博主最近刚拿到一个微服务的新项目,边研究边分析从框架基础开始慢慢带领大家研究微服务的一些东西,这次给大家分析下Springboot中的过滤器和拦截器的区别。虽然上次分析过过滤器,但是主要是分析的cas流程,所以就没太深入,大家也可以看一下的啊
cas源码分析:https://www.cnblogs.com/guoxiaoyu/p/13280259.html
好的,正题开始:首先讲解一下Springboot中如何进行添加过滤器、进行过滤器过滤请求。添加示例必须来一下
代码语言:javascript复制 1 @Configuration
2 public class WebConfiguration{
3
4 @Bean
5 public FilterRegistrationBean testFilterByMe(){
6 FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
7 filterRegistrationBean.setFilter(new TestFilterByMe());
8 filterRegistrationBean.setOrder(1);
9 return filterRegistrationBean;
10 }
11 }
我们过滤器为什么要添加到FilterRegistrationBean中,不添加可不可以,为什么用@WebFilter注解也可以呢,用@Component可不可以以的呢?博主今天就通过源码给大家讲解一下这几个问题
首先我们的Springboot开始启动后,会进行创建bean和web服务器tomcat,源码附上:
代码语言:javascript复制 1 @Override
2 protected void onRefresh() {
3 //onRefresh方法就是扫描包,解析配置类的过程,原生spring中是一个空方法,这里进行重写用于创建tomcat服务器
4 super.onRefresh();
5 try {
6 //开始创建web服务器tomcat,所以Springboot才可以不依赖web容器,自己就可以启动成功并进行访问
7 createWebServer();
8 }
9 catch (Throwable ex) {
10 throw new ApplicationContextException("Unable to start web server", ex);
11 }
12 }
createWebServer()这个方法的源码我就不贴上了,大家可以自己看一下源码,最后就会看到new tomcat();并进行启动tomcat。启动容器后当然是开始进行初始化。
代码语言:javascript复制1 private void selfInitialize(ServletContext servletContext) throws ServletException {
2 prepareWebApplicationContext(servletContext);
3 registerApplicationScope(servletContext);
4 WebApplicationContextUtils.registerEnvironmentBeans(getBeanFactory(), servletContext);
5 //getServletContextInitializerBeans()这个方法进开始进行解析并添加filter过滤器 了
6 for (ServletContextInitializer beans : getServletContextInitializerBeans()) {
7 beans.onStartup(servletContext);
8 }
9 }
现在才到了添加过滤器最关键的部分,这个部分已经基本把上面的三个问题的答案告诉大家了,详情源码如下:
代码语言:javascript复制 1 //开始添加过滤器
2 public ServletContextInitializerBeans(ListableBeanFactory beanFactory,
3 Class<? extends ServletContextInitializer>... initializerTypes) {
4 this.initializers = new LinkedMultiValueMap<>();
5 this.initializerTypes = (initializerTypes.length != 0) ? Arrays.asList(initializerTypes)
6 : Collections.singletonList(ServletContextInitializer.class);
7 //这里实现的添加形式是通过FilterRegistrationBean类型注册的
8 addServletContextInitializerBeans(beanFactory);
9 //这里是通过beanfactory中获取filter类型过滤器后添加进来的,这就明白了,只要让spring扫描到,
10 //过滤器自己实现了filter接口,你就会给添加到过滤器链
11 addAdaptableBeans(beanFactory);
12 //都会添加到initializers这一个map中
13 List<ServletContextInitializer> sortedInitializers = this.initializers.values().stream()
14 .flatMap((value) -> value.stream().sorted(AnnotationAwareOrderComparator.INSTANCE))
15 .collect(Collectors.toList());
16 this.sortedList = Collections.unmodifiableList(sortedInitializers);
17 logMappings(this.initializers);
18 }
一个一个方法分析一下,让大家看个明白到底是怎么回事,为什么这三种方法都可以实现添加过滤器
代码语言:javascript复制 1 //获取我们的实现FilterRegistrationBean类的过滤器
2 private void addServletContextInitializerBeans(ListableBeanFactory beanFactory) {
3 for (Class<? extends ServletContextInitializer> initializerType : this.initializerTypes) {
4 //获取type为ServletContextInitializer的排好序的类,跟是否实现order类无关!
