记录一下SpringBoot的拦截器(Interceptor)使用
拦截器(Interceptor)是AOP面向切面编程的思想来实现的,对于只写代码的来说,具体如何实现不需要多关心,只需要关心如何去使用,会用在那些地方。
当http请求进入Springboot应用程序后,会去调用 Controller 层,在进入Controller处理应用业务之前,这个请求是需要通过经过拦截器(Interceptor)的,可能是一个也可能是多个,根据需求来,在Controller处理完业务逻辑之后,也要经过拦截器(Interceptor),最终将结果返回给请求着,即使不返回,也会经过的。
在拦截器(Interceptor)中,最常的应用有几个方面
1.校验token(最常用):根据请求token拦截校验是否允许访问特定资源 比如用户列表,开放的请求地址url需要额外的拦截器配置 比如登录
2.记录日志: 记录请求信息的日志数据
3.数据统计: 统计请求某一资源的次数,统计请求进入到响应的处理时间等
4.其他一些实际需求的功能
目前使用的是SpringBoot2.0.5版本
<parent><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>2.0.5.RELEASE</version><relativePath/> <!-- lookup parent from repository -->
</parent>
自定义 Interceptor一般是实现 org.springframework.web.servlet.HandlerInterceptor接口
源码是这样的
/** Copyright 2002-2017 the original author or authors.** Licensed under the Apache License, Version 2.0 (the "License");* you may not use this file except in compliance with the License.* You may obtain a copy of the License at** http://www.apache.org/licenses/LICENSE-2.0** Unless required by applicable law or agreed to in writing, software* distributed under the License is distributed on an "AS IS" BASIS,* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.* See the License for the specific language governing permissions and* limitations under the License.*/package org.springframework.web.servlet;import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;import org.springframework.lang.Nullable;
import org.springframework.web.method.HandlerMethod;/*** Workflow interface that allows for customized handler execution chains.* Applications can register any number of existing or custom interceptors* for certain groups of handlers, to add common preprocessing behavior* without needing to modify each handler implementation.** <p>A HandlerInterceptor gets called before the appropriate HandlerAdapter* triggers the execution of the handler itself. This mechanism can be used* for a large field of preprocessing aspects, e.g. for authorization checks,* or common handler behavior like locale or theme changes. Its main purpose* is to allow for factoring out repetitive handler code.** <p>In an asynchronous processing scenario, the handler may be executed in a* separate thread while the main thread exits without rendering or invoking the* {@code postHandle} and {@code afterCompletion} callbacks. When concurrent* handler execution completes, the request is dispatched back in order to* proceed with rendering the model and all methods of this contract are invoked* again. For further options and details see* {@code org.springframework.web.servlet.AsyncHandlerInterceptor}** <p>Typically an interceptor chain is defined per HandlerMapping bean,* sharing its granularity. To be able to apply a certain interceptor chain* to a group of handlers, one needs to map the desired handlers via one* HandlerMapping bean. The interceptors themselves are defined as beans* in the application context, referenced by the mapping bean definition* via its "interceptors" property (in XML: a <list> of <ref>).** <p>HandlerInterceptor is basically similar to a Servlet Filter, but in* contrast to the latter it just allows custom pre-processing with the option* of prohibiting the execution of the handler itself, and custom post-processing.* Filters are more powerful, for example they allow for exchanging the request* and response objects that are handed down the chain. Note that a filter* gets configured in web.xml, a HandlerInterceptor in the application context.** <p>As a basic guideline, fine-grained handler-related preprocessing tasks are* candidates for HandlerInterceptor implementations, especially factored-out* common handler code and authorization checks. On the other hand, a Filter* is well-suited for request content and view content handling, like multipart* forms and GZIP compression. This typically shows when one needs to map the* filter to certain content types (e.g. images), or to all requests.** @author Juergen Hoeller* @since 20.06.2003* @see HandlerExecutionChain#getInterceptors* @see org.springframework.web.servlet.handler.HandlerInterceptorAdapter* @see org.springframework.web.servlet.handler.AbstractHandlerMapping#setInterceptors* @see org.springframework.web.servlet.handler.UserRoleAuthorizationInterceptor* @see org.springframework.web.servlet.i18n.LocaleChangeInterceptor* @see org.springframework.web.servlet.theme.ThemeChangeInterceptor* @see javax.servlet.Filter*/
