在实际的web应用程序中,经常需要在请求(request)外面增加包装用于:记录调用日志、排除有XSS威胁的字符、执行权限验证等等。除了上述提到的之外,Spring Boot自动添加了OrderedCharacterEncodingFilter和HiddenHttpMethodFilter,并且我们在自己的项目中还可以增加别的过滤器。
Servlet注册
使用Spring Boot中自带的Servlet注册Bean进行Servlet注册
// // Source code recreated from a .class file by IntelliJ IDEA // (powered by Fernflower decompiler) // package org.springframework.boot.web.servlet; import java.util.Arrays; import java.util.Collection; import java.util.LinkedHashSet; import java.util.Set; import javax.servlet.MultipartConfigElement; import javax.servlet.Servlet; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.ServletRegistration.Dynamic; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.springframework.boot.web.servlet.RegistrationBean; import org.springframework.util.Assert; import org.springframework.util.ObjectUtils; public class ServletRegistrationBean extends RegistrationBean { private static final Log logger = LogFactory.getLog(ServletRegistrationBean.class); private static final String[] DEFAULT_MAPPINGS = new String[]{"/*"}; private Servlet servlet; private Set<String> urlMappings; private boolean alwaysMapUrl; private int loadOnStartup; private MultipartConfigElement multipartConfig; public ServletRegistrationBean() { this.urlMappings = new LinkedHashSet(); this.alwaysMapUrl = true; this.loadOnStartup = -1; } public ServletRegistrationBean(Servlet servlet, String... urlMappings) { this(servlet, true, urlMappings); } public ServletRegistrationBean(Servlet servlet, boolean alwaysMapUrl, String... urlMappings) { this.urlMappings = new LinkedHashSet(); this.alwaysMapUrl = true; this.loadOnStartup = -1; Assert.notNull(servlet, "Servlet must not be null"); Assert.notNull(urlMappings, "UrlMappings must not be null"); this.servlet = servlet; this.alwaysMapUrl = alwaysMapUrl; this.urlMappings.addAll(Arrays.asList(urlMappings)); } protected Servlet getServlet() { return this.servlet; } public void setServlet(Servlet servlet) { Assert.notNull(servlet, "Servlet must not be null"); this.servlet = servlet; } public void setUrlMappings(Collection<String> urlMappings) { Assert.notNull(urlMappings, "UrlMappings must not be null"); this.urlMappings = new LinkedHashSet(urlMappings); } public Collection<String> getUrlMappings() { return this.urlMappings; } public void addUrlMappings(String... urlMappings) { Assert.notNull(urlMappings, "UrlMappings must not be null"); this.urlMappings.addAll(Arrays.asList(urlMappings)); } public void setLoadOnStartup(int loadOnStartup) { this.loadOnStartup = loadOnStartup; } public void setMultipartConfig(MultipartConfigElement multipartConfig) { this.multipartConfig = multipartConfig; } public MultipartConfigElement getMultipartConfig() { return this.multipartConfig; } public String getServletName() { return this.getOrDeduceName(this.servlet); } public void onStartup(ServletContext servletContext) throws ServletException { Assert.notNull(this.servlet, "Servlet must not be null"); String name = this.getServletName(); if(!this.isEnabled()) { logger.info("Servlet " + name + " was not registered (disabled)"); } else { logger.info("Mapping servlet: \'" + name + "\' to " + this.urlMappings); Dynamic added = servletContext.addServlet(name, this.servlet); if(added == null) { logger.info("Servlet " + name + " was not registered (possibly already registered?)"); } else { this.configure(added); } } } protected void configure(Dynamic registration) { super.configure(registration); String[] urlMapping = (String[])this.urlMappings.toArray(new String[this.urlMappings.size()]); if(urlMapping.length == 0 && this.alwaysMapUrl) { urlMapping = DEFAULT_MAPPINGS; } if(!ObjectUtils.isEmpty(urlMapping)) { registration.addMapping(urlMapping); } registration.setLoadOnStartup(this.loadOnStartup); if(this.multipartConfig != null) { registration.setMultipartConfig(this.multipartConfig); } } }
注册Servlet
@Bean public ServletRegistrationBean druidStatViewServlet(DruidDataSourceProperties druidDataSourceProperties) { if (StringUtils.isEmpty(druidDataSourceProperties.getServletPath())) { druidDataSourceProperties.setServletPath("/druid/*"); } return new ServletRegistrationBean(new StatViewServlet(), druidDataSourceProperties.getServletPath()); }
其中StatViewServlet
就是我们需要注册的Servlet,DruidDataSourceProperties.getServletPath()
设置对应访问该Servlet的Url
Filter注册
1、直接将实现javax.servlet.Filter
注册为Spring Bean
@Bean public FilterRegistrationBean druidWebStatFilter() { return new WebStatFilter(); }
但是这样过滤器过来的Url为/**
。如果我不想过滤所有的连接,请看第二种方式.
2、使用Spring Bean中的FilterRegistrationBean注册Filter
// // Source code recreated from a .class file by IntelliJ IDEA // (powered by Fernflower decompiler) // package org.springframework.boot.web.servlet; import javax.servlet.Filter; import org.springframework.boot.web.servlet.AbstractFilterRegistrationBean; import org.springframework.boot.web.servlet.ServletRegistrationBean; import org.springframework.util.Assert; public class FilterRegistrationBean extends AbstractFilterRegistrationBean { public static final int REQUEST_WRAPPER_FILTER_MAX_ORDER = 0; private Filter filter; public FilterRegistrationBean() { super(new ServletRegistrationBean[0]); } public FilterRegistrationBean(Filter filter, ServletRegistrationBean... servletRegistrationBeans) { super(servletRegistrationBeans); Assert.notNull(filter, "Filter must not be null"); this.filter = filter; } public Filter getFilter() { return this.filter; } public void setFilter(Filter filter) { Assert.notNull(filter, "Filter must not be null"); this.filter = filter; } }
注册Filter
@Bean public FilterRegistrationBean druidWebStatFilter() { FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(new WebStatFilter()); //添加过滤规则. filterRegistrationBean.addUrlPatterns("/*"); //添加不需要忽略的格式信息. filterRegistrationBean.addInitParameter("exclusions", "*.js,*.gif,*.jpg,*.png,*.css,*.ico,/druid2/*"); return filterRegistrationBean; }
转载请注明:晓窗博客 » Spring Boot过滤器Filter和Servlet注册