5 for (Entry<String, ? extends ServletContextInitializer> initializerBean : getOrderedBeansOfType(beanFactory,
6 initializerType)) {
7 //这时候就开始判断实现FilterRegistrationBean类的过滤器
8 addServletContextInitializerBean(initializerBean.getKey(), initializerBean.getValue(), beanFactory);
9 }
10 }
11 }
获取bean时debug,观察一下,最后会筛选出来我们FilterRegistrationBean的过滤器,为什么呢?因为这个类的上级实现了ServletContextInitializer
再来看一下添加的过程,就知道filter要注册到FilterRegistrationBean中的原因了,
代码语言:javascript复制 1 private void addServletContextInitializerBean(String beanName, ServletContextInitializer initializer,
2 ListableBeanFactory beanFactory) {
3 if (initializer instanceof ServletRegistrationBean) {
4 Servlet source = ((ServletRegistrationBean<?>) initializer).getServlet();
5 addServletContextInitializerBean(Servlet.class, beanName, initializer, beanFactory, source);
6 }
7 //在这里进行的添加的过程
8 else if (initializer instanceof FilterRegistrationBean) {
9 Filter source = ((FilterRegistrationBean<?>) initializer).getFilter();
10 addServletContextInitializerBean(Filter.class, beanName, initializer, beanFactory, source);
11 }
12 else if (initializer instanceof DelegatingFilterProxyRegistrationBean) {
13 String source = ((DelegatingFilterProxyRegistrationBean) initializer).getTargetBeanName();
14 addServletContextInitializerBean(Filter.class, beanName, initializer, beanFactory, source);
15 }
16 else if (initializer instanceof ServletListenerRegistrationBean) {
17 EventListener source = ((ServletListenerRegistrationBean<?>) initializer).getListener();
18 addServletContextInitializerBean(EventListener.class, beanName, initializer, beanFactory, source);
19 }
20 else {
21 addServletContextInitializerBean(ServletContextInitializer.class, beanName, initializer, beanFactory,
22 initializer);
23 }
24 }
我们再来看一下另一种添加的方法
代码语言:javascript复制 1 //另一种添加过滤器的方法在这里
2 protected void addAdaptableBeans(ListableBeanFactory beanFactory) {
3 MultipartConfigElement multipartConfig = getMultipartConfig(beanFactory);
4 addAsRegistrationBean(beanFactory, Servlet.class, new ServletRegistrationBeanAdapter(multipartConfig));
5 //从bean工厂中获取为Filter类型的类,所以只要我们把我们已经实现Filter接口的类交给spring,beanFactory中有我们的类就可以实现
6 addAsRegistrationBean(beanFactory, Filter.class, new FilterRegistrationBeanAdapter());
7 for (Class<?> listenerType : ServletListenerRegistrationBean.getSupportedTypes()) {
8 addAsRegistrationBean(beanFactory, EventListener.class, (Class<EventListener>) listenerType,
9 new ServletListenerRegistrationBeanAdapter());
10 }
11 }
其实最后获取出来后,都是进行创建FilterRegistrationBean
代码语言:javascript复制 1 private <T, B extends T> void addAsRegistrationBean(ListableBeanFactory beanFactory, Class<T> type,
2 Class<B> beanType, RegistrationBeanAdapter<T> adapter) {
3 //从beanfactory中获取为filter类型的bean
4 List<Map.Entry<String, B>> entries = getOrderedBeansOfType(beanFactory, beanType, this.seen);
5 for (Entry<String, B> entry : entries) {
6 String beanName = entry.getKey();
7 B bean = entry.getValue();
8 if (this.seen.add(bean)) {
9 //剩下其他自动实现的创建过程,也是创建一个FilterRegistrationBean并返回
10 RegistrationBean registration = adapter.createRegistrationBean(beanName, bean, entries.size());
11 int order = getOrder(bean);
12 registration.setOrder(order);
13 this.initializers.add(type, registration);
14 if (logger.isTraceEnabled()) {