public interface HandlerInterceptor {/*** Intercept the execution of a handler. Called after HandlerMapping determined* an appropriate handler object, but before HandlerAdapter invokes the handler.* <p>DispatcherServlet processes a handler in an execution chain, consisting* of any number of interceptors, with the handler itself at the end.* With this method, each interceptor can decide to abort the execution chain,* typically sending a HTTP error or writing a custom response.* <p><strong>Note:</strong> special considerations apply for asynchronous* request processing. For more details see* {@link org.springframework.web.servlet.AsyncHandlerInterceptor}.* <p>The default implementation returns {@code true}.* @param request current HTTP request* @param response current HTTP response* @param handler chosen handler to execute, for type and/or instance evaluation* @return {@code true} if the execution chain should proceed with the* next interceptor or the handler itself. Else, DispatcherServlet assumes* that this interceptor has already dealt with the response itself.* @throws Exception in case of errors*/default boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)throws Exception {return true;}/*** Intercept the execution of a handler. Called after HandlerAdapter actually* invoked the handler, but before the DispatcherServlet renders the view.* Can expose additional model objects to the view via the given ModelAndView.* <p>DispatcherServlet processes a handler in an execution chain, consisting* of any number of interceptors, with the handler itself at the end.* With this method, each interceptor can post-process an execution,* getting applied in inverse order of the execution chain.* <p><strong>Note:</strong> special considerations apply for asynchronous* request processing. For more details see* {@link org.springframework.web.servlet.AsyncHandlerInterceptor}.* <p>The default implementation is empty.* @param request current HTTP request* @param response current HTTP response* @param handler handler (or {@link HandlerMethod}) that started asynchronous* execution, for type and/or instance examination* @param modelAndView the {@code ModelAndView} that the handler returned* (can also be {@code null})* @throws Exception in case of errors*/default void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,@Nullable ModelAndView modelAndView) throws Exception {}/*** Callback after completion of request processing, that is, after rendering* the view. Will be called on any outcome of handler execution, thus allows* for proper resource cleanup.* <p>Note: Will only be called if this interceptor's {@code preHandle}* method has successfully completed and returned {@code true}!* <p>As with the {@code postHandle} method, the method will be invoked on each* interceptor in the chain in reverse order, so the first interceptor will be* the last to be invoked.* <p><strong>Note:</strong> special considerations apply for asynchronous* request processing. For more details see* {@link org.springframework.web.servlet.AsyncHandlerInterceptor}.* <p>The default implementation is empty.* @param request current HTTP request* @param response current HTTP response* @param handler handler (or {@link HandlerMethod}) that started asynchronous* execution, for type and/or instance examination* @param ex exception thrown on handler execution, if any* @throws Exception in case of errors*/default void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,@Nullable Exception ex) throws Exception {}}preHandler(HttpServletRequest request, HttpServletResponse response, Object handler) 方法
这个方法是在http请求进来之后处理之前被调用的 返回是 Boolean 类型,返回 false 时,表示直接掐断请求,直接结束了,那么也就不会进入Controller;返回 true 时,会继续进入下一个拦截器同样的方法(preHandler)直到所有的preHandler方法都通过才进入Controller。
postHandler(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) 方法
http请求处理好业务后,从Controller控制器返回后调用,视图解析器之前,也就是在渲染数据返回数据之前被调用。
afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handle, Exception ex) 方法
