SSM-Springboot笔记(7)- Servlet3.0和SpringBoot过滤器和拦截器

1 SpringBoot过滤器

  • 什么是过滤器
    filter简单理解:⼈--->检票员(filter)---> 景点
  • SpringBoot2.X⾥⾯的过滤器
ApplicationContextHeaderFilter
OrderedCharacterEncodingFilter
OrderedFormContentFilter
OrderedRequestContextFilter
  • 过滤器优先级
    Ordered.HIGHEST_PRECEDENCE Ordered.LOWEST_PRECEDENCE
    低位值意味着更⾼的优先级 Higher values are interpreted as lower priority
    ⾃定义Filter,避免和默认的Filter优先级⼀样,不然会冲突
  • 注册Filter配置两种⽅式
bean FilterRegistrationBean
Servlet3.0 webFileter

2 使用Servlet3.0注解开发⾃定义的过滤器

  • 使⽤Servlet3.0的注解进⾏配置步骤
    启动类⾥⾯增加 @ServletComponentScan,进⾏扫描
    新建⼀个Filter类,implements Filter,并实现对应的接⼝
    @WebFilter 标记⼀个类为filter,被spring进⾏扫描
    urlPatterns:拦截规则,⽀持正则
    控制chain.doFilter的⽅法的调⽤,来实现是否通过放⾏
    不放⾏,web应⽤resp.sendRedirect("/index.html") 或者 返回json字符串
  • 使用场景
    权限控制、⽤户登录状态控制,也可以交给拦截器处理等
  • 示例:用户登录过滤器

2.1 新建controller同级包filter

2.2 创建登录过滤器类LoginFilter

@WebFilter(urlPatterns = "/app/v1/pri/*", filterName = "loginFilter")
public class LoginFilter implements Filter {

    private static final ObjectMapper objectMapper = new ObjectMapper();  // 处理对象与json的转换

    /**
     * 容器加载的时候
     * @param filterConfig
     * @throws ServletException
     */
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

        System.out.println("init LoginFilter======");
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {

        System.out.println("doFilter LoginFilter======");

        HttpServletRequest req = (HttpServletRequest) servletRequest;
        HttpServletResponse resp = (HttpServletResponse) servletResponse;

        String token = req.getHeader("token");
        if(StringUtils.isEmpty(token)){
            token = req.getParameter("token");
        }

        if(!StringUtils.isEmpty(token)){
            //判断token是否合法
            User user = UserServiceImpl.sessionMap.get(token);
            if(user!=null){
                filterChain.doFilter(servletRequest,servletResponse);
            } else {
                // 有token,但token无效
                RetData retData =  RetData.RetError(-2,"登录失败,token无效");
                String jsonStr = objectMapper.writeValueAsString(retData);
                renderJson(resp,jsonStr);
            }
        }else {
            // 没有登录
            RetData retData =  RetData.RetError(-3,"未登录");
            String jsonStr = objectMapper.writeValueAsString(retData);
            renderJson(resp,jsonStr);
        }
    }

    /**
     * 容器销毁的时候
     */
    @Override
    public void destroy() {

        System.out.println("destroy LoginFilter======");

    }

    /**
     * @param response
     * @param json
     */
    private void renderJson(HttpServletResponse response,String json){

        response.setCharacterEncoding("UTF-8");
        response.setContentType("application/json");

        try(PrintWriter writer = response.getWriter()){
            writer.print(json);
        }catch (Exception e){
            e.printStackTrace();
        }
    }
}

2.3 测试

没有登录访问

{
    "code": -3,
    "data": null,
    "message": "未登录"
}

错误的token访问

{
    "code": -2,
    "data": null,
    "message": "登录失败,token无效"
}

登录之后使用正确的token访问

{
    "code": 0,
    "data": "下单成功!",
    "message": "success"
}

3 使⽤ Servlet3.0的注解⾃定义原⽣Servlet

编写Servlet类继承HttpServlet

/**
 * 使用servlet3.0开发原生接口
 */
@WebServlet(name = "userServlet", urlPatterns = "/api/v1/test/customs" )
public class UserServlet extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        PrintWriter writer = resp.getWriter();
        writer.write("this is my custom servlet api");
        writer.flush();
        writer.close();
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        super.doGet(req, resp);
    }
}

测试接口访问:结果正确输出

this is my custom servlet api

4 Servlet3.0的注解⾃定义原⽣Listener监听器

  • 应用上下文监听器ServletContextListener
@WebListener
public class CustomContextListener implements ServletContextListener {
    @Override
    public void contextInitialized(ServletContextEvent sce) {
        System.out.println("===========contextInitialized==============");
    }

