Fork me on GitHub

在WEB Api中,引入了面向切面编程(AOP)的思想,在某些特定的位置可以插入特定的Filter进行过程拦截处理。引入了这一机制可以更好地践行DRY(Don’t Repeat Yourself)思想,通过Filter能统一地对一些通用逻辑进行处理,如:权限校验、参数加解密、参数校验等方面我们都可以利用这一特性进行统一处理,今天我们来介绍Filter的开发、使用以及讨论他们的执行顺序。

1.Web中常用的Filter

Web api中最常用的filter有AuthorizeAttribute,ActionFilterAttribute,ExceptionFilterAttribute。AuthorizeAttribute主要用于权限的认证,ActionFilterAttribute用于action的处理,ExceptionFilterAttribute用于异常的处理

2.代码

/// <summary>
/// 监测数据类
/// </summary>
public class GlobalClass
{
    public static string Message = "";
}
/// <summary>
/// action过滤器
/// </summary>
public class TestActionFilterAttribute: ActionFilterAttribute
{
    /// <summary>
    /// 执行后
    /// </summary>
    /// <param name="actionExecutedContext"></param>
    public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
    {
        GlobalClass.Message = GlobalClass.Message + " OnActionExecuted;";
    }

    /// <summary>
    /// 执行前
    /// </summary>
    /// <param name="actionContext"></param>
    public override void OnActionExecuting(HttpActionContext actionContext) {
        GlobalClass.Message = GlobalClass.Message + " OnActionExecuting;";
    }
}
/// <summary>
/// 授权过滤器
/// </summary>
public class TestAuthorizeAttribute: AuthorizeAttribute
{
    /// <summary>
    /// 授权方法
    /// </summary>
    /// <param name="actionContext"></param>
    public override void OnAuthorization(HttpActionContext actionContext)
    {
        GlobalClass.Message = GlobalClass.Message + " OnAuthorization;";
    }
}
/// <summary>
/// 异常处理
/// </summary>
public class TestExceptionFilterAttribute : ExceptionFilterAttribute
{
    /// <summary>
    /// 异常处理
    /// </summary>
    /// <param name="actionExecutedContext"></param>
    public override void OnException(HttpActionExecutedContext actionExecutedContext) {
        GlobalClass.Message = GlobalClass.Message + " OnException;";
        actionExecutedContext.Response = new HttpResponseMessage()
        {
            StatusCode = HttpStatusCode.OK,
            Content = new StringContent(GlobalClass.Message, Encoding.UTF8, "application/json"),
        };
    }
}
public class ValuesController : ApiController
{
    public ValuesController() {
        GlobalClass.Message = "";
        GlobalClass.Message = GlobalClass.Message + " ValuesController;";
    }

    [TestActionFilter]
    [TestExceptionFilter]
    [TestAuthorize]
    public string Get(int id)
    {
        GlobalClass.Message = GlobalClass.Message + " Get;";
        int.Parse("asdf");//测试异常
        return GlobalClass.Message;
    }
}

3.执行结果

4.总结

由此可以看出Web api的执行顺序,构造函数 》AuthorizeAttribute 》ActionFilterAttribute 》ExceptionFilterAttribute

AuthorizationFilter的执行是ActionInvoker进行Action执行的第一项工作,因为后续的工作(Model绑定、Model验证、Action方法执行等)只有在成功授权的基础上才会有意义。

posted on 2018-07-24 18:34  lingfeng95  阅读(441)  评论(0编辑  收藏  举报