博主最近剛拿到一個微服務的新項目,邊研究邊分析從框架基礎開始慢慢帶領大家研究微服務的一些東西,這次給大家分析下Springboot中的過濾器和攔截器的區別。雖然上次分析過過濾器,但是主要是分析的cas流程,所以就沒太深入,大家也可以看一下的啊
cas源碼分析:https://www.cnblogs.com/guoxiaoyu/p/13280259.html
好的,正題開始:首先講解一下Springboot中如何進行添加過濾器、進行過濾器過濾請求。添加示例必須來一下
1 @Configuration 2 public class WebConfiguration{ 3 4 @Bean 5 public FilterRegistrationBean testFilterByMe(){ 6 FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(); 7 filterRegistrationBean.setFilter(new TestFilterByMe()); 8 filterRegistrationBean.setOrder(1); 9 return filterRegistrationBean; 10 } 11 }
我們過濾器為什么要添加到FilterRegistrationBean中,不添加可不可以,為什么用@WebFilter注解也可以呢,用@Component可不可以以的呢?博主今天就通過源碼給大家講解一下這幾個問題
首先我們的Springboot開始啟動后,會進行創建bean和web服務器tomcat,源碼附上:
1 @Override 2 protected void onRefresh() { 3 //onRefresh方法就是掃描包,解析配置類的過程,原生spring中是一個空方法,這里進行重寫用於創建tomcat服務器 4 super.onRefresh(); 5 try { 6 //開始創建web服務器tomcat,所以Springboot才可以不依賴web容器,自己就可以啟動成功並進行訪問 7 createWebServer(); 8 } 9 catch (Throwable ex) { 10 throw new ApplicationContextException("Unable to start web server", ex); 11 } 12 }
createWebServer()這個方法的源碼我就不貼上了,大家可以自己看一下源碼,最后就會看到new tomcat();並進行啟動tomcat。啟動容器后當然是開始進行初始化。
1 private void selfInitialize(ServletContext servletContext) throws ServletException { 2 prepareWebApplicationContext(servletContext); 3 registerApplicationScope(servletContext); 4 WebApplicationContextUtils.registerEnvironmentBeans(getBeanFactory(), servletContext); 5 //getServletContextInitializerBeans()這個方法進開始進行解析並添加filter過濾器 了 6 for (ServletContextInitializer beans : getServletContextInitializerBeans()) { 7 beans.onStartup(servletContext); 8 } 9 }
現在才到了添加過濾器最關鍵的部分,這個部分已經基本把上面的三個問題的答案告訴大家了,詳情源碼如下:
1 //開始添加過濾器 2 public ServletContextInitializerBeans(ListableBeanFactory beanFactory, 3 Class<? extends ServletContextInitializer>... initializerTypes) { 4 this.initializers = new LinkedMultiValueMap<>(); 5 this.initializerTypes = (initializerTypes.length != 0) ? Arrays.asList(initializerTypes) 6 : Collections.singletonList(ServletContextInitializer.class); 7 //這里實現的添加形式是通過FilterRegistrationBean類型注冊的 8 addServletContextInitializerBeans(beanFactory); 9 //這里是通過beanfactory中獲取filter類型過濾器后添加進來的,這就明白了,只要讓spring掃描到, 10 //過濾器自己實現了filter接口,你就會給添加到過濾器鏈 11 addAdaptableBeans(beanFactory); 12 //都會添加到initializers這一個map中 13 List<ServletContextInitializer> sortedInitializers = this.initializers.values().stream() 14 .flatMap((value) -> value.stream().sorted(AnnotationAwareOrderComparator.INSTANCE)) 15 .collect(Collectors.toList()); 16 this.sortedList = Collections.unmodifiableList(sortedInitializers); 17 logMappings(this.initializers); 18 }
一個一個方法分析一下,讓大家看個明白到底是怎么回事,為什么這三種方法都可以實現添加過濾器
1 //獲取我們的實現FilterRegistrationBean類的過濾器 2 private void addServletContextInitializerBeans(ListableBeanFactory beanFactory) { 3 for (Class<? extends ServletContextInitializer> initializerType : this.initializerTypes) { 4 //獲取type為ServletContextInitializer的排好序的類,跟是否實現order類無關! 5 for (Entry<String, ? extends ServletContextInitializer> initializerBean : getOrderedBeansOfType(beanFactory, 6 initializerType)) { 7 //這時候就開始判斷實現FilterRegistrationBean類的過濾器 8 addServletContextInitializerBean(initializerBean.getKey(), initializerBean.getValue(), beanFactory); 9 } 10 } 11 }
