Java Servlet (1) —— Filter过滤请求与响应
Java Servlet (1) —— Filter过滤请求与响应
版本: Java EE 6
参考来源:
Oracle:The Java EE 6 Tutorial: Filtering Requests and Responses
CSDN:Java中Filter、Servlet、Listener的学习
正文
在oracle javaee 6的官方文档中短短的一段话,分别从定义、内容、应用、实现这四个方面对Filter这个东西做了详细的说明
定义
A filter is an object that can transform the header and content (or both) of a request or response. Filters differ from web components in that filters usually do not themselves create a response. Instead, a filter provides functionality that can be “attached” to any kind of web resource. Consequently, a filter should not have any dependencies on a web resource for which it is acting as a filter; this way, it can be composed with more than one type of web resource.
以上定义有几层意思:
-
Filter是一个对象
(A filter is an object)
-
Filter对象的功能是可以变换请求或相应的头和内容
(can transform the header and content (or both) of a request or response)
-
Filter与web components不同,不自己创建相应
(Filters differ from web components in that filters usually do not themselves create a response)
Web Components是什么?(Wiki:Web Components)
Wiki上的定义比较抽象,但是它也给出了Web Components所表现的几个具象形式:
-
自定义元素(Custom Elements)
-
隐藏DOM(Shadow DOM)
-
HTML引入(HTML Imports)
-
HTML模板(HTML Templates)
总而言之,Web Components可以认为是一些资源(resource)的组件。
为什么我将它看成资源的组件?下面这点可以看出(Instead...web resource)
-
-
Filter可以“附在”(attached)任何web资源上
(Instead, a filter provides functionality that can be “attached” to any kind of web resource)
-
Filter不应依赖与它“依附”的web资源
(Consequently, a filter should not have any dependencies on a web resource for which it is acting as a filter)
这点是与上第4点对应。第4点为正说:应该怎样;这里为反说:不应怎样。
-
Filter可以与多个web资源组合在一起使用
(this way, it can be composed with more than one type of web resource)
正因为有4、5两特点,所以Filter具有这种能力。
何种能力呢?
功能
The main tasks that a filter can perform are as follows:
- Query the request and act accordingly.
- Block the request-and-response pair from passing any further.
- Modify the request headers and data. You do this by providing a customized version of the request.
- Modify the response headers and data. You do this by providing a customized version of the response.
- Interact with external resources.
Filter的主要功能包括:
-
查询请求然后做相应动作
(Query the request and act accordingly)
这里“查询”(Query)主要体现在filter-mapping中的url-pattern。
-
拦截请求与响应对(在向下传递时)
(Block the request-and-response pair from passing any further)
注意这里是请求与响应对,这个“对”(pair)十分重要。
-
修改请求的头与数据
(Modify the request headers and data. You do this by providing a customized version of the request)
-
修改响应的头与数据
(Modify the response headers and data. You do this by providing a customized version of the response)
-
与外部资源交互
(Interact with external resources)
以上这点比较抽象。与什么样的外部资源?如何交互?
暂且不回答这个问题,看Filter的应用场景。
应用
-
验证(Authentication)
例如SSO等验证实现都有AuthenticationFilter。
-
日志(Logging)
为了实现任何Filter的应用,都可以加入日志之类的功能。
-
图像转换(Image Conversion)
主要常见于图像格式的转换,根据不同客户端可能支持显示的格式不同,处理图片响应。
-
数据压缩(Data Compression)
对于较大的请求与响应体,可以设置数据压缩GZipFilter。
-
加密(Encryption)
对于SSL或者自行实现的安全措施,会对请求与响应进行加密。
-
标记流(Tokenizing Streams)
这个主要见于搜索应用中,比如Elastic会有TokenFilter。
-
XML变换(XML transformations)
一个典型应用可能是使用xslt转换xml的内容。
-
等
如此看来,功能中的最后一点中提到的“与外部资源的交互”就很好理解了,以上的这些验证、加密、压缩、变换等功能都需要外部资源的支持。
实现
最后实现也只是两句话,但是足以将Filter的内涵说清楚。
You can configure a web resource to be filtered by a chain of zero, one, or more filters in a specific order.
这里提到了几个关键点:
- 目标——配置web资源(web resource)
- 方式——链式(chain)
- 数量——0、1或多(zero, one, or more filters)
- 顺序——特定的顺序(in a specific order)
This chain is specified when the web application containing the component is deployed and is instantiated when a web container loads the component.
补充说明链式是如何工作的:
- 编译时(静态)——在编译部署的时候,这个链就已经定义好了。
- 运行时(动态)——在加载组件的时候,这个链被实例化。
至于详细实现方式,另开文章做具体说明。
原文
Filtering Requests and Responses
A filter is an object that can transform the header and content (or both) of a request or response. Filters differ from web components in that filters usually do not themselves create a response. Instead, a filter provides functionality that can be “attached” to any kind of web resource. Consequently, a filter should not have any dependencies on a web resource for which it is acting as a filter; this way, it can be composed with more than one type of web resource.
The main tasks that a filter can perform are as follows:
- Query the request and act accordingly.
- Block the request-and-response pair from passing any further.
- Modify the request headers and data. You do this by providing a customized version of the request.
- Modify the response headers and data. You do this by providing a customized version of the response.
- Interact with external resources.
Applications of filters include authentication, logging, image conversion, data compression, encryption, tokenizing streams, XML transformations, and so on.
You can configure a web resource to be filtered by a chain of zero, one, or more filters in a specific order. This chain is specified when the web application containing the component is deployed and is instantiated when a web container loads the component.
*扩展
问题
Filter有以上的职责,那么Interceptor的主要作用是什么呢?