当对应的拦截器preHandle返回值是 true 时才会在整个请求结束之后执行,视图解析器之后,也可以理解为postHandler后
自定义CustomHandlerInterceptor.java
package boot.example.interceptor.config;import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;public class CustomHandlerInterceptor implements HandlerInterceptor{/*** Controller逻辑执行之前进行拦截*/@Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {System.out.println("preHandle:");String uri = request.getRequestURI();System.out.println("拦截的uri:"+uri);if (handler instanceof HandlerMethod) {HandlerMethod handlerMethod = (HandlerMethod) handler;System.out.println("拦截 Controller:"+ handlerMethod.getBean().getClass().getName());System.out.println("拦截方法:"+handlerMethod.getMethod().getName());}//拦截token,没有token的不允许继续往下执行String token = request.getHeader("token");if(token == null){return false;}long startTime = System.currentTimeMillis();System.out.println("start-time: " + startTime);request.setAttribute("startTime", startTime);return true;}/*** Controller逻辑执行完毕但是视图解析器还为进行解析之前进行拦截*/@Overridepublic void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {System.out.println("postHandle:");long endTime = System.currentTimeMillis();long startTime = (Long) request.getAttribute("startTime");System.out.println("post-end-time: " + endTime);System.out.println("post-差值ms:" + (endTime - startTime));HandlerInterceptor.super.postHandle(request, response, handler, modelAndView);}/*** Controller逻辑和视图解析器执行完毕进行拦截*/@Overridepublic void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {System.out.println("afterCompletion:");long startTime = (Long) request.getAttribute("startTime");long endTime = System.currentTimeMillis();System.out.println("after-end-time: " + endTime);System.out.println("after-差值ms:" + (endTime - startTime));HandlerInterceptor.super.afterCompletion(request, response, handler, ex);}
}配置拦截器
bean方式(不推荐)
package boot.example.interceptor.config;import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;/*** 使用bean的方式**/
@Configuration
public class InterceptorConfig {@Beanpublic CustomHandlerInterceptor customHandlerInterceptor(){return new CustomHandlerInterceptor();}@Beanpublic WebMvcConfigurer webMvcConfigurer(){return new WebMvcConfigurer() {@Overridepublic void addInterceptors(InterceptorRegistry registry) {registry.addInterceptor(customHandlerInterceptor()).addPathPatterns("/**")//.excludePathPatterns("/").excludePathPatterns("/index/**");}};}}重写方式来配置(推荐)
package boot.example.interceptor.config;import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;/*** 重写方式来配置,推荐**/
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {@Beanpublic CustomHandlerInterceptor customHandlerInterceptor(){return new CustomHandlerInterceptor();}@Overridepublic void addInterceptors(InterceptorRegistry registry) {registry.addInterceptor(customHandlerInterceptor()).addPathPatterns("/**")//.excludePathPatterns("/").excludePathPatterns("/index/**");}}测试-BootIndexController.java
package boot.example.interceptor.controller;import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;@Controller
public class BootIndexController {@RequestMapping("/")@ResponseBodypublic String index() {return "index";}@RequestMapping("/index/hello")@ResponseBodypublic String indexHello() {return "hello world";}@RequestMapping("/inter/hello")@ResponseBodypublic String interHello(){return "inter world";}@RequestMapping("/inter/sleep")@ResponseBodypublic String sleepHello() throws InterruptedException {// 假装处理2sThread.sleep(2000);return "inter world";}}表示拦截所有的url请求
.addPathPatterns(“/**”)
表示放开拦截的url请求
.excludePathPatterns(“/”)
.excludePathPatterns(“/index/**”)
请求无拦截的情况,直接返回数据,不会经过拦截器
请求有拦截的情况,没有token是访问不到资源的
查看控制台
随意写个token
可以看到拦截通过了 执行了对应的三个方法 在这里有测试的故意延迟
一个应用可能有多个拦截器,有的时候拦截器需要执行的先后顺序,默认的情况下是按照注册的先后顺序
拦截器ONE
CustomOrderOneHandlerInterceptor.java
package boot.example.interceptor.config;import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;public class CustomOrderOneHandlerInterceptor implements HandlerInterceptor{/*** Controller逻辑执行之前进行拦截*/@Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {System.out.println("CustomOrderOneHandlerInterceptor: preHandle");return true;}/*** Controller逻辑执行完毕但是视图解析器还为进行解析之前进行拦截*/@Overridepublic void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {System.out.println("CustomOrderOneHandlerInterceptor: postHandle");}/*** Controller逻辑和视图解析器执行完毕进行拦截*/@Overridepublic void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {System.out.println("CustomOrderOneHandlerInterceptor: afterCompletion");}