獲取bean時debug,觀察一下,最后會篩選出來我們FilterRegistrationBean的過濾器,為什么呢?因為這個類的上級實現了ServletContextInitializer
再來看一下添加的過程,就知道filter要注冊到FilterRegistrationBean中的原因了,
1 private void addServletContextInitializerBean(String beanName, ServletContextInitializer initializer, 2 ListableBeanFactory beanFactory) { 3 if (initializer instanceof ServletRegistrationBean) { 4 Servlet source = ((ServletRegistrationBean<?>) initializer).getServlet(); 5 addServletContextInitializerBean(Servlet.class, beanName, initializer, beanFactory, source); 6 } 7 //在這里進行的添加的過程 8 else if (initializer instanceof FilterRegistrationBean) { 9 Filter source = ((FilterRegistrationBean<?>) initializer).getFilter(); 10 addServletContextInitializerBean(Filter.class, beanName, initializer, beanFactory, source); 11 } 12 else if (initializer instanceof DelegatingFilterProxyRegistrationBean) { 13 String source = ((DelegatingFilterProxyRegistrationBean) initializer).getTargetBeanName(); 14 addServletContextInitializerBean(Filter.class, beanName, initializer, beanFactory, source); 15 } 16 else if (initializer instanceof ServletListenerRegistrationBean) { 17 EventListener source = ((ServletListenerRegistrationBean<?>) initializer).getListener(); 18 addServletContextInitializerBean(EventListener.class, beanName, initializer, beanFactory, source); 19 } 20 else { 21 addServletContextInitializerBean(ServletContextInitializer.class, beanName, initializer, beanFactory, 22 initializer); 23 } 24 }
我們再來看一下另一種添加的方法
1 //另一種添加過濾器的方法在這里 2 protected void addAdaptableBeans(ListableBeanFactory beanFactory) { 3 MultipartConfigElement multipartConfig = getMultipartConfig(beanFactory); 4 addAsRegistrationBean(beanFactory, Servlet.class, new ServletRegistrationBeanAdapter(multipartConfig)); 5 //從bean工廠中獲取為Filter類型的類,所以只要我們把我們已經實現Filter接口的類交給spring,beanFactory中有我們的類就可以實現 6 addAsRegistrationBean(beanFactory, Filter.class, new FilterRegistrationBeanAdapter()); 7 for (Class<?> listenerType : ServletListenerRegistrationBean.getSupportedTypes()) { 8 addAsRegistrationBean(beanFactory, EventListener.class, (Class<EventListener>) listenerType, 9 new ServletListenerRegistrationBeanAdapter()); 10 } 11 }
其實最后獲取出來后,都是進行創建FilterRegistrationBean
1 private <T, B extends T> void addAsRegistrationBean(ListableBeanFactory beanFactory, Class<T> type, 2 Class<B> beanType, RegistrationBeanAdapter<T> adapter) { 3 //從beanfactory中獲取為filter類型的bean 4 List<Map.Entry<String, B>> entries = getOrderedBeansOfType(beanFactory, beanType, this.seen); 5 for (Entry<String, B> entry : entries) { 6 String beanName = entry.getKey(); 7 B bean = entry.getValue(); 8 if (this.seen.add(bean)) { 9 //剩下其他自動實現的創建過程,也是創建一個FilterRegistrationBean並返回 10 RegistrationBean registration = adapter.createRegistrationBean(beanName, bean, entries.size()); 11 int order = getOrder(bean); 12 registration.setOrder(order); 13 this.initializers.add(type, registration); 14 if (logger.isTraceEnabled()) { 15 logger.trace("Created " + type.getSimpleName() + " initializer for bean '" + beanName + "'; order=" 16 + order + ", resource=" + getResourceDescription(beanName, beanFactory)); 17 } 18 } 19 } 20 } 21 @Override 22 public RegistrationBean createRegistrationBean(String name, Filter source, int totalNumberOfSourceBeans) { 23 FilterRegistrationBean<Filter> bean = new FilterRegistrationBean<>(source); 24 bean.setName(name); 25 return bean; 26 }
