原始碼分析過濾器與攔截器的區別
阿新 • • 發佈:2020-08-07
博主最近剛拿到一個微服務的新專案,邊研究邊分析從框架基礎開始慢慢帶領大家研究微服務的一些東西,這次給大家分析下Springboot中的過濾器和攔截器的區別。雖然上次分析過過濾器,但是主要是分析的cas流程,所以就沒太深入,大家也可以看一下的啊
cas原始碼分析:https://www.cnblogs.com/guoxiaoyu/p/13280259.html
好的,正題開始:首先講解一下Springboot中如何進行新增過濾器、進行過濾器過濾請求。新增示例必須來一下
1 @Configuration 2 public class WebConfiguration{ 3 4 @Bean 5過濾器示例public FilterRegistrationBean testFilterByMe(){ 6 FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(); 7 filterRegistrationBean.setFilter(new TestFilterByMe()); 8 filterRegistrationBean.setOrder(1); 9 return filterRegistrationBean; 10 }11 }
我們過濾器為什麼要新增到FilterRegistrationBean中,不新增可不可以,為什麼用@WebFilter註解也可以呢,用@Component可不可以以的呢?博主今天就通過原始碼給大家講解一下這幾個問題
首先我們的Springboot開始啟動後,會進行建立bean和web伺服器tomcat,原始碼附上:
1 @Override 2 protected void onRefresh() { 3 //onRefresh方法就是掃描包,解析配置類,再建立bean的過程,先不帶大家解析這個onRefresh方法了跟本次沒啥太大關係, 4org/springframework/boot/web/servlet/context/ServletWebServerApplicationContext//我們的所有類都在這裡建立完成,包括我們建立的過濾器 5 super.onRefresh(); 6 try { 7 //開始建立web伺服器tomcat,所以Springboot才可以不依賴web容器,自己就可以啟動成功並進行訪問 8 createWebServer(); 9 } 10 catch (Throwable ex) { 11 throw new ApplicationContextException("Unable to start web server", ex); 12 } 13 }
createWebServer()這個方法的原始碼我就不貼上了,大家可以自己看一下原始碼,最後就會看到newtomcat();並進行啟動tomcat。啟動容器後當然是開始進行初始化。
1 private void selfInitialize(ServletContext servletContext) throws ServletException { 2 prepareWebApplicationContext(servletContext); 3 registerApplicationScope(servletContext); 4 WebApplicationContextUtils.registerEnvironmentBeans(getBeanFactory(), servletContext); 5 //getServletContextInitializerBeans()這個方法進開始進行解析並新增filter過濾器 了 6 for (ServletContextInitializer beans : getServletContextInitializerBeans()) { 7 beans.onStartup(servletContext); 8 } 9 }org/springframework/boot/web/servlet/context/ServletWebServerApplicationContext
現在才到了新增過濾器最關鍵的部分,這個部分已經基本把上面的三個問題的答案告訴大家了,詳情原始碼如下:
1 //開始新增過濾器 2 public ServletContextInitializerBeans(ListableBeanFactory beanFactory, 3 Class<? extends ServletContextInitializer>... initializerTypes) { 4 this.initializers = new LinkedMultiValueMap<>(); 5 this.initializerTypes = (initializerTypes.length != 0) ? Arrays.asList(initializerTypes) 6 : Collections.singletonList(ServletContextInitializer.class); 7 //這裡實現的新增形式是通過FilterRegistrationBean型別註冊的 8 addServletContextInitializerBeans(beanFactory); 9 //這裡是通過beanfactory中獲取filter型別過濾器後新增進來的,這就明白了,只要讓spring掃描到, 10 //過濾器自己實現了filter介面,你就會給新增到過濾器鏈 11 addAdaptableBeans(beanFactory); 12 //都會新增到initializers這一個map中 13 List<ServletContextInitializer> sortedInitializers = this.initializers.values().stream() 14 .flatMap((value) -> value.stream().sorted(AnnotationAwareOrderComparator.INSTANCE)) 15 .collect(Collectors.toList()); 16 this.sortedList = Collections.unmodifiableList(sortedInitializers); 17 logMappings(this.initializers); 18 }org/springframework/boot/web/servlet/ServletContextInitializerBeans
一個一個方法分析一下,讓大家看個明白到底是怎麼回事,為什麼這三種方法都可以實現新增過濾器
1 //獲取我們的實現FilterRegistrationBean類的過濾器 2 private void addServletContextInitializerBeans(ListableBeanFactory beanFactory) { 3 for (Class<? extends ServletContextInitializer> initializerType : this.initializerTypes) { 4 //獲取type為ServletContextInitializer的排好序的類,跟是否實現order類無關! 5 for (Entry<String, ? extends ServletContextInitializer> initializerBean : getOrderedBeansOfType(beanFactory, 6 initializerType)) { 7 //這時候就開始判斷實現FilterRegistrationBean類的過濾器 8 addServletContextInitializerBean(initializerBean.getKey(), initializerBean.getValue(), beanFactory); 9 } 10 } 11 }org/springframework/boot/web/servlet/ServletContextInitializerBeans.java
