Java Servlet (1) —— Filter过滤请求与响应

Java Servlet (1) —— Filter过滤请求与响应


版本: Java EE 6

参考来源:

Oracle:The Java EE 6 Tutorial: Filtering Requests and Responses

CSDN:Java中Filter、Servlet、Listener的学习

CSDN:filter与servlet的比较

正文

oracle javaee 6的官方文档中短短的一段话,分别从定义、内容、应用、实现这四个方面对Filter这个东西做了详细的说明

定义

A filter is an object that can transform the header and content (or both) of a request or response. Filters differ from web components in that filters usually do not themselves create a response. Instead, a filter provides functionality that can be “attached” to any kind of web resource. Consequently, a filter should not have any dependencies on a web resource for which it is acting as a filter; this way, it can be composed with more than one type of web resource.

以上定义有几层意思:

  1. Filter是一个对象

    (A filter is an object)

  2. Filter对象的功能是可以变换请求或相应的头和内容

    (can transform the header and content (or both) of a request or response)

  3. Filter与web components不同,不自己创建相应

    (Filters differ from web components in that filters usually do not themselves create a response)

    Web Components是什么?(Wiki:Web Components

    Wiki上的定义比较抽象,但是它也给出了Web Components所表现的几个具象形式:

    • 自定义元素(Custom Elements)

    • 隐藏DOM(Shadow DOM)

    • HTML引入(HTML Imports)

    • HTML模板(HTML Templates)

    总而言之,Web Components可以认为是一些资源(resource)的组件。

    为什么我将它看成资源的组件?下面这点可以看出(Instead...web resource)

  4. Filter可以“附在”(attached)任何web资源上

    (Instead, a filter provides functionality that can be “attached” to any kind of web resource)

  5. Filter不应依赖与它“依附”的web资源

    (Consequently, a filter should not have any dependencies on a web resource for which it is acting as a filter)

    这点是与上第4点对应。第4点为正说:应该怎样;这里为反说:不应怎样。

  6. Filter可以与多个web资源组合在一起使用

    (this way, it can be composed with more than one type of web resource)

    正因为有4、5两特点,所以Filter具有这种能力。

何种能力呢?

功能

The main tasks that a filter can perform are as follows:

  • Query the request and act accordingly.
  • Block the request-and-response pair from passing any further.
  • Modify the request headers and data. You do this by providing a customized version of the request.
  • Modify the response headers and data. You do this by providing a customized version of the response.
  • Interact with external resources.

Filter的主要功能包括:

  • 查询请求然后做相应动作

    (Query the request and act accordingly)

    这里“查询”(Query)主要体现在filter-mapping中的url-pattern。

  • 拦截请求与响应对(在向下传递时)

    (Block the request-and-response pair from passing any further)

    注意这里是请求与响应对,这个“对”(pair)十分重要。

  • 修改请求的头与数据

    (Modify the request headers and data. You do this by providing a customized version of the request)

  • 修改响应的头与数据

    (Modify the response headers and data. You do this by providing a customized version of the response)

  • 与外部资源交互

    (Interact with external resources)

    以上这点比较抽象。与什么样的外部资源?如何交互?

暂且不回答这个问题,看Filter的应用场景。

应用

  • 验证(Authentication)

    例如SSO等验证实现都有AuthenticationFilter。

  • 日志(Logging)

    为了实现任何Filter的应用,都可以加入日志之类的功能。

  • 图像转换(Image Conversion)

    主要常见于图像格式的转换,根据不同客户端可能支持显示的格式不同,处理图片响应。

  • 数据压缩(Data Compression)

    对于较大的请求与响应体,可以设置数据压缩GZipFilter。

  • 加密(Encryption)

    对于SSL或者自行实现的安全措施,会对请求与响应进行加密。

  • 标记流(Tokenizing Streams)

    这个主要见于搜索应用中,比如Elastic会有TokenFilter。

  • XML变换(XML transformations)

    一个典型应用可能是使用xslt转换xml的内容。

如此看来,功能中的最后一点中提到的“与外部资源的交互”就很好理解了,以上的这些验证、加密、压缩、变换等功能都需要外部资源的支持。

实现

最后实现也只是两句话,但是足以将Filter的内涵说清楚。

You can configure a web resource to be filtered by a chain of zero, one, or more filters in a specific order.

这里提到了几个关键点:

  • 目标——配置web资源(web resource)
  • 方式——链式(chain)
  • 数量——0、1或多(zero, one, or more filters)
  • 顺序——特定的顺序(in a specific order)

This chain is specified when the web application containing the component is deployed and is instantiated when a web container loads the component.

补充说明链式是如何工作的:

  • 编译时(静态)——在编译部署的时候,这个链就已经定义好了。
  • 运行时(动态)——在加载组件的时候,这个链被实例化。

至于详细实现方式,另开文章做具体说明。

原文

Filtering Requests and Responses

A filter is an object that can transform the header and content (or both) of a request or response. Filters differ from web components in that filters usually do not themselves create a response. Instead, a filter provides functionality that can be “attached” to any kind of web resource. Consequently, a filter should not have any dependencies on a web resource for which it is acting as a filter; this way, it can be composed with more than one type of web resource.

The main tasks that a filter can perform are as follows:

  • Query the request and act accordingly.
  • Block the request-and-response pair from passing any further.
  • Modify the request headers and data. You do this by providing a customized version of the request.
  • Modify the response headers and data. You do this by providing a customized version of the response.
  • Interact with external resources.

Applications of filters include authentication, logging, image conversion, data compression, encryption, tokenizing streams, XML transformations, and so on.

You can configure a web resource to be filtered by a chain of zero, one, or more filters in a specific order. This chain is specified when the web application containing the component is deployed and is instantiated when a web container loads the component.

*扩展

问题

Filter有以上的职责,那么Interceptor的主要作用是什么呢?

结束

posted @ 2015-12-25 11:24  Richaaaard  阅读(1355)  评论(0编辑  收藏  举报