現在已經把過濾器找的了並且已經添加成功了,開始進行注冊時調用的是onstartup方法,注冊到filterDefs這個map中,下面初始化會用到
這里開始進行過濾器的初始化,new ApplicationFilterConfig方法就需要大家自己去debug了,至少加深一下印象,里面會進行初始化,調用init方法
1 //開始過濾器的初始化 2 public boolean filterStart() { 3 4 if (getLogger().isDebugEnabled()) { 5 getLogger().debug("Starting filters"); 6 } 7 // Instantiate and record a FilterConfig for each defined filter 8 boolean ok = true; 9 synchronized (filterConfigs) { 10 filterConfigs.clear(); 11 //filterDefs這個map就是剛才添加進來的過濾器map 12 for (Entry<String,FilterDef> entry : filterDefs.entrySet()) { 13 String name = entry.getKey(); 14 if (getLogger().isDebugEnabled()) { 15 getLogger().debug(" Starting filter '" + name + "'"); 16 } 17 try { 18 //在這里會進行fileter的init方法 19 ApplicationFilterConfig filterConfig = 20 new ApplicationFilterConfig(this, entry.getValue()); 21 filterConfigs.put(name, filterConfig); 22 } catch (Throwable t) { 23 t = ExceptionUtils.unwrapInvocationTargetException(t); 24 ExceptionUtils.handleThrowable(t); 25 getLogger().error(sm.getString( 26 "standardContext.filterStart", name), t); 27 ok = false; 28 } 29 } 30 }
到這里,過濾器初始化就完成了也把開頭的三個問題給大家講解明白了,剩下的就是過濾請求的過程了,看一下請求過來時的源碼處理
1 // Create the filter chain for this request 2 //當有請求過來時,首先會調用過濾器,進行過濾,這里會進行過濾器數組的創建 3 ApplicationFilterChain filterChain = 4 ApplicationFilterFactory.createFilterChain(request, wrapper, servlet); 5 6 // Call the filter chain for this request 7 // NOTE: This also calls the servlet's service() method 8 Container container = this.container; 9 try { 10 if ((servlet != null) && (filterChain != null)) { 11 // Swallow output if needed 12 if (context.getSwallowOutput()) { 13 try { 14 SystemLogHandler.startCapture(); 15 if (request.isAsyncDispatching()) { 16 request.getAsyncContextInternal().doInternalDispatch(); 17 } else { 18 filterChain.doFilter(request.getRequest(), 19 response.getResponse()); 20 } 21 } finally { 22 String log = SystemLogHandler.stopCapture(); 23 if (log != null && log.length() > 0) { 24 context.getLogger().info(log); 25 } 26 } 27 } else { 28 if (request.isAsyncDispatching()) { 29 request.getAsyncContextInternal().doInternalDispatch(); 30 } else { 31 filterChain.doFilter 32 (request.getRequest(), response.getResponse()); 33 } 34 } 35 36 }
1 //數組結構可以在這里查看 2 void addFilter(ApplicationFilterConfig filterConfig) { 3 4 // Prevent the same filter being added multiple times 5 for(ApplicationFilterConfig filter:filters) 6 if(filter==filterConfig) 7 return; 8 9 if (n == filters.length) { 10 ApplicationFilterConfig[] newFilters = 11 new ApplicationFilterConfig[n + INCREMENT]; 12 System.arraycopy(filters, 0, newFilters, 0, n); 13 filters = newFilters; 14 } 15 filters[n++] = filterConfig; 16 17 }
創建后會進行對請求的過濾,源碼:
1 //過濾器開始過濾 2 private void internalDoFilter(ServletRequest request, 3 ServletResponse response) 4 throws IOException, ServletException { 5 6 // Call the next filter if there is one 7 //過濾器數組大小 8 if (pos < n) { 9 //每調用一次都會從數組中自增1 pos++ 10 ApplicationFilterConfig filterConfig = filters[pos++]; 11 try { 12 Filter filter = filterConfig.getFilter(); 13 14 if (request.isAsyncSupported() && "false".equalsIgnoreCase( 15 filterConfig.getFilterDef().getAsyncSupported())) { 16 request.setAttribute(Globals.ASYNC_SUPPORTED_ATTR, Boolean.FALSE); 17 } 18 if( Globals.IS_SECURITY_ENABLED ) { 19 final ServletRequest req = request; 20 final ServletResponse res = response; 21 Principal principal = 22 ((HttpServletRequest) req).getUserPrincipal(); 23 24 Object[] args = new Object[]{req, res, this}; 25 SecurityUtil.doAsPrivilege ("doFilter", filter, classType, args, principal); 26 } else { 27 //每次都會調用doFilter方法,在doFilter方法中調用internalDoFilter,就是一直回調,直到所有過濾器走完 28 filter.doFilter(request, response, this); 29 } 30 } catch (IOException | ServletException | RuntimeException e) { 31 throw e; 32 } catch (Throwable e) { 33 e = ExceptionUtils.unwrapInvocationTargetException(e); 34 ExceptionUtils.handleThrowable(e); 35 throw new ServletException(sm.getString("filterChain.filter"), e); 36 } 37 //當有過濾器直接返回,並沒有繼續回調時,回直接return,不會處理該請求,就是下面的步驟 38 return; 39 } 40 //當所有過濾器走完后,將會處理請求 41 // We fell off the end of the chain -- call the servlet instance 42 try { 43 if (ApplicationDispatcher.WRAP_SAME_OBJECT) { 44 lastServicedRequest.set(request); 45 lastServicedResponse.set(response); 46 } 47 48 if (request.isAsyncSupported() && !servletSupportsAsync) { 49 request.setAttribute(Globals.ASYNC_SUPPORTED_ATTR, 50 Boolean.FALSE); 51 } 52 // Use potentially wrapped request from this point 53 if ((request instanceof HttpServletRequest) && 54 (response instanceof HttpServletResponse) && 55 Globals.IS_SECURITY_ENABLED ) { 56 final ServletRequest req = request; 57 final ServletResponse res = response; 58 Principal principal = 59 ((HttpServletRequest) req).getUserPrincipal(); 60 Object[] args = new Object[]{req, res}; 61 SecurityUtil.doAsPrivilege("service", 62 servlet, 63 classTypeUsedInService, 64 args, 65 principal); 66 } else { 67 //就是這里直接調用dsipatcherservlet的service方法去轉發doget,dopost方法的, 68 //剩下的就是攔截器的知識點了: 69 servlet.service(request, response); 70 } 71 } catch (IOException | ServletException | RuntimeException e) { 72 throw e; 73 } catch (Throwable e) { 74 e = ExceptionUtils.unwrapInvocationTargetException(e); 75 ExceptionUtils.handleThrowable(e); 76 throw new ServletException(sm.getString("filterChain.servlet"), e); 77 } finally { 78 if (ApplicationDispatcher.WRAP_SAME_OBJECT) { 79 lastServicedRequest.set(null); 80 lastServicedResponse.set(null); 81 } 82 } 83 }
到此創建以及過濾請求的流程分析也就結束了,關於URL過濾的問題,匹配的時候只會識別斜杠/和*不要以為?后面的參數也算到URL過濾里,匹配完路徑就完了,然后和攔截器的創建以及攔截分析做一下對比,分析一下兩者的區別,如果不知道攔截器的創建以及流程處理可以看一下我的另一篇文章:https://www.cnblogs.com/guoxiaoyu/p/13402861.html
相同點:
- 都需要交給spring進行管理,雖然filter本身是servlet,但是如果不給spring管理,根本不會添加成功,也不會過濾請求
- 都會在請求真正被處理前進行攔截過濾,如果不符合條件會直接返回,不會處理請求
- 兩者都可以指定執行順序
差異點:
- 過濾器先注冊,攔截器后注冊
- 過濾器先執行,攔截器后執行,攔截器可以在請求執行后繼續處理其他事情,過濾器只有一個過濾的方法
- 過濾器執行時是基於函數回調,而攔截器執行是直接從數組中獲取,一個一個執行,作者沒有看到哪里用到了反射,網上好多說是反射,攔截器的三個方法都是從數組中獲取然后一個一個調用方法進行的,只有在處理請求的時候才用到了invoke反射