15 logger.trace("Created " type.getSimpleName() " initializer for bean '" beanName "'; order="
16 order ", resource=" getResourceDescription(beanName, beanFactory));
17 }
18 }
19 }
20 }
21 @Override
22 public RegistrationBean createRegistrationBean(String name, Filter source, int totalNumberOfSourceBeans) {
23 FilterRegistrationBean<Filter> bean = new FilterRegistrationBean<>(source);
24 bean.setName(name);
25 return bean;
26 }
现在已经把过滤器找的了并且已经添加成功了,开始进行注册时调用的是onstartup方法,注册到filterDefs这个map中,下面初始化会用到
这里开始进行过滤器的初始化,new ApplicationFilterConfig方法就需要大家自己去debug了,至少加深一下印象,里面会进行初始化,调用init方法
代码语言:javascript复制 1 //开始过滤器的初始化
2 public boolean filterStart() {
3
4 if (getLogger().isDebugEnabled()) {
5 getLogger().debug("Starting filters");
6 }
7 // Instantiate and record a FilterConfig for each defined filter
8 boolean ok = true;
9 synchronized (filterConfigs) {
10 filterConfigs.clear();
11 //filterDefs这个map就是刚才添加进来的过滤器map
12 for (Entry<String,FilterDef> entry : filterDefs.entrySet()) {
13 String name = entry.getKey();
14 if (getLogger().isDebugEnabled()) {
15 getLogger().debug(" Starting filter '" name "'");
16 }
17 try {
18 //在这里会进行fileter的init方法
19 ApplicationFilterConfig filterConfig =
20 new ApplicationFilterConfig(this, entry.getValue());
21 filterConfigs.put(name, filterConfig);
22 } catch (Throwable t) {
23 t = ExceptionUtils.unwrapInvocationTargetException(t);
24 ExceptionUtils.handleThrowable(t);
25 getLogger().error(sm.getString(
26 "standardContext.filterStart", name), t);
27 ok = false;
28 }
29 }
30 }
到这里,过滤器初始化就完成了也把开头的三个问题给大家讲解明白了,剩下的就是过滤请求的过程了,看一下请求过来时的源码处理
代码语言:javascript复制 1 // Create the filter chain for this request
2 //当有请求过来时,首先会调用过滤器,进行过滤,这里会进行过滤器数组的创建
3 ApplicationFilterChain filterChain =
4 ApplicationFilterFactory.createFilterChain(request, wrapper, servlet);
5
6 // Call the filter chain for this request
7 // NOTE: This also calls the servlet's service() method
8 Container container = this.container;
9 try {
10 if ((servlet != null) && (filterChain != null)) {
11 // Swallow output if needed
12 if (context.getSwallowOutput()) {
13 try {
14 SystemLogHandler.startCapture();
15 if (request.isAsyncDispatching()) {
16 request.getAsyncContextInternal().doInternalDispatch();
17 } else {
18 filterChain.doFilter(request.getRequest(),
19 response.getResponse());
20 }
21 } finally {
22 String log = SystemLogHandler.stopCapture();
23 if (log != null && log.length() > 0) {
24 context.getLogger().info(log);
25 }
26 }
27 } else {
28 if (request.isAsyncDispatching()) {
29 request.getAsyncContextInternal().doInternalDispatch();
30 } else {
31 filterChain.doFilter
32 (request.getRequest(), response.getResponse());
33 }
34 }
35
36 }
代码语言:javascript复制 1 //数组结构可以在这里查看
2 void addFilter(ApplicationFilterConfig filterConfig) {
3
4 // Prevent the same filter being added multiple times
5 for(ApplicationFilterConfig filter:filters)
6 if(filter==filterConfig)
7 return;
8
9 if (n == filters.length) {
10 ApplicationFilterConfig[] newFilters =
11 new ApplicationFilterConfig[n INCREMENT];
12 System.arraycopy(filters, 0, newFilters, 0, n);
13 filters = newFilters;
14 }
15 filters[n ] = filterConfig;
16
17 }
创建后会进行对请求的过滤,源码:
代码语言:javascript复制 1 //过滤器开始过滤
2 private void internalDoFilter(ServletRequest request,
