spring boot-使用Filter实现Header认证
前言
假设客户端在http请求中,已经加入了Header的认证信息,例如:
HttpPost post = new HttpPost("http://localhost:8990/sendMail");
StringEntity entity = new StringEntity(json, "utf-8");
entity.setContentType("application/json");
post.setEntity(entity);
// 设置验证头信息
post.addHeader("token", "WEFGYHJIKLTY4RE6DF29HNBCFD13ER87");一、实现自定义Filter
1、实现Filter接口
我们要自定义Filter,只需实现Filter接口即可
2、覆写doFilter方法
根据业务逻辑,来覆写doFilter方法
示例如下:
@Slf4j
@Component
@WebFilter(urlPatterns={"/sendMail/*"}, filterName="tokenAuthorFilter")
public class TokenAuthorFilter implements Filter {
@Autowired
private AuthorizationRepository repository;
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest)request;
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
String token = req.getHeader("token");
Response res = new Response();
boolean isFilter = false;
if (null == token || token.isEmpty()) {
res.setSuccess(false);
res.setErrorCode("403");
res.setErrorMessage("token没有认证通过!原因为:客户端请求参数中无token信息");
} else {
Authorization auth = repository.findByToken(token);
if (null == auth) {
res.setSuccess(false);
res.setErrorCode("403");
res.setErrorMessage("token没有认证通过!原因为:客户端请求中认证的token信息无效,请查看申请流程中的正确token信息");
}else if((auth.getStatus() == 0)){
res.setSuccess(false);
res.setErrorCode("401");
res.setErrorMessage("该token目前已处于停用状态,请联系邮件系统管理员确认!");
}else{
isFilter = true;
res.setSuccess(true);
}
}
if(!res.isSuccess()){
PrintWriter writer = null;
OutputStreamWriter osw = null;
try {
osw = new OutputStreamWriter(response.getOutputStream() , "UTF-8");
writer = new PrintWriter(osw, true);
String jsonStr = ObjectMapperInstance.getInstance().writeValueAsString(res);
writer.write(jsonStr);
writer.flush();
writer.close();
osw.close();
} catch (UnsupportedEncodingException e) {
log.error("过滤器返回信息失败:" + e.getMessage(), e);
} catch (IOException e) {
log.error("过滤器返回信息失败:" + e.getMessage(), e);
} finally {
if (null != writer) {
writer.close();
}
if(null != osw){
osw.close();
}
}
return;
}
if(isFilter){
log.info("token filter过滤ok!");
chain.doFilter(request, response);
}
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}通过上面的几步,就实现了一个自定义的Filter。
3、注册Filter
接下来,需要注册这个过滤器,spring boot提供了以下两种注册方式。
3.1 是用注解注册
在Filter上添加如下注解即可
@Slf4j
@Component
@WebFilter(urlPatterns={"/sendMail/*"}, filterName="tokenAuthorFilter")
public class TokenAuthorFilter implements Filter {@WebFilter注解的作用就是用来注册Filter,通过这种方式注册的Filter,需要在启动类上加上@ServletComponentScan注解才能生效,如下:
@ServletComponentScan
public class MailserviceApplication {
public static void main(String[] args) {
SpringApplication.run(MailserviceApplication.class, args);
}
}3.2 手动配置Filter
@Configuration
@Component
public class FilterConfig {
@Autowired
private TokenAuthorFilter filter;
@Bean
public FilterRegistrationBean filterRegistrationBean() {
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(filter);
List urlPatterns = new ArrayList();
urlPatterns.add("/sendMail/*");// 设置匹配的url
registrationBean.setUrlPatterns(urlPatterns);
return registrationBean;
}
} 上面两种方式虽然使用上有些不一样,但是本质都是一样的,都会调用FilterRegistrationBean来进行注册。
二、spring boot内置的Filter
为了方便我们的开发,spring boot内置了许多有用的Filter,我们可以根据业务的需求,选择适合业务的Filter。
三、拓展
通过前面的N篇博客,我们会发现spring boot处理Servlet,Listener,Filter的思路大致都是一样,对应的注解分别为@WebServlet 、@WebListener、@WebFilter,对应的注册Bean分别为ServletRegistrationBean,ServletListenerRegistrationBean,FilterRegistrationBean