分析下Java web中的过滤器 、拦截器
过滤器:当用户请求(request)服务器时可以添加多个过滤器对请求进行过滤,
每个过滤器对请求有不同的过滤处理
多个过滤器就会形成一个过滤器链条
当过滤链条完成之后,server开始对请求处理
处理完成之后返回结果response
response还会逆序被过滤链条处理
完成之后返回用户 如下图:
代码部分:
请求与返回对象public class Request {public String RequestString;}public class Response {public String ResponseString;}//过滤接口public interface Filter {public void doFilter(Request request , Response response , FilterChain chain);}过滤实现类public class HtmlFilter implements Filter{@Overridepublic void doFilter(Request request, Response response, FilterChain chain) {request.RequestString = request.RequestString.replace("<", "[").replace(">", "]");System.out.println("HtmlFilter request 处理完成 request.RequestString = "+request.RequestString);chain.doFilter(request, response, chain);response.ResponseString = response.ResponseString + " |HtmlFilter response 处理";System.out.println("HtmlFilter response 返回处理完成 response.ResponseString = "+response.ResponseString);}}public class SensitiveFilter implements Filter{@Overridepublic void doFilter(Request request, Response response, FilterChain chain) {request.RequestString = request.RequestString.replace("敏感", "**");System.out.println("SensitiveFilter request 处理完成 request.RequestString = "+request.RequestString);chain.doFilter(request, response, chain);response.ResponseString = response.ResponseString + " | SensitiveFilter response 处理 ";System.out.println("SensitiveFilter response 返回处理完成 response.ResponseString = "+response.ResponseString);}}过滤链条public class FilterChain {private List<Filter> filters = new ArrayList<Filter>();public FilterChain addFilter(Filter filter){filters.add(filter);return this;}int index = -1;public void doFilter(Request request,Response response , FilterChain chain){if(filters.size() > ++ index){filters.get(index).doFilter(request, response, chain);}else if(filters.size() == index){response.ResponseString = "【server处理代码部分】";System.out.println("业务逻辑处理之后的返回:" + response.ResponseString);}}}测试类public class MainTest {public static void main(String[] args) {Request req = new Request();req.RequestString = "O(∩_∩)O哈哈~ <script> <style> 我是敏感词";Response res = new Response();FilterChain chain = new FilterChain();chain.addFilter(new HtmlFilter()).addFilter(new SensitiveFilter());chain.doFilter(req, res, chain);}}执行结果HtmlFilter request 处理完成 request.RequestString = O(∩_∩)O哈哈~ [script] [style] 我是敏感词SensitiveFilter request 处理完成 request.RequestString = O(∩_∩)O哈哈~ [script] [style] 我是**词业务逻辑处理之后的返回:【server处理代码部分】SensitiveFilter response 返回处理完成 response.ResponseString = 【server处理代码部分】 | SensitiveFilter response 处理 HtmlFilter response 返回处理完成 response.ResponseString = 【server处理代码部分】 | SensitiveFilter response 处理 |HtmlFilter response 处理小结:请求 ——>htmlFilter过滤——>sensitiveFilter过滤——>server处理返回response——>sensitiveFilter处理——>htmlFilter处理
问题:如果遇到一些非法请求需要直接返回该如果做
代码如下:
添加非法过滤类public class ErrorFilter implements Filter{@Overridepublic void doFilter(Request request, Response response, FilterChain chain) {request.RequestString = request.RequestString.replace("(:", "^-_-^");System.out.println("ErrorFilter request 处理完成 request.RequestString = "+request.RequestString);System.out.println("**********在这里出错拦截返回**********");boolean flag = false;//模拟错误请求if(flag){chain.doFilter(request, response, chain);}System.out.println("**********在这里出错拦截返回**********");response.ResponseString = response.ResponseString + " |ErrorFilter response 处理";System.out.println("ErrorFilter response 返回处理完成 response.ResponseString = "+response.ResponseString);}}修改测试代码将错误过滤器放在html 与 sensitive之间public class MainTest {public static void main(String[] args) {Request req = new Request();req.RequestString = "O(∩_∩)O哈哈~ <script> <style> 我是敏感词";Response res = new Response();FilterChain chain = new FilterChain();chain.addFilter(new HtmlFilter()).addFilter(new ErrorFilter()).addFilter(new SensitiveFilter());chain.doFilter(req, res, chain);}}执行结果HtmlFilter request 处理完成 request.RequestString = O(∩_∩)O哈哈~ [script] [style] 我是敏感词ErrorFilter request 处理完成 request.RequestString = O(∩_∩)O哈哈~ [script] [style] 我是敏感词**********在这里出错拦截返回********************在这里出错拦截返回**********ErrorFilter response 返回处理完成 response.ResponseString = null |ErrorFilter response 处理HtmlFilter response 返回处理完成 response.ResponseString = null |ErrorFilter response 处理 |HtmlFilter response 处理看以看到response返回结果中的Null值该值代表没有经过server直接返回而且也没有经过sensitiveFilter处理总结:
在过滤器中如果遇到非法请求 需要直接返回 则不需要调用chain.doFilter() 函数 请求会直接返回.
,相反,某天也许你会忽然发现,心早已沦陷。