3 ServletResponse response)
4 throws IOException, ServletException {
5
6 // Call the next filter if there is one
7 //过滤器数组大小
8 if (pos < n) {
9 //每调用一次都会从数组中自增1 pos
10 ApplicationFilterConfig filterConfig = filters[pos ];
11 try {
12 Filter filter = filterConfig.getFilter();
13
14 if (request.isAsyncSupported() && "false".equalsIgnoreCase(
15 filterConfig.getFilterDef().getAsyncSupported())) {
16 request.setAttribute(Globals.ASYNC_SUPPORTED_ATTR, Boolean.FALSE);
17 }
18 if( Globals.IS_SECURITY_ENABLED ) {
19 final ServletRequest req = request;
20 final ServletResponse res = response;
21 Principal principal =
22 ((HttpServletRequest) req).getUserPrincipal();
23
24 Object[] args = new Object[]{req, res, this};
25 SecurityUtil.doAsPrivilege ("doFilter", filter, classType, args, principal);
26 } else {
27 //每次都会调用doFilter方法,在doFilter方法中调用internalDoFilter,就是一直回调,直到所有过滤器走完
28 filter.doFilter(request, response, this);
29 }
30 } catch (IOException | ServletException | RuntimeException e) {
31 throw e;
32 } catch (Throwable e) {
33 e = ExceptionUtils.unwrapInvocationTargetException(e);
34 ExceptionUtils.handleThrowable(e);
35 throw new ServletException(sm.getString("filterChain.filter"), e);
36 }
37 //当有过滤器直接返回,并没有继续回调时,回直接return,不会处理该请求,就是下面的步骤
38 return;
39 }
40 //当所有过滤器走完后,将会处理请求
41 // We fell off the end of the chain -- call the servlet instance
42 try {
43 if (ApplicationDispatcher.WRAP_SAME_OBJECT) {
44 lastServicedRequest.set(request);
45 lastServicedResponse.set(response);
46 }
47
48 if (request.isAsyncSupported() && !servletSupportsAsync) {
49 request.setAttribute(Globals.ASYNC_SUPPORTED_ATTR,
50 Boolean.FALSE);
51 }
52 // Use potentially wrapped request from this point
53 if ((request instanceof HttpServletRequest) &&
54 (response instanceof HttpServletResponse) &&
55 Globals.IS_SECURITY_ENABLED ) {
56 final ServletRequest req = request;
57 final ServletResponse res = response;
58 Principal principal =
59 ((HttpServletRequest) req).getUserPrincipal();
60 Object[] args = new Object[]{req, res};
61 SecurityUtil.doAsPrivilege("service",
62 servlet,
63 classTypeUsedInService,
64 args,
65 principal);
66 } else {
67 //就是这里直接调用dsipatcherservlet的service方法去转发doget,dopost方法的,
68 //剩下的就是拦截器的知识点了:
69 servlet.service(request, response);
70 }
71 } catch (IOException | ServletException | RuntimeException e) {
72 throw e;
73 } catch (Throwable e) {
74 e = ExceptionUtils.unwrapInvocationTargetException(e);
75 ExceptionUtils.handleThrowable(e);
76 throw new ServletException(sm.getString("filterChain.servlet"), e);
77 } finally {
78 if (ApplicationDispatcher.WRAP_SAME_OBJECT) {
79 lastServicedRequest.set(null);
80 lastServicedResponse.set(null);
81 }
82 }
83 }
到此创建以及过滤请求的流程分析也就结束了,关于URL过滤的问题,匹配的时候只会识别斜杠/和*不要以为?后面的参数也算到URL过滤里,匹配完路径就完了,然后和拦截器的创建以及拦截分析做一下对比,分析一下两者的区别,如果不知道拦截器的创建以及流程处理可以看一下我的另一篇文章:https://www.cnblogs.com/guoxiaoyu/p/13402861.html
相同点:
- 都需要交给spring进行管理,虽然filter本身是servlet,但是如果不给spring管理,根本不会添加成功,也不会过滤请求
- 都会在请求真正被处理前进行拦截过滤,如果不符合条件会直接返回,不会处理请求
- 两者都可以指定执行顺序
差异点:
- 过滤器先注册,拦截器后注册
- 过滤器先执行,拦截器后执行,拦截器可以在请求执行后继续处理其他事情,过滤器只有一个过滤的方法
- 过滤器执行时是基于函数回调,而拦截器执行是直接从数组中获取,一个一个执行,作者没有看到哪里用到了反射,网上好多说是反射,拦截器的三个方法都是从数组中获取然后一个一个调用方法进行的,只有在处理请求的时候才用到了invoke反射
我正在参与2024腾讯技术创作特训营最新征文,快来和我瓜分大奖!