自定义 Filter
在项目中经常会使用 Filter 来实现记录请求日志、排除有 XSS 威胁的字符、执行权限验证等功能。Spring Boot 自动添加了 OrderedCharacterEncodingFilter 和 HiddenHttpMethodFilter,并且我们也可以自定义 Filter。
新建 MyFilter 类,使用 doFilter() 方法:
1 public class MyFilter implements Filter { 2 @Override 3 public void destroy() { 4 // do Something 5 } 6 7 @Override 8 public void doFilter(ServletRequest srequest, ServletResponse sresponse, FilterChain filterChain) 9 throws IOException, ServletException { 10 HttpServletRequest request = (HttpServletRequest) srequest; 11 System.out.println("this is MyFilter,url :"+request.getRequestURI()); 12 filterChain.doFilter(srequest, sresponse); 13 } 14 15 @Override 16 public void init(FilterConfig arg0) throws ServletException { 17 // do Something 18 } 19 }
将自定义 Filter 加入过滤链:
1 @Configuration 2 public class WebConfiguration { 3 @Bean 4 public RemoteIpFilter remoteIpFilter() { 5 return new RemoteIpFilter(); 6 } 7 8 @Bean 9 public FilterRegistrationBean testFilterRegistration() { 10 11 FilterRegistrationBean registration = new FilterRegistrationBean(); 12 registration.setFilter(new MyFilter()); 13 registration.addUrlPatterns("/*"); 14 registration.addInitParameter("paramName", "paramValue"); 15 registration.setName("MyFilter"); 16 registration.setOrder(1); 17 return registration; 18 } 19 }
添加完后启动项目,访问任意的 Url,都会看到控制台打印如下信息:
this is MyFilter,url :/xxx
说明 MyFilter 已经对所有的 Url 进行了监控,在实际使用的过程中,常常利用这个特性进行 session 验证,判断用户是否登录。