1 場(chǎng)景
web程序中,對(duì)用戶的請(qǐng)求
濒旦,經(jīng)常會(huì)對(duì)請(qǐng)求進(jìn)行攔截
處理株旷,常用的處理方式如下:
- Filter
- Interceptor
- AOP
本文基于SpringBoot的web程序
,進(jìn)行這三種攔截方式的說明尔邓。
2 區(qū)別
三種攔截方式的區(qū)別
如下:
依賴 | Servlet容器 | Spring Web | Spring |
---|---|---|---|
基于實(shí)現(xiàn) | 回調(diào)機(jī)制 | 反射機(jī)制(AOP思想) | 動(dòng)態(tài)代理 |
類別 | Filter | Interceptor | AOP |
實(shí)現(xiàn)方式 | 實(shí)現(xiàn)接口Filter | 實(shí)現(xiàn)接口HandlerInterceptor | 注解@Aspect |
作用范圍 | 所有URL請(qǐng)求(可過濾) | 所有Controller的action 包括自己定義的和其他組件定義的 |
spring的bean(可過濾) |
可操作數(shù)據(jù) | 原始Http請(qǐng)求信息: ServletRequest request, ServletResponse response |
(1)Http請(qǐng)求信息: HttpServletRequest request, HttpServletResponse response, (2)springMvc執(zhí)行的方法信息: HandlerMethod handlerMethod (3)返回結(jié)果(執(zhí)行Action方法后晾剖,不報(bào)錯(cuò)): ModelAndView modelAndView (4)異常信息(執(zhí)行Action方法后): Exception ex |
請(qǐng)求參數(shù) 返回結(jié)果 異常信息 |
不可操作數(shù)據(jù) | 執(zhí)行方法相關(guān)信息 | ResponseBody的返回結(jié)果 | http請(qǐng)求信息 |
相關(guān)方法 | doFilter | preHandle postHandle afterCompletion@ |
@Aspect @Pointcut @Before @After @Around |
用途 | 字符編碼, 鑒權(quán)操作梯嗽, 防重復(fù)提交 記錄執(zhí)行時(shí)間齿尽, 脫敏信息、 過濾敏感詞灯节、 多租戶切換 ...... |
字符編碼 鑒權(quán)操作 防重復(fù)提交 異常記錄 ...... |
日志記錄 異常記錄 數(shù)據(jù)源切換 請(qǐng)求埋點(diǎn) ...... |
3 請(qǐng)求順序
基于SpringBoot的web程序循头,F(xiàn)ilter、Interceptor炎疆、Aop的請(qǐng)求順序如下:
Filter->Interceptor->AOP->Controller
4 版本
4.1 maven依賴
Filter和Interceptor有spring-boot-starter-web依賴即可:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>2.2.9.RELEASE</version>
</dependency>
AOP依賴的aspectJ需要額外的maven依賴:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-aop</artifactId>
<version>2.2.9.RELEASE</version>
</dependency>
4.2 測(cè)試Controller
package com.pdd.module.lanjie.controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import java.util.HashMap;
import java.util.Map;
@RestController
@RequestMapping("/my")
public class MyController {
@RequestMapping("test")
public Map<String,Object> test(String userName, String age) {
String message = "[Controller Action]:userName=" + userName + "卡骂;age=" + age;
System.out.println(message);
Map<String,Object> map = new HashMap<>();
map.put("success",true);
map.put("message",message);
return map;
}
}
5 Filter代碼實(shí)現(xiàn)
5.1 說明
(1)實(shí)現(xiàn)接口
實(shí)現(xiàn)接口:javax.servlet.Filter
(2)核心方法
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException;
5.2 定義
(1) 定義Filter
package com.pdd.module.lanjie.filter;
import javax.servlet.*;
import java.io.IOException;
import java.util.Date;
/**
* 計(jì)算執(zhí)行時(shí)間Filter
*/
public class TimerFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
long begin = new Date().getTime();
System.out.println("[Filter-Time]:進(jìn)入Filter");
// 執(zhí)行servlet方法(如攔截請(qǐng)求,不執(zhí)行Servlet磷雇,可不執(zhí)行此方法)
chain.doFilter(request, response);
long end = new Date().getTime();
System.out.println("[Filter-Time]:結(jié)束Filter偿警,共" + (end - begin) + "毫秒");
}
}
(2)配置
package com.pdd.module.lanjie.filter.config;
import com.pdd.module.lanjie.filter.TimerFilter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.Arrays;
@Configuration
public class WebFilterConfig {
@Bean
public FilterRegistrationBean timerFilter() {
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
// 設(shè)置:實(shí)現(xiàn)類
registrationBean.setFilter(new TimerFilter());
// 設(shè)置:UrlPatterns
registrationBean.setUrlPatterns(Arrays.asList("/*"));
// 設(shè)置:優(yōu)先級(jí)
registrationBean.setOrder(1);
return registrationBean;
}
}
5.3 測(cè)試
(1)測(cè)試請(qǐng)求
http://localhost:8080/my/test?userName=張三&age=23
(2)輸出結(jié)果
[Filter-Time]:進(jìn)入Filter
[Controller Action]:userName=張三;age=23
[Filter-Time]:結(jié)束Filter唯笙,共90毫秒
5.4 配置順序
// 設(shè)置:優(yōu)先級(jí)
registrationBean.setOrder(1);
6 HandlerInterceptor代碼實(shí)現(xiàn)
6.1 說明
(1)實(shí)現(xiàn)接口
實(shí)現(xiàn)接口:org.springframework.web.servlet.HandlerInterceptor
(2)核心方法
// 調(diào)用Controller方法之前
boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception;
// 調(diào)用Controller方法之后(不拋出異常)
void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,@Nullable ModelAndView modelAndView) throws Exception;
