resp.getWriter();writer.write("this is my custom servlet api");writer.flush();writer.close();}@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {super.doGet(req, resp);}
}
测试接口访问:结果正确输出
this is my custom servlet api
4 Servlet3.0的注解⾃定义原⽣Listener监听器
- 应用上下文监听器ServletContextListener
@WebListener
public class CustomContextListener implements ServletContextListener {@Overridepublic void contextInitialized(ServletContextEvent sce) {System.out.println("===========contextInitialized==============");}@Overridepublic void contextDestroyed(ServletContextEvent sce) {System.out.println("===========contextDestroyed==============");}
}
- 会话监听器HttpSessionLisener
@WebListener
public class CustomSessionListener implements HttpSessionListener {@Overridepublic void sessionCreated(HttpSessionEvent se) {System.out.println("===========sessionCreated==============");}@Overridepublic void sessionDestroyed(HttpSessionEvent se) {System.out.println("===========sessionDestroyed==============");}
}
- 请求监听器ServletRequestListener
@WebListener
public class CustomRequestListener implements ServletRequestListener {@Overridepublic void requestDestroyed(ServletRequestEvent sre) {System.out.println("===========requestDestroyed==============");}@Overridepublic void requestInitialized(ServletRequestEvent sre) {System.out.println("===========requestInitialized==============");}
}
5 SpringBoot2.X拦截器配置
拦截器的作用和用法和过滤器⽤途基本类似
SpringBoot2.x使⽤步骤:
- ⾃定义拦截器 HandlerInterceptor
preHandle:调⽤Controller某个⽅法之前
postHandle:Controller之后调⽤,视图渲染之前,如果控制器Controller出现了异常,则不会执⾏此⽅法
afterCompletion:不管有没有异常,这个afterCompletion都会被调⽤,⽤于资源清理 - 配置拦截器 implements WebMvcConfigurer
有多个拦截器的情况下,按照注册顺序进⾏拦截,先注册,先被拦截
5.1 示例演示:配置登录拦截器
- 创建controller同级包intercepter
- 创建自定义拦截器类LoginIntercepter
public class LoginIntercepter implements HandlerInterceptor {private static final ObjectMapper objectMapper = new ObjectMapper();@Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {System.out.println("========LoginIntercepter preHandle======");String token = request.getHeader("token");if(StringUtils.isEmpty(token)){token = request.getParameter("token");}if(!StringUtils.isEmpty(token)){//判断token是否合法User user = UserServiceImpl.sessionMap.get(token);if(user!=null){return true;} else {RetData retData = RetData.RetError(-2,"登录失败,token无效");String jsonStr = objectMapper.writeValueAsString(retData);renderJson(response,jsonStr);}}else {RetData retData = RetData.RetError(-3,"未登录");String jsonStr = objectMapper.writeValueAsString(retData);renderJson(response,jsonStr);}return false;}@Overridepublic void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {System.out.println("=============postHandle=============");}@Overridepublic void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {System.out.println("=============postHandle=============");}/*** 返回json数据* @param response* @param json*/private void renderJson(HttpServletResponse response,String json){response.setCharacterEncoding("UTF-8");response.setContentType("application/json");try(PrintWriter writer = response.getWriter()){writer.print(json);}catch (Exception e){e.printStackTrace();}}
}
- 配置拦截器
/*** 拦截器配置类*/
@Configuration
public class CustomMvcConfigurer implements WebMvcConfigurer {@Overridepublic void addInterceptors(InterceptorRegistry registry) {System.out.println("==========addInterceptors=============");registry.addInterceptor(getLoginInterceptor()).addPathPatterns("/app/v1/pri/**");WebMvcConfigurer.super.addInterceptors(registry);}/*** 通过bean的方式引入拦截器* @return*/@Beanpublic LoginIntercepter getLoginInterceptor(){return new LoginIntercepter();}
}
5.2 拦截器不⽣效常⻅问题:
- 是否有加@Configuration
- 拦截路径是否有问题 ** 和 *
- 拦截器最后路径⼀定要 /** 如果是⽬录的话则是 /*/
5.3 拦截器和Filter过滤器的区别
- Filter和Interceptor⼆者都是AOP编程思想的体现,功能基本都可以实现
- 拦截器功能更强⼤些,Filter能做的事情它都能做
- Filter在只在Servlet前后起作⽤,⽽Interceptor够深⼊到⽅法前后、异常抛出前后等
- filter依赖于Servlet容器即web应⽤中,⽽Interceptor不依赖于Servlet容器所以可以运⾏在
多种环境。 - 在接⼝调⽤的⽣命周期⾥,Interceptor可以被多次调⽤,⽽Filter只能在容器初始化时调⽤⼀
次。
5.4 Filter和Interceptor的执⾏顺序
- 过滤前->拦截前->action执⾏->拦截后->过滤后
5.5 如何配置不拦截某些路径?
registry.addInterceptor(new LoginIntercepter()).addPathPatterns("/api/v1/pri/**")
//配置不拦截某些路径,⽐如静态资源
.excludePathPatterns("/**/*.html","/**/*.js");
© 著作权归作者所有,转载或内容合作请联系作者
喜欢的朋友记得点赞、收藏、关注哦!!!