    @Override
    public void contextDestroyed(ServletContextEvent sce) {
        System.out.println("===========contextDestroyed==============");
    }
}
  • 会话监听器HttpSessionLisener
@WebListener
public class CustomSessionListener implements HttpSessionListener {
    @Override
    public void sessionCreated(HttpSessionEvent se) {
        System.out.println("===========sessionCreated==============");
    }

    @Override
    public void sessionDestroyed(HttpSessionEvent se) {
        System.out.println("===========sessionDestroyed==============");
    }
}
  • 请求监听器ServletRequestListener
@WebListener
public class CustomRequestListener implements ServletRequestListener {

    @Override
    public void requestDestroyed(ServletRequestEvent sre) {
        System.out.println("===========requestDestroyed==============");
    }

    @Override
    public void requestInitialized(ServletRequestEvent sre) {
        System.out.println("===========requestInitialized==============");
    }
}

5 SpringBoot2.X拦截器配置

拦截器的作用和用法和过滤器⽤途基本类似
SpringBoot2.x使⽤步骤:

  • ⾃定义拦截器 HandlerInterceptor
    preHandle:调⽤Controller某个⽅法之前
    postHandle:Controller之后调⽤,视图渲染之前,如果控制器Controller出现了异常,则不会执⾏此⽅法
    afterCompletion:不管有没有异常,这个afterCompletion都会被调⽤,⽤于资源清理
  • 配置拦截器 implements WebMvcConfigurer
    有多个拦截器的情况下,按照注册顺序进⾏拦截,先注册,先被拦截

5.1 示例演示:配置登录拦截器

  • 创建controller同级包intercepter
  • 创建自定义拦截器类LoginIntercepter
public class LoginIntercepter implements HandlerInterceptor {

    private static final ObjectMapper objectMapper = new ObjectMapper();

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

        System.out.println("========LoginIntercepter preHandle======");

        String token = request.getHeader("token");
        if(StringUtils.isEmpty(token)){
            token = request.getParameter("token");
        }

        if(!StringUtils.isEmpty(token)){

            //判断token是否合法
            User user = UserServiceImpl.sessionMap.get(token);
            if(user!=null){
                return true;
            } else {
                RetData retData =  RetData.RetError(-2,"登录失败,token无效");
                String jsonStr = objectMapper.writeValueAsString(retData);
                renderJson(response,jsonStr);
            }

        }else {
            RetData retData =  RetData.RetError(-3,"未登录");
            String jsonStr = objectMapper.writeValueAsString(retData);
            renderJson(response,jsonStr);
        }

        return false;
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
        System.out.println("=============postHandle=============");
    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
        System.out.println("=============postHandle=============");
    }

    /**
     * 返回json数据
     * @param response
     * @param json
     */
    private void renderJson(HttpServletResponse response,String json){

        response.setCharacterEncoding("UTF-8");
        response.setContentType("application/json");

        try(PrintWriter writer = response.getWriter()){
            writer.print(json);
        }catch (Exception e){
            e.printStackTrace();
        }

    }
}
  • 配置拦截器
/**
 * 拦截器配置类
 */
@Configuration
public class CustomMvcConfigurer implements WebMvcConfigurer {
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        System.out.println("==========addInterceptors=============");
        registry.addInterceptor(getLoginInterceptor()).addPathPatterns("/app/v1/pri/**");
        WebMvcConfigurer.super.addInterceptors(registry);
    }

    /**
     * 通过bean的方式引入拦截器
     * @return
     */
    @Bean
    public LoginIntercepter getLoginInterceptor(){
        return new LoginIntercepter();
    }
}

5.2 拦截器不⽣效常⻅问题:

  • 是否有加@Configuration
  • 拦截路径是否有问题 ** 和 *
  • 拦截器最后路径⼀定要 /** 如果是⽬录的话则是 /*/

5.3 拦截器和Filter过滤器的区别

  • Filter和Interceptor⼆者都是AOP编程思想的体现,功能基本都可以实现
  • 拦截器功能更强⼤些,Filter能做的事情它都能做
  • Filter在只在Servlet前后起作⽤,⽽Interceptor够深⼊到⽅法前后、异常抛出前后等
  • filter依赖于Servlet容器即web应⽤中,⽽Interceptor不依赖于Servlet容器所以可以运⾏在
    多种环境。
  • 在接⼝调⽤的⽣命周期⾥,Interceptor可以被多次调⽤,⽽Filter只能在容器初始化时调⽤⼀
    次。

5.4 Filter和Interceptor的执⾏顺序

  • 过滤前->拦截前->action执⾏->拦截后->过滤后

5.5 如何配置不拦截某些路径?

registry.addInterceptor(new LoginIntercepter()).addPathPatterns("/api/v1/pri/**")
//配置不拦截某些路径,⽐如静态资源
.excludePathPatterns("/**/*.html","/**/*.js");

你可能感兴趣的:(SSM-Springboot笔记(7)- Servlet3.0和SpringBoot过滤器和拦截器)