spring mvc 拦截器和过滤器

1.拦截器是基于java的反射机制的，而过滤器是基于函数回调。都是AOP的体现

　　2.拦截器不依赖与servlet容器，过滤器依赖与servlet容器。
　　3.拦截器只能对action请求起作用，而过滤器则可以对几乎所有的请求起作用。
　　4.拦截器可以访问action上下文、值栈里的对象，而过滤器不能访问。
　　5.在action的生命周期中，拦截器可以多次被调用，而过滤器只能在容器初始化时被调用一次。
　　6.拦截器可以获取IOC容器中的各个bean，而过滤器就不行，这点很重要，在拦截器里注入一个service，可以调用业务逻辑。

拦截器用于用户登录权限验证 preHandle

public class MyLoginInterceptor implements HandlerInterceptor {
@Override
public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)
throws Exception {
}
@Override
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3)
throws Exception {
}
@Override
public boolean preHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2) throws Exception {

    //首页路径以及登录放行
    if ("/index".equals(arg0.getRequestURI()) || "/login".equals(arg0.getRequestURI())) {
        return true;}
    if("/out".equals(arg0.getRequestURI())){
        SessionListener asad = new SessionListener();
        asad.sessionDestroyed((HttpSessionEvent) arg0.getSession(false));
    }
    //重定向------前台实现
    String token = arg0.getHeader("token");
    System.out.println("token: " + token);
    HttpSession session = arg0.getSession();
    arg0.getServletContext().log("sessionID: " + session.getId());
    Object object = session.getAttribute("users");
    if (null == token) {
        arg1.getWriter().write("Please Login In");
        return false;}
    return true;
}

}

过滤器跨域放行 doFilter
@Component
public class CORSFilter implements Filter {

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
        throws IOException, ServletException {
    HttpServletRequest req = (HttpServletRequest) request;
    HttpServletResponse res = (HttpServletResponse) response;

    ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes)RequestContextHolder.getRequestAttributes();
    HttpServletRequest request1 = servletRequestAttributes.getRequest();
    String Session = request1.getHeader("users");
    System.out.println("Session: " +Session);

    String origin = "*";
    if(req.getHeader("Origin")!=null){
        origin = req.getHeader("Origin");
    }

    // 允许http://www.xxx.com域（自行设置，这里只做示例）发起跨域请求
    res.setHeader("Access-Control-Allow-Origin", origin);
    // 允许跨域请求包含content-type
    res.setHeader("Access-Control-Allow-Headers", "Content-Type,X-CAF-Authorization-Token,sessionToken,X-TOKEN,Access-Token,X-Requested-With,token,x-auth-token");

// res.setHeader("Access-Control-Allow-Origin", request2.getHeader("Origin"));
// 设置允许跨域请求的方法
res.setHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT,OPTIONS");
// 设置允许Cookie
res.setHeader("Access-Control-Allow-Credentials", "true");

    // 设置允许跨域请求的方法
    res.setHeader("Access-Control-Max-Age", "3600");

    res.setContentType("application/json");
    res.setCharacterEncoding("utf-8");
    if (req.getMethod().equals("OPTIONS")) {
        res.setStatus(HttpServletResponse.SC_OK);
    }
    else
    {
        chain.doFilter(request, response);
    }

}

@Override
public void destroy() {
}

@Override
public void init(FilterConfig filterConfig) throws ServletException {
}

}