spring boot 过滤器_拦截器和过滤器的区别面试
大家好,又见面了,我是你们的朋友全栈君。
原文地址:https://www.tsanyang.top/share-detail/836252049946443776.html
最近实现一个权限控制功能,想通过拦截器进行实现,当业务一切按预期一样完成,有一个特别控制需要再拦截器对参数进行解析使用,但是发现当我们再拦截器读取了输入流,再控制器是无法获取到参数的,这个是由于输入流只能被读取一次,然后通过问题搜索了一把,看见网上通过重写HttpServletRequestWrapper实现输入流读取后,再写入回去,这样解决控制器无法获取参数问题,故在此做记录。
过滤器与拦截器到底有啥区别呢? 一、实现原理不同
过滤器的实现基于回调函数
拦截器基于Java的反射机制【动态代理】实现。
二、使用范围不同
过滤器是Servlet的规范,需要实现javax.servlet.Filter接口,Filter使用需要依赖于Tomcat等容器。
拦截器是Spring组件,定义在org.springframework.web.servlet包下,由Spring容器管理,不依赖Tomcat等容器。
在Spring Boot中使用过滤器 一、自定义过滤器
package com.example.filterinterceptor.filter;
import com.example.filterinterceptor.config.TsanHttpServletRequestWrapper;
import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import java.io.BufferedReader; import java.io.IOException; import java.util.Date;
/**
@Author: tsanyang
@ClassName: TsanFilter
@Description: 实现filter过滤器
@Date: 2021/4/25 22:07
@Version v1.0
修改人—修改日期—修改内容 */ public class TsanFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException {
}
@Override public void destroy() {
}
@Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { // 执行前开始时间 long start = new Date().getTime(); ServletRequest requestWrapper = null; if (servletRequest instanceof HttpServletRequest) { requestWrapper = new TsanHttpServletRequestWrapper((HttpServletRequest) servletRequest); } if (requestWrapper == null) { filterChain.doFilter(servletRequest, servletResponse); } else { // 使用包装类让输入流可重复读取() HttpServletRequest httpServletRequest = (HttpServletRequest) requestWrapper; String token = httpServletRequest.getHeader(“token”); // String a = getPostData(httpServletRequest); // Map<String, String[]> map = request.getParameterMap(); // 读取流。注:只能读取一次 // String str = getPostData(request); filterChain.doFilter(requestWrapper, servletResponse); } // 输出执行用了多少时间 System.out.print((new Date()).getTime() – start); }
private String getPostData(HttpServletRequest req) throws IOException { BufferedReader bufferReaderBody = null; try {
bufferReaderBody = new BufferedReader(req.getReader());
String postData = bufferReaderBody.readLine();
return postData;
} catch (IOException e) {
throw e;
} finally {
if (bufferReaderBody != null) {
bufferReaderBody.close();
}
}} } 二、配置过滤器
package com.example.filterinterceptor.config;
import com.example.filterinterceptor.filter.TsanFilter; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration;
/**
- @Author: tsanyang
- @ClassName: WebConfig
- @Description: Servlet过滤器配置文件
- @Date: 2021/4/25 22:15
- @Version v1.0
- 修改人—修改日期—修改内容 */ @Configuration public class WebFilterConfig { @Bean public FilterRegistrationBean tsanRegistrationBean() { FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(); filterRegistrationBean.setFilter(new TsanFilter()); filterRegistrationBean.addUrlPatterns(“/filter”,”/postFilter”,”/postFilterFile”); return filterRegistrationBean; }
} 在Spring Boot中使用拦截器 一、自定义拦截器
package com.example.filterinterceptor.interceptor;
import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.Date;
/**
- @Author: tsanyang
- @ClassName: TsanInterceptor
- @Description: 自定义拦截器
- @Date: 2021/4/25 22:40
- @Version v1.0
- 修改人—修改日期—修改内容 */ public class TsanInterceptor implements HandlerInterceptor { // 保障变量线程安全 ThreadLocal start = new ThreadLocal<>(); @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { start.set(new Date().getTime()); return true; } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { System.out.print((new Date().getTime() – start.get())); } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { } } 二、配置拦截器
package com.example.filterinterceptor.config;
import com.example.filterinterceptor.interceptor.TsanInterceptor; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
/**
- @Author: tsanyang
- @ClassName: InterceptorConfig
- @Description: 拦截器配置文件
- @Date: 2021/4/25 22:51
- @Version v1.0
- 修改人—修改日期—修改内容 */ @Configuration public class InterceptorConfig implements WebMvcConfigurer { @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(new TsanInterceptor()).addPathPatterns(“/interceptor”); } } 三、过滤器和拦截器使用测试接口
package com.example.filterinterceptor.controller;
import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile;
import java.io.IOException; import java.io.InputStream; import java.util.Map; import java.util.concurrent.TimeUnit;
/**
- @Author: tsanyang
- @ClassName: TsanController
- @Description: 测试拦截器和过滤器
- @Date: 2021/4/25 22:12
- @Version v1.0
- 修改人—修改日期—修改内容 */ @RestController public class TsanController { @GetMapping(“/filter”) public String getFilterHello(@RequestParam String param) throws InterruptedException { // 休眠1分钟 TimeUnit.MINUTES.sleep(1); return param; } @PostMapping(“/postFilterStr”) public String postFilterStr(String str) { return str; } @PostMapping(“/postFilterMap”) public Map<String, String> postFilterMap(@RequestBody Map<String, String> map) { return map; } @PostMapping(“/postFilterFile”) public void postFilterMap(@RequestParam(“file”) MultipartFile multipartFile) throws IOException { String fileName = multipartFile.getName(); InputStream inputStream = multipartFile.getInputStream(); } @GetMapping(“/interceptor”) public String getInterceptorHello() throws InterruptedException { // 休眠5秒钟 TimeUnit.SECONDS.sleep(5); return “Interceptor Hello”; }
} 四、处理输入流可重复读取
package com.example.filterinterceptor.config;
import org.springframework.util.StreamUtils;
import javax.servlet.ReadListener; import javax.servlet.ServletInputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; import java.io.BufferedReader; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStreamReader;
/**
@Author: tsanyang
@ClassName: TsanHttpServletRequestWrapper
@Description: 读取流后包装
@Date: 2021/4/25 22:58
@Version v1.0
修改人—修改日期—修改内容 */ public class TsanHttpServletRequestWrapper extends HttpServletRequestWrapper { // 用于将流保存下来 private byte[] requestBody = null;
public TsanHttpServletRequestWrapper(HttpServletRequest request) throws IOException { super(request); requestBody = StreamUtils.copyToByteArray(request.getInputStream());
}
@Override public ServletInputStream getInputStream() throws IOException {
final ByteArrayInputStream bais = new ByteArrayInputStream(requestBody);
return new ServletInputStream() {
@Override
public int read() throws IOException {
return bais.read();
}
@Override
public boolean isFinished() {
return false;
}
@Override
public boolean isReady() {
return false;
}
@Override
public void setReadListener(ReadListener readListener) {
}
};}
@Override public BufferedReader getReader() throws IOException{ return new BufferedReader(new InputStreamReader(getInputStream())); } }
总结
原理实现上:过滤器基于回调实现,而拦截器基于动态代理;
控制粒度上:过滤器和拦截器都能够实现对请求的拦截功能,但是在拦截的粒度上有较大的差异,拦截器对访问控制的粒度更细;
使用场景上:拦截器往往用于权限检查、日志记录等,过滤器主要用于过滤请求中无效参数,安全校验;
依赖容器上:过滤器依赖于Servlet容器,局限于web,而拦截器依赖于Spring框架,能够使用Spring框架的资源,不仅限于web;
触发时机上:过滤器在Servlet前后执行,拦截器在handler前后执行,现在大多数web应用基于Spring,拦截器更细;
流重复读取:通过重写HttpServletRequestWrapper实现,此方法不能用在文件上传上,文件上传实现思路先保存至本地,在将文件路径写入请求属性中,然后再业务中通过请求属性获取文件。
发布者:全栈程序员栈长,转载请注明出处:https://javaforall.cn/172385.html原文链接:https://javaforall.cn
腾讯云开发者
