理解Servlet与Filter的关系与设计思路
程序员文章站
2022-05-02 07:55:18
...
什么是Servlet
对一个HTTP请求的正常的处理流程是:
- 发送HTTP请求
- 服务端的HTTP服务器收到请求
- 调用业务逻辑
- 返回HTTP响应
产生了下面3个问题:
-
HTTP 服务器怎么知道要调用哪个业务逻辑,也就是 Java 类的哪个方法呢?
HTTP服务器可以被设计成收到请求后,接续寻找该请求的处理逻辑,但是这样就会使得HTTP 服务器的代码跟业务逻辑耦合在一起。
-
如果问题1交给HTTP服务器,如何解决HTTP 服务器的代码跟业务逻辑耦合在一起?
根据职责单一原则,HTTP服务器的功能就应当设计成接收请求、发送响应,具体的处理逻辑可以交给一个第三方,由第三方去寻找处理逻辑所在的Java类。这个第三方就是Servlet容器。
-
Servlet容器是否需要知道具体的业务逻辑?
不需要,只需要给到基本的数据(
ServletRequest、ServletResponse)给到业务逻辑处理单位即可,不用关注业务逻辑的具体实现。
所以Servlet被设计成了一个接口:
public interface Servlet {
// Servlet容器在加载Servlet类的时候会调用
void init(ServletConfig config) throws ServletException;
// 在web.xml给改Servlet配置的参数
ServletConfig getServletConfig();
// 业务逻辑处理入口
void service(ServletRequest req, ServletResponse res)throws ServletException, IOException;
String getServletInfo();
// 在卸载的时候会调用
void destroy();
}
其处理的流程:
HTTP 服务器不直接调用业务类,而是把请求交给容器来处理,容器通过 Servlet 接口调用业务类。因此 Servlet 接口和 Servlet 容器的出现,达到了 HTTP 服务器与业务类解耦的目的。
Servlet 接口和 Servlet 容器这一整套规范叫作 Servlet 规范。Tomcat按照 Servlet 规范的要求实现了 Servlet 容器,同时它们也具有 HTTP 服务器的功能。
什么是Filter
过滤器。这个接口允许你对请求和响应做一些统一的定制化处理,比如你可以根据请求的频率来限制访问,或者根据国家地区的不同来修改响应内容。过滤器的工作原理是这样的:Web 应用部署完成后,Servlet 容器需要实例化 Filter 并把 Filter 链接成一个 FilterChain。当请求进来时,获取第一个 Filter 并调用 doFilter 方法,doFilter 方法负责调用这个 FilterChain 中的下一个 Filter。
它在Java中的变现为一个接口:
/**
* A filter is an object that performs filtering tasks on either the request to
* a resource (a servlet or static content), or on the response from a resource,
* or both.
*
* Filters perform filtering in the <code>doFilter</code> method. Every Filter
* has access to a FilterConfig object from which it can obtain its
* initialization parameters, a reference to the ServletContext which it can
* use, for example, to load resources needed for filtering tasks.
*/
public interface Filter {
/**
* Called by the web container to indicate to a filter that it is being
* placed into service. The servlet container calls the init method exactly
* once after instantiating the filter. The init method must complete
* successfully before the filter is asked to do any filtering work.
*/
public default void init(FilterConfig filterConfig) throws ServletException {}
/**
* The <code>doFilter</code> method of the Filter is called by the container
* each time a request/response pair is passed through the chain due to a
* client request for a resource at the end of the chain. The FilterChain
* passed in to this method allows the Filter to pass on the request and
* response to the next entity in the chain.
* <p>
* A typical implementation of this method would follow the following
* pattern:- <br>
* 1. Examine the request<br>
* 2. Optionally wrap the request object with a custom implementation to
* filter content or headers for input filtering <br>
* 3. Optionally wrap the response object with a custom implementation to
* filter content or headers for output filtering <br>
* 4. a) <strong>Either</strong> invoke the next entity in the chain using
* the FilterChain object (<code>chain.doFilter()</code>), <br>
* 4. b) <strong>or</strong> not pass on the request/response pair to the
* next entity in the filter chain to block the request processing<br>
* 5. Directly set headers on the response after invocation of the next
* entity in the filter chain.