獲取bean時debug,觀察一下,最後會篩選出來我們FilterRegistrationBean的過濾器,為什麼呢?因為這個類的上級實現了ServletContextInitializer
再來看一下新增的過程,就知道filter要註冊到FilterRegistrationBean中的原因了,
1 private void addServletContextInitializerBean(String beanName, ServletContextInitializer initializer, 2 ListableBeanFactory beanFactory) { 3 if (initializer instanceof ServletRegistrationBean) { 4 Servlet source = ((ServletRegistrationBean<?>) initializer).getServlet(); 5 addServletContextInitializerBean(Servlet.class, beanName, initializer, beanFactory, source); 6 } 7 //在這裡進行的新增的過程 8 else if (initializer instanceof FilterRegistrationBean) { 9 Filter source = ((FilterRegistrationBean<?>) initializer).getFilter(); 10 addServletContextInitializerBean(Filter.class, beanName, initializer, beanFactory, source); 11 } 12 else if (initializer instanceof DelegatingFilterProxyRegistrationBean) { 13 String source = ((DelegatingFilterProxyRegistrationBean) initializer).getTargetBeanName(); 14 addServletContextInitializerBean(Filter.class, beanName, initializer, beanFactory, source); 15 } 16 else if (initializer instanceof ServletListenerRegistrationBean) { 17 EventListener source = ((ServletListenerRegistrationBean<?>) initializer).getListener(); 18 addServletContextInitializerBean(EventListener.class, beanName, initializer, beanFactory, source); 19 } 20 else { 21 addServletContextInitializerBean(ServletContextInitializer.class, beanName, initializer, beanFactory, 22 initializer); 23 } 24 }org/springframework/boot/web/servlet/ServletContextInitializerBeans
我們再來看一下另一種新增的方法
1 //另一種新增過濾器的方法在這裡 2 protected void addAdaptableBeans(ListableBeanFactory beanFactory) { 3 MultipartConfigElement multipartConfig = getMultipartConfig(beanFactory); 4 addAsRegistrationBean(beanFactory, Servlet.class, new ServletRegistrationBeanAdapter(multipartConfig)); 5 //從bean工廠中獲取為Filter型別的類,所以只要我們把我們已經實現Filter介面的類交給spring,beanFactory中有我們的類就可以實現 6 addAsRegistrationBean(beanFactory, Filter.class, new FilterRegistrationBeanAdapter()); 7 for (Class<?> listenerType : ServletListenerRegistrationBean.getSupportedTypes()) { 8 addAsRegistrationBean(beanFactory, EventListener.class, (Class<EventListener>) listenerType, 9 new ServletListenerRegistrationBeanAdapter()); 10 } 11 }org/springframework/boot/web/servlet/ServletContextInitializerBeans
其實最後獲取出來後,都是進行建立FilterRegistrationBean
1 private <T, B extends T> void addAsRegistrationBean(ListableBeanFactory beanFactory, Class<T> type, 2 Class<B> beanType, RegistrationBeanAdapter<T> adapter) { 3 //從beanfactory中獲取為filter型別的bean 4 List<Map.Entry<String, B>> entries = getOrderedBeansOfType(beanFactory, beanType, this.seen); 5 for (Entry<String, B> entry : entries) { 6 String beanName = entry.getKey(); 7 B bean = entry.getValue(); 8 if (this.seen.add(bean)) { 9 //剩下其他自動實現的建立過程,也是建立一個FilterRegistrationBean並返回 10 RegistrationBean registration = adapter.createRegistrationBean(beanName, bean, entries.size()); 11 int order = getOrder(bean); 12 registration.setOrder(order); 13 this.initializers.add(type, registration); 14 if (logger.isTraceEnabled()) { 15 logger.trace("Created " + type.getSimpleName() + " initializer for bean '" + beanName + "'; order=" 16 + order + ", resource=" + getResourceDescription(beanName, beanFactory)); 17 } 18 } 19 } 20 } 21 @Override 22 public RegistrationBean createRegistrationBean(String name, Filter source, int totalNumberOfSourceBeans) { 23 FilterRegistrationBean<Filter> bean = new FilterRegistrationBean<>(source); 24 bean.setName(name); 25 return bean; 26 }org/springframework/boot/web/servlet/ServletContextInitializerBeans
現在已經把過濾器找的了並且已經新增成功了,開始進行註冊時呼叫的是onstartup方法,註冊到filterDefs這個map中,下面初始化會用到
這裡開始進行過濾器的初始化,new ApplicationFilterConfig方法就需要大家自己去debug了,至少加深一下印象,裡面會進行初始化,呼叫init方法
1 //開始過濾器的初始化 2 public boolean filterStart() { 3 4 if (getLogger().isDebugEnabled()) { 5 getLogger().debug("Starting filters"); 6 } 7 // Instantiate and record a FilterConfig for each defined filter 8 boolean ok = true; 9 synchronized (filterConfigs) { 10 filterConfigs.clear(); 11 //filterDefs這個map就是剛才新增進來的過濾器map 12 for (Entry<String,FilterDef> entry : filterDefs.entrySet()) { 13 String name = entry.getKey(); 14 if (getLogger().isDebugEnabled()) { 15 getLogger().debug(" Starting filter '" + name + "'"); 16 } 17 try { 18 //在這裡會進行fileter的init方法 19 ApplicationFilterConfig filterConfig = 20 new ApplicationFilterConfig(this, entry.getValue()); 21 filterConfigs.put(name, filterConfig); 22 } catch (Throwable t) { 23 t = ExceptionUtils.unwrapInvocationTargetException(t); 24 ExceptionUtils.handleThrowable(t); 25 getLogger().error(sm.getString( 26 "standardContext.filterStart", name), t); 27 ok = false; 28 } 29 } 30 }org/apache/catalina/core/StandardContext
到這裡,過濾器初始化就完成了也把開頭的三個問題給大家講解明白了,剩下的就是過濾請求的過程了,看一下請求過來時的原始碼處理
1 // Create the filter chain for this request 2 //當有請求過來時,首先會呼叫過濾器,進行過濾,這裡會進行過濾器陣列的建立 3 ApplicationFilterChain filterChain = 4 ApplicationFilterFactory.createFilterChain(request, wrapper, servlet); 5 6 // Call the filter chain for this request 7 // NOTE: This also calls the servlet's service() method 8 Container container = this.container; 9 try { 10 if ((servlet != null) && (filterChain != null)) { 11 // Swallow output if needed 12 if (context.getSwallowOutput()) { 13 try { 14 SystemLogHandler.startCapture(); 15 if (request.isAsyncDispatching()) { 16 request.getAsyncContextInternal().doInternalDispatch(); 17 } else { 18 filterChain.doFilter(request.getRequest(), 19 response.getResponse()); 20 } 21 } finally { 22 String log = SystemLogHandler.stopCapture(); 23 if (log != null && log.length() > 0) { 24 context.getLogger().info(log); 25 } 26 } 27 } else { 28 if (request.isAsyncDispatching()) { 29 request.getAsyncContextInternal().doInternalDispatch(); 30 } else { 31 filterChain.doFilter 32 (request.getRequest(), response.getResponse()); 33 } 34 } 35 36 }org/apache/catalina/core/StandardWrapperValve
1 //陣列結構可以在這裡檢視 2 void addFilter(ApplicationFilterConfig filterConfig) { 3 4 // Prevent the same filter being added multiple times 5 for(ApplicationFilterConfig filter:filters) 6 if(filter==filterConfig) 7 return; 8 9 if (n == filters.length) { 10 ApplicationFilterConfig[] newFilters = 11 new ApplicationFilterConfig[n + INCREMENT]; 12 System.arraycopy(filters, 0, newFilters, 0, n); 13 filters = newFilters; 14 } 15 filters[n++] = filterConfig; 16 17 }ApplicationFilter資料結構