}拦截器TWO
CustomOrderTwoHandlerInterceptor.java
package boot.example.interceptor.config;import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;public class CustomOrderTwoHandlerInterceptor implements HandlerInterceptor{/*** Controller逻辑执行之前进行拦截*/@Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {System.out.println("CustomOrderTwoHandlerInterceptor: preHandle");return true;}/*** Controller逻辑执行完毕但是视图解析器还为进行解析之前进行拦截*/@Overridepublic void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {System.out.println("CustomOrderTwoHandlerInterceptor: postHandle");}/*** Controller逻辑和视图解析器执行完毕进行拦截*/@Overridepublic void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {System.out.println("CustomOrderTwoHandlerInterceptor: afterCompletion");}
}拦截器配置
OderInterceptorConfig.java
package boot.example.interceptor.config;import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;/*** 重写方式来配置,推荐**/
@Configuration
public class OderInterceptorConfig implements WebMvcConfigurer {@Beanpublic CustomOrderOneHandlerInterceptor customOrderOneHandlerInterceptor(){return new CustomOrderOneHandlerInterceptor();}@Beanpublic CustomOrderTwoHandlerInterceptor customOrderTwoHandlerInterceptor(){return new CustomOrderTwoHandlerInterceptor();}@Overridepublic void addInterceptors(InterceptorRegistry registry) {registry.addInterceptor(customOrderOneHandlerInterceptor()).addPathPatterns("/**").excludePathPatterns("/index/**");registry.addInterceptor(customOrderTwoHandlerInterceptor()).addPathPatterns("/**").excludePathPatterns("/index/**");}}可以看到customOrderOneHandlerInterceptor()在customOrderTwoHandlerInterceptor()之前,启动程序打开访问打开控制台查看打印日志确认
交换顺序可以看到TWO在ONE之前执行
使用order自定义顺序 可以看到值小的比值大的先执行
使用拦截器重定向
当访问
http://localhost:8080
重定向
http://localhost:8080/home
CustomRedirectOneHandlerInterceptor.java
package boot.example.interceptor.config;import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;public class CustomRedirectOneHandlerInterceptor implements HandlerInterceptor{/*** Controller逻辑执行之前进行拦截*/@Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {System.out.println("CustomRedirectOneHandlerInterceptor: preHandle");System.out.println("CustomRedirectOneHandlerInterceptor Request url: " + request.getRequestURL());response.sendRedirect(request.getContextPath()+ "/home");return false;}/*** Controller逻辑执行完毕但是视图解析器还为进行解析之前进行拦截*/@Overridepublic void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {System.out.println("CustomRedirectOneHandlerInterceptor: postHandle");}/*** Controller逻辑和视图解析器执行完毕进行拦截*/@Overridepublic void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {System.out.println("CustomRedirectOneHandlerInterceptor: afterCompletion");}
}CustomRedirectTwoHandlerInterceptor.java
package boot.example.interceptor.config;import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;public class CustomRedirectTwoHandlerInterceptor implements HandlerInterceptor{/*** Controller逻辑执行之前进行拦截*/@Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {System.out.println("CustomRedirectTwoHandlerInterceptor: preHandle");System.out.println("CustomRedirectTwoHandlerInterceptor Request url: " + request.getRequestURL());return true;}/*** Controller逻辑执行完毕但是视图解析器还为进行解析之前进行拦截*/@Overridepublic void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {System.out.println("CustomRedirectTwoHandlerInterceptor: postHandle");}/*** Controller逻辑和视图解析器执行完毕进行拦截*/@Overridepublic void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {System.out.println("CustomRedirectTwoHandlerInterceptor: afterCompletion");}
}BootIndexController.java
package boot.example.interceptor.controller;import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;@Controller
public class BootIndexController {@RequestMapping("/")@ResponseBodypublic String index() {return "/";}@RequestMapping("/home")@ResponseBodypublic String indexHello() {return "/home";}}用postman访问
浏览器输入http://localhost:8080会跳转的