*/
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException;
/**
* Called by the web container to indicate to a filter that it is being
* taken out of service. This method is only called once all threads within
* the filter's doFilter method have exited or after a timeout period has
* passed. After the web container calls this method, it will not call the
* doFilter method again on this instance of the filter.
*
* This method gives the filter an opportunity to clean up any resources
* that are being held (for example, memory, file handles, threads) and make
* sure that any persistent state is synchronized with the filter's current
* state in memory.
*/
public default void destroy() {}
}
什么是FilterChain
/**
* A FilterChain is an object provided by the servlet container to the developer
* giving a view into the invocation chain of a filtered request for a resource.
* Filters use the FilterChain to invoke the next filter in the chain, or if the
* calling filter is the last filter in the chain, to invoke the resource at the
* end of the chain.
**/
public interface FilterChain {
/**
* Causes the next filter in the chain to be invoked, or if the calling
* filter is the last filter in the chain, causes the resource at the end of
* the chain to be invoked.
*/
// doFilter方法负责调用这个FilterChain中的下一个Filter
public void doFilter(ServletRequest request, ServletResponse response)
throws IOException, ServletException;
}
FilterChain是一个接口,Tomcat里面有个一实现该接口的final类ApplicationFilterChain.java。
其中含有一个ApplicationFilterConfig.java
private ApplicationFilterConfig[] filters = new ApplicationFilterConfig[0];
/**
* The int which is used to maintain the current position in the filter chain.
*/
private int pos = 0;
/**
* The int which gives the current number of filters in the chain.
*/
private int n = 0;
实现了FilterChain的doFilter(ServletRequest request, ServletResponse response)方法,其实就是调用了该类中的internalDoFilter(ServletRequest request, ServletResponse response)。调用完毕后,pos++。如果下次使用该FilterChain的doFilter()方法,会调用下一个Filter(如果存在)
private void internalDoFilter(ServletRequest request,
ServletResponse response) throws IOException, ServletException {
// Call the next filter if there is one
if (pos < n) {
// 注意pos++
ApplicationFilterConfig filterConfig = filters[pos++];
try {
Filter filter = filterConfig.getFilter();
if (request.isAsyncSupported() && "false".equalsIgnoreCase(
filterConfig.getFilterDef().getAsyncSupported())) {
request.setAttribute(Globals.ASYNC_SUPPORTED_ATTR, Boolean.FALSE);
}
if( Globals.IS_SECURITY_ENABLED ) {
final ServletRequest req = request;
final ServletResponse res = response;
Principal principal =
((HttpServletRequest) req).getUserPrincipal();
Object[] args = new Object[]{req, res, this};
SecurityUtil.doAsPrivilege ("doFilter", filter, classType, args, principal);
} else {
// 实际调用Filter的doFilter()方法
filter.doFilter(request, response, this);
}
} catch (IOException | ServletException | RuntimeException e) {
throw e;
} catch (Throwable e) {
e = ExceptionUtils.unwrapInvocationTargetException(e);
ExceptionUtils.handleThrowable(e);
throw new ServletException(sm.getString("filterChain.filter"), e);
}
return;
}
其中有一个对Filter的包装类ApplicationFilterConfig,其中持有一个Filter对象,可通过getFilter()方法去获取。上述类之间的UML图关系如下:
所以如果在Filter的doFilte()方法中,调用filterChain.doFilter(servletRequest, servletResponse);的话,会将流程交给chainFilter。因此也不难理解项目中Filter的使用如下:
@Order(1)
@WebFilter(urlPatterns = "/*", filterName = "requestWrapperFilter")
public class RequestWrapperFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException { }
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
// 添加traceId
String traceId = ((HttpServletRequest) servletRequest).getHeader(Constants.REQUEST_HEADER_TRACEID);
if (StringUtils.isBlank(traceId)) {
traceId = StringUtils.replace(UUID.randomUUID().toString(), "-", "");
}
MDC.put(Constants.REQUEST_HEADER_TRACEID, traceId);
try {
// multipart/form-data请求不添加traceId
if (ServletFileUpload.isMultipartContent((HttpServletRequest) servletRequest)) {
filterChain.doFilter(servletRequest, servletResponse);
} else {
filterChain.doFilter(new RequestWrapper((HttpServletRequest) servletRequest), servletResponse);
}
} finally {
// 清除 traceId
MDC.remove(Constants.REQUEST_HEADER_TRACEID);
}
}
@Override
public void destroy() {}
}