建立後會進行對請求的過濾,原始碼:
1 //過濾器開始過濾 2 private void internalDoFilter(ServletRequest request, 3 ServletResponse response) 4 throws IOException, ServletException { 5 6 // Call the next filter if there is one 7 //過濾器陣列大小 8 if (pos < n) { 9 //每呼叫一次都會從陣列中自增1 pos++ 10 ApplicationFilterConfig filterConfig = filters[pos++]; 11 try { 12 Filter filter = filterConfig.getFilter(); 13 14 if (request.isAsyncSupported() && "false".equalsIgnoreCase( 15 filterConfig.getFilterDef().getAsyncSupported())) { 16 request.setAttribute(Globals.ASYNC_SUPPORTED_ATTR, Boolean.FALSE); 17 } 18 if( Globals.IS_SECURITY_ENABLED ) { 19 final ServletRequest req = request; 20 final ServletResponse res = response; 21 Principal principal = 22 ((HttpServletRequest) req).getUserPrincipal(); 23 24 Object[] args = new Object[]{req, res, this}; 25 SecurityUtil.doAsPrivilege ("doFilter", filter, classType, args, principal); 26 } else { 27 //每次都會呼叫doFilter方法,在doFilter方法中呼叫internalDoFilter,就是一直回撥,直到所有過濾器走完 28 filter.doFilter(request, response, this); 29 } 30 } catch (IOException | ServletException | RuntimeException e) { 31 throw e; 32 } catch (Throwable e) { 33 e = ExceptionUtils.unwrapInvocationTargetException(e); 34 ExceptionUtils.handleThrowable(e); 35 throw new ServletException(sm.getString("filterChain.filter"), e); 36 } 37 //當有過濾器直接返回,並沒有繼續回撥時,回直接return,不會處理該請求,就是下面的步驟 38 return; 39 } 40 //當所有過濾器走完後,將會處理請求 41 // We fell off the end of the chain -- call the servlet instance 42 try { 43 if (ApplicationDispatcher.WRAP_SAME_OBJECT) { 44 lastServicedRequest.set(request); 45 lastServicedResponse.set(response); 46 } 47 48 if (request.isAsyncSupported() && !servletSupportsAsync) { 49 request.setAttribute(Globals.ASYNC_SUPPORTED_ATTR, 50 Boolean.FALSE); 51 } 52 // Use potentially wrapped request from this point 53 if ((request instanceof HttpServletRequest) && 54 (response instanceof HttpServletResponse) && 55 Globals.IS_SECURITY_ENABLED ) { 56 final ServletRequest req = request; 57 final ServletResponse res = response; 58 Principal principal = 59 ((HttpServletRequest) req).getUserPrincipal(); 60 Object[] args = new Object[]{req, res}; 61 SecurityUtil.doAsPrivilege("service", 62 servlet, 63 classTypeUsedInService, 64 args, 65 principal); 66 } else { 67 //就是這裡直接呼叫dsipatcherservlet的service方法去轉發doget,dopost方法的, 68 //剩下的就是攔截器的知識點了: 69 servlet.service(request, response); 70 } 71 } catch (IOException | ServletException | RuntimeException e) { 72 throw e; 73 } catch (Throwable e) { 74 e = ExceptionUtils.unwrapInvocationTargetException(e); 75 ExceptionUtils.handleThrowable(e); 76 throw new ServletException(sm.getString("filterChain.servlet"), e); 77 } finally { 78 if (ApplicationDispatcher.WRAP_SAME_OBJECT) { 79 lastServicedRequest.set(null); 80 lastServicedResponse.set(null); 81 } 82 } 83 }org/apache/catalina/core/ApplicationFilterChain
到此建立以及過濾請求的流程分析也就結束了,和攔截器的建立以及攔截分析做一下對比,分析一下兩者的區別,如果不知道攔截器的建立以及流程處理可以看一下我的另一篇文章:https://www.cnblogs.com/guoxiaoyu/p/13402861.html
相同點:
- 都需要交給spring進行管理,雖然filter本身是servlet,但是如果不給spring管理,根本不會新增成功,也不會過濾請求
- 都會在請求真正被處理前進行攔截過濾,如果不符合條件會直接返回,不會處理請求
- 兩者都可以指定執行順序
差異點:
- 過濾器先註冊,攔截器後註冊
- 過濾器先執行,攔截器後執行,攔截器可以在請求執行後繼續處理其他事情,過濾器只有一個過濾的方法
- 過濾器執行時是基於函式回撥,而攔截器執行是直接從陣列中獲取,一個一個執行,作者沒有看到哪裡用到了反射,網上好多說是反射,攔截器的三個方法都是從陣列中獲取然後一個一個呼叫方法進行的,只有在處理請求的時候才用到了invoke反射