// 調(diào)用Controller方法之后(無論是否拋出異常)
void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,@Nullable Exception ex) throws Exception;
6.2 定義
(1)定義Interceptor
package com.pdd.module.lanjie.interceptor;
import com.alibaba.fastjson.JSONObject;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;
/**
* 鑒權(quán)Interceptor
*/
@Component
public class AuthInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
System.out.println("[Interceptor-auth]:進(jìn)入preHandle");
if (handler instanceof HandlerMethod) {
HandlerMethod handlerMethod = (HandlerMethod) handler;
System.out.println("[Interceptor-auth]:訪問信息=" + handlerMethod.getShortLogMessage());
// 獲取head鑒權(quán)信息
String sign = request.getHeader("sign");
if (!"123456".equals(sign)) {
// 鑒權(quán)不通過
response.setCharacterEncoding("utf-8");
response.setContentType("application/json; charset=utf-8");
PrintWriter writer = response.getWriter();
JSONObject jsonObject = new JSONObject();
jsonObject.put("success", false);
jsonObject.put("message", "鑒權(quán)失敗");
writer.write(jsonObject.toJSONString());
writer.flush();
writer.close();
System.out.println("[Interceptor-auth]:----------鑒權(quán)不通過----------");
System.out.println("[Interceptor-auth]:結(jié)束preHandle");
return false;
} else {
// 鑒權(quán)通過
System.out.println("[Interceptor-auth]:----------鑒權(quán)通過----------");
System.out.println("[Interceptor-auth]:結(jié)束preHandle");
return true;
}
}
System.out.println("[Interceptor-auth]:結(jié)束preHandle");
// 返回true為通過校驗(yàn)螟蒸,返回false為不通過校驗(yàn)
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
System.out.println("[Interceptor-auth]:postHandle ModelAndView=" + JSONObject.toJSONString(modelAndView));
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
System.out.println("[Interceptor-auth]:afterCompletion Exception=" + JSONObject.toJSONString(ex));
}
}
(2)配置
package com.pdd.module.lanjie.interceptor.config;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import javax.annotation.Resource;
/**
* WEB統(tǒng)一配置
*/
@Component
public class GlobalWebMvcConfigurer implements WebMvcConfigurer {
@Resource
private HandlerInterceptor authInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
// 可按照順序定義多個(gè)
registry.addInterceptor(authInterceptor).addPathPatterns("/**");
// 支持定義多個(gè)PathPattern和excludePathPatterns
//registry.addInterceptor(xxxInterceptor).addPathPatterns("/xxx","/**").excludePathPatterns("/yyy","/zzz");
}
}
6.3 測(cè)試
6.3.1 正向測(cè)試
(1)測(cè)試請(qǐng)求
http://localhost:8080/my/test?userName=張三&age=23
請(qǐng)求head:sign=123456
(2)輸出結(jié)果
- 控制臺(tái)輸出
[Interceptor-auth]:進(jìn)入preHandle
[Interceptor-auth]:訪問信息=com.pdd.module.lanjie.controller.MyController#test[2 args]
[Interceptor-auth]:----------鑒權(quán)通過----------
[Interceptor-auth]:結(jié)束preHandle
[Controller Action]:userName=張三迹缀;age=23
[Interceptor-auth]:postHandle ModelAndView=null
[Interceptor-auth]:afterCompletion Exception=null
- 請(qǐng)求結(jié)果
{
"success": true,
"message": "[Controller Action]:userName=張三肮帐;age=23"
}
6.3.2 逆向測(cè)試
(1)測(cè)試請(qǐng)求
http://localhost:8080/my/test?userName=張三&age=23
請(qǐng)求head:無
(2)輸出結(jié)果
- 控制臺(tái)輸出
[Interceptor-auth]:進(jìn)入preHandle
[Interceptor-auth]:訪問信息=com.pdd.module.lanjie.controller.MyController#test[2 args]
[Interceptor-auth]:----------鑒權(quán)不通過----------
[Interceptor-auth]:結(jié)束preHandle
- 請(qǐng)求結(jié)果
{
"success": false,
"message": "鑒權(quán)失敗"
}
6.4 配置順序
public void addInterceptors(InterceptorRegistry registry) {
// 可按照順序定義多個(gè)
registry.addInterceptor(xxxInterceptor).addPathPatterns(xxx);
registry.addInterceptor(yyyInterceptor).addPathPatterns(yyy);
}
7 AOP代碼實(shí)現(xiàn)
7.1 說明
相關(guān)注解
org.aspectj.lang.annotation.Aspect
org.aspectj.lang.annotation.Pointcut
org.aspectj.lang.annotation.Before
org.aspectj.lang.annotation.After
org.aspectj.lang.annotation.Around
7.2 定義
import com.alibaba.fastjson.JSONObject;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.*;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
@Component
@Order(1)
@Aspect
public class LogAop {
@Pointcut("execution(public * com.pdd..controller..*(..))")
