Java Servlet (1) —— Filter过滤请求与响应

Java Servlet (1) —— Filter过滤请求与响应

---

版本: Java EE 6

参考来源:

Oracle：The Java EE 6 Tutorial: Filtering Requests and Responses

CSDN：Java中Filter、Servlet、Listener的学习

CSDN：filter与servlet的比较

正文

在oracle javaee 6的官方文档中短短的一段话，分别从定义、内容、应用、实现这四个方面对Filter这个东西做了详细的说明

定义

A filter is an object that can transform the header and content (or both) of a request or response. Filters differ from web components in that filters usually do not themselves create a response. Instead, a filter provides functionality that can be “attached” to any kind of web resource. Consequently, a filter should not have any dependencies on a web resource for which it is acting as a filter; this way, it can be composed with more than one type of web resource.

以上定义有几层意思：

1. Filter是一个对象

   （A filter is an object）

2. Filter对象的功能是可以变换请求或相应的头和内容

   （can transform the header and content (or both) of a request or response）

3. Filter与web components不同，不自己创建相应

   （Filters differ from web components in that filters usually do not themselves create a response）

   Web Components是什么？（Wiki:Web Components）

   Wiki上的定义比较抽象，但是它也给出了Web Components所表现的几个具象形式：

   • 自定义元素（Custom Elements）

   • 隐藏DOM（Shadow DOM）

   • HTML引入（HTML Imports）

   • HTML模板（HTML Templates）

   总而言之，Web Components可以认为是一些资源（resource）的组件。

   为什么我将它看成资源的组件？下面这点可以看出（Instead...web resource）

4. Filter可以“附在”（attached）任何web资源上

   （Instead, a filter provides functionality that can be “attached” to any kind of web resource）

5. Filter不应依赖与它“依附”的web资源

   （Consequently, a filter should not have any dependencies on a web resource for which it is acting as a filter）

   这点是与上第4点对应。第4点为正说：应该怎样；这里为反说：不应怎样。

6. Filter可以与多个web资源组合在一起使用

   （this way, it can be composed with more than one type of web resource）

   正因为有4、5两特点，所以Filter具有这种能力。

何种能力呢？

功能

The main tasks that a filter can perform are as follows:

• Query the request and act accordingly.

• Block the request-and-response pair from passing any further.

• Modify the request headers and data. You do this by providing a customized version of the request.

• Modify the response headers and data. You do this by providing a customized version of the response.

• Interact with external resources.

Filter的主要功能包括：

• 查询请求然后做相应动作

  (Query the request and act accordingly)

  这里“查询”（Query）主要体现在filter-mapping中的url-pattern。

• 拦截请求与响应对（在向下传递时）

  (Block the request-and-response pair from passing any further)

  注意这里是请求与响应对，这个“对”（pair）十分重要。

• 修改请求的头与数据

  (Modify the request headers and data. You do this by providing a customized version of the request)

• 修改响应的头与数据

  (Modify the response headers and data. You do this by providing a customized version of the response)

• 与外部资源交互

  (Interact with external resources)

  以上这点比较抽象。与什么样的外部资源？如何交互？

暂且不回答这个问题，看Filter的应用场景。

应用

• 验证(Authentication)

  例如SSO等验证实现都有AuthenticationFilter。

• 日志(Logging)

  为了实现任何Filter的应用，都可以加入日志之类的功能。

• 图像转换(Image Conversion)

  主要常见于图像格式的转换，根据不同客户端可能支持显示的格式不同，处理图片响应。

• 数据压缩(Data Compression)

  对于较大的请求与响应体，可以设置数据压缩GZipFilter。

• 加密(Encryption)

  对于SSL或者自行实现的安全措施，会对请求与响应进行加密。

• 标记流(Tokenizing Streams)

  这个主要见于搜索应用中，比如Elastic会有TokenFilter。

• XML变换(XML transformations)

  一个典型应用可能是使用xslt转换xml的内容。

• 等

如此看来，功能中的最后一点中提到的“与外部资源的交互”就很好理解了，以上的这些验证、加密、压缩、变换等功能都需要外部资源的支持。

实现

最后实现也只是两句话，但是足以将Filter的内涵说清楚。

You can configure a web resource to be filtered by a chain of zero, one, or more filters in a specific order.

这里提到了几个关键点：

• 目标——配置web资源（web resource）
• 方式——链式（chain）
• 数量——0、1或多（zero, one, or more filters）
• 顺序——特定的顺序（in a specific order）

This chain is specified when the web application containing the component is deployed and is instantiated when a web container loads the component.

补充说明链式是如何工作的：

• 编译时（静态）——在编译部署的时候，这个链就已经定义好了。
• 运行时（动态）——在加载组件的时候，这个链被实例化。

至于详细实现方式，另开文章做具体说明。

原文

Filtering Requests and Responses

A filter is an object that can transform the header and content (or both) of a request or response. Filters differ from web components in that filters usually do not themselves create a response. Instead, a filter provides functionality that can be “attached” to any kind of web resource. Consequently, a filter should not have any dependencies on a web resource for which it is acting as a filter; this way, it can be composed with more than one type of web resource.

The main tasks that a filter can perform are as follows:

• Query the request and act accordingly.

• Block the request-and-response pair from passing any further.

• Modify the request headers and data. You do this by providing a customized version of the request.

• Modify the response headers and data. You do this by providing a customized version of the response.

• Interact with external resources.

Applications of filters include authentication, logging, image conversion, data compression, encryption, tokenizing streams, XML transformations, and so on.

You can configure a web resource to be filtered by a chain of zero, one, or more filters in a specific order. This chain is specified when the web application containing the component is deployed and is instantiated when a web container loads the component.

*扩展

问题

Filter有以上的职责，那么Interceptor的主要作用是什么呢？

结束