Java Servlet (1) —— Filter過濾請求與響應
版本: Java EE 6
參考來源:
Oracle:The Java EE 6 Tutorial: Filtering Requests and Responses
CSDN:Java中Filter、Servlet、Listener的學習
正文
在oracle javaee 6的官方文件中短短的一段話,分別從定義、內容、應用、實現這四個方面對Filter這個東西做了詳細的說明
定義
A filter is an object that can transform the header and content (or both) of a request or response. Filters differ from web components in that filters usually do not themselves create a response. Instead, a filter provides functionality that can be “attached” to any kind of web resource. Consequently, a filter should not have any dependencies on a web resource for which it is acting as a filter; this way, it can be composed with more than one type of