Spring Boot过滤器和拦截器详解
原文地址:https://www.tsanyang.top/share-detail/836252049946443776.html
最近实现一个权限控制功能,想通过拦截器进行实现,当业务一切按预期一样完成,有一个特别控制需要再拦截器对参数进行解析使用,但是发现当我们再拦截器读取了输入流,再控制器是无法获取到参数的,这个是由于输入流只能被读取一次,然后通过问题搜索了一把,看见网上通过重写HttpServletRequestWrapper实现输入流读取后,再写入回去,这样解决控制器无法获取参数问题,故在此做记录。
过滤器与拦截器到底有啥区别呢?
一、实现原理不同
过滤器的实现基于回调函数
拦截器基于Java的反射机制【动态代理】实现。
二、使用范围不同
过滤器是Servlet的规范,需要实现javax.servlet.Filter接口,Filter使用需要依赖于Tomcat等容器。
拦截器是Spring组件,定义在org.springframework.web.servlet包下,由Spring容器管理,不依赖Tomcat等容器。
在Spring Boot中使用过滤器
一、自定义过滤器
package com.example.filterinterceptor.filter;
import com.example.filterinterceptor.config.TsanHttpServletRequestWrapper;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.BufferedReader;
import java.io.IOException;
import java.util.Date;
/**
-
@Author: tsanyang
-
@ClassName: TsanFilter
-
@Description: 实现filter过滤器
-
@Date: 2021/4/25 22:07
-
@Version v1.0
-
修改人—修改日期—修改内容
*/
public class TsanFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {}
@Override
public void destroy() {}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
// 执行前开始时间
long start = new Date().getTime();
ServletRequest requestWrapper = null;
if (servletRequest instanceof HttpServletRequest) {
requestWrapper = new TsanHttpServletRequestWrapper((HttpServletRequest) servletRequest);
}
if (requestWrapper == null) {
filterChain.doFilter(servletRequest, servletResponse);
} else {
// 使用包装类让输入流可重复读取()
HttpServletRequest httpServletRequest = (HttpServletRequest) requestWrapper;
String token = httpServletRequest.getHeader(“token”);
// String a = getPostData(httpServletRequest);
// Map
// 读取流。注:只能读取一次
// String str = getPostData(request);
filterChain.doFilter(requestWrapper, servletResponse);
}
// 输出执行用了多少时间
System.out.print((new Date()).getTime() - start);
}private String getPostData(HttpServletRequest req) throws IOException {
BufferedReader bufferReaderBody = null;
try {bufferReaderBody = new BufferedReader(req.getReader()); String postData = bufferReaderBody.readLine(); return postData; } catch (IOException e) { throw e; } finally { if (bufferReaderBody != null) { bufferReaderBody.close(); } }}
}
二、配置过滤器
package com.example.filterinterceptor.config;
import com.example.filterinterceptor.filter.TsanFilter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
-
@Author: tsanyang
-
@ClassName: WebConfig
-
@Description: Servlet过滤器配置文件
-
@Date: 2021/4/25 22:15
-
@Version v1.0
-
修改人—修改日期—修改内容
*/
@Configuration
public class WebFilterConfig {@Bean
public FilterRegistrationBean tsanRegistrationBean() {
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
filterRegistrationBean.setFilter(new TsanFilter());
filterRegistrationBean.addUrlPatterns("/filter","/postFilter","/postFilterFile");
return filterRegistrationBean;
}
}
在Spring Boot中使用拦截器
一、自定义拦截器
package com.example.filterinterceptor.interceptor;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Date;
/**
-
@Author: tsanyang
-
@ClassName: TsanInterceptor
-
@Description: 自定义拦截器
-
@Date: 2021/4/25 22:40
-
@Version v1.0
-
修改人—修改日期—修改内容
*/
public class TsanInterceptor implements HandlerInterceptor {// 保障变量线程安全
ThreadLocal start = new ThreadLocal<>();@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
start.set(new Date().getTime());
return true;
}@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
System.out.print((new Date().getTime() - start.get()));
}@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {}
}
二、配置拦截器
package com.example.filterinterceptor.config;
import com.example.filterinterceptor.interceptor.TsanInterceptor;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
/**
- @Author: tsanyang
- @ClassName: InterceptorConfig
- @Description: 拦截器配置文件
- @Date: 2021/4/25 22:51
- @Version v1.0
- 修改人—修改日期—修改内容
*/
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new TsanInterceptor()).addPathPatterns("/interceptor");
}
}
三、过滤器和拦截器使用测试接口
package com.example.filterinterceptor.controller;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
import java.io.IOException;
import java.io.InputStream;
import java.util.Map;
import java.util.concurrent.TimeUnit;
/**
-
@Author: tsanyang
-
@ClassName: TsanController
-
@Description: 测试拦截器和过滤器
-
@Date: 2021/4/25 22:12
-
@Version v1.0
-
修改人—修改日期—修改内容
*/
@RestController
public class TsanController {@GetMapping("/filter")
public String getFilterHello(@RequestParam String param) throws InterruptedException {
// 休眠1分钟
TimeUnit.MINUTES.sleep(1);
return param;
}@PostMapping("/postFilterStr")
public String postFilterStr(String str) {
return str;
}@PostMapping("/postFilterMap")
public Map
return map;
}@PostMapping("/postFilterFile")
public void postFilterMap(@RequestParam(“file”) MultipartFile multipartFile) throws IOException {
String fileName = multipartFile.getName();
InputStream inputStream = multipartFile.getInputStream();
}@GetMapping("/interceptor")
public String getInterceptorHello() throws InterruptedException {
// 休眠5秒钟
TimeUnit.SECONDS.sleep(5);
return “Interceptor Hello”;
}
}
四、处理输入流可重复读取
package com.example.filterinterceptor.config;
import org.springframework.util.StreamUtils;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
/**
-
@Author: tsanyang
-
@ClassName: TsanHttpServletRequestWrapper
-
@Description: 读取流后包装
-
@Date: 2021/4/25 22:58
-
@Version v1.0
-
修改人—修改日期—修改内容
*/
public class TsanHttpServletRequestWrapper extends HttpServletRequestWrapper {
// 用于将流保存下来
private byte[] requestBody = null;public TsanHttpServletRequestWrapper(HttpServletRequest request) throws IOException {
super(request);
requestBody = StreamUtils.copyToByteArray(request.getInputStream());}
@Override
public ServletInputStream getInputStream() throws IOException {final ByteArrayInputStream bais = new ByteArrayInputStream(requestBody); return new ServletInputStream() { @Override public int read() throws IOException { return bais.read(); } @Override public boolean isFinished() { return false; } @Override public boolean isReady() { return false; } @Override public void setReadListener(ReadListener readListener) { } };}
@Override
public BufferedReader getReader() throws IOException{
return new BufferedReader(new InputStreamReader(getInputStream()));
}
}
总结
原理实现上:过滤器基于回调实现,而拦截器基于动态代理;
控制粒度上:过滤器和拦截器都能够实现对请求的拦截功能,但是在拦截的粒度上有较大的差异,拦截器对访问控制的粒度更细;
使用场景上:拦截器往往用于权限检查、日志记录等,过滤器主要用于过滤请求中无效参数,安全校验;
依赖容器上:过滤器依赖于Servlet容器,局限于web,而拦截器依赖于Spring框架,能够使用Spring框架的资源,不仅限于web;
触发时机上:过滤器在Servlet前后执行,拦截器在handler前后执行,现在大多数web应用基于Spring,拦截器更细;
流重复读取:通过重写HttpServletRequestWrapper实现,此方法不能用在文件上传上,文件上传实现思路先保存至本地,在将文件路径写入请求属性中,然后再业务中通过请求属性获取文件。