public void log() {
}
@Before("log()")
public void doBefore(JoinPoint joinPoint) {
System.out.println("[AOP-log]:Before");
}
@After("log()")
public void doAfter(JoinPoint joinPoint) {
System.out.println("[AOP-log]:After");
}
@Around("log()")
public Object doAround(ProceedingJoinPoint joinPoint) throws Throwable {
System.out.println("[AOP-log]:Around-進(jìn)入");
// 請(qǐng)求參數(shù)
System.out.println("[AOP-log]:Around-請(qǐng)求參數(shù)="+ JSONObject.toJSONString(joinPoint.getArgs()));
// 執(zhí)行切面方法
Object object = joinPoint.proceed();
// 執(zhí)行結(jié)果
System.out.println("[AOP-log]:Around-執(zhí)行結(jié)果="+ JSONObject.toJSONString(object));
System.out.println("[AOP-log]:Around-結(jié)束");
return object;
}
}
7.3 測(cè)試
(1)測(cè)試請(qǐng)求
http://localhost:8080/my/test?userName=張三&age=23
(2)后臺(tái)日志
[AOP-log]:Around-進(jìn)入
[AOP-log]:Around-請(qǐng)求參數(shù)=["張三","23"]
[AOP-log]:Before
[Controller Action]:userName=張三;age=23
[AOP-log]:After
[AOP-log]:Around-執(zhí)行結(jié)果={"success":true,"message":"[Controller Action]:userName=張三;age=23"}
[AOP-log]:Around-結(jié)束
(2)請(qǐng)求結(jié)果
{"success":true,"message":"[Controller Action]:userName=張三曹鸠;age=23"}
7.4 配置順序
通過spring注解org.springframework.core.annotation.Order
惩坑,來定義順序愤诱。
@Component
@Order(1)
@Aspect
public class LogAop {
//......
}
8 匯總測(cè)試
同時(shí)打開上述的Filter顷蟀,Interceptor,AOP绍赛,一起來攔截請(qǐng)求蔓纠。
(1)測(cè)試請(qǐng)求
http://localhost:8080/my/test?userName=張三&age=23
請(qǐng)求head:sign=123456
(2)輸出結(jié)果
- 控制臺(tái)輸出
[Filter-Time]:進(jìn)入Filter
[Interceptor-auth]:進(jìn)入preHandle
[Interceptor-auth]:訪問信息=com.pdd.module.lanjie.controller.MyController#test[2 args]
[Interceptor-auth]:----------鑒權(quán)通過----------
[Interceptor-auth]:結(jié)束preHandle
[AOP-log]:Around-進(jìn)入
[AOP-log]:Around-請(qǐng)求參數(shù)=["張三","23"]
[AOP-log]:Before
[Controller Action]:userName=張三;age=23
[AOP-log]:After
[AOP-log]:Around-執(zhí)行結(jié)果={"success":true,"message":"[Controller Action]:userName=張三吗蚌;age=23"}
[AOP-log]:Around-結(jié)束
[Interceptor-auth]:postHandle ModelAndView=null
[Interceptor-auth]:afterCompletion Exception=null
[Filter-Time]:結(jié)束Filter腿倚,共326毫秒
將輸出內(nèi)容,進(jìn)行標(biāo)注蚯妇,和3 請(qǐng)求順序
敷燎,部分講解的一致。
- 請(qǐng)求結(jié)果
{
"success": true,
"message": "[Controller Action]:userName=張三箩言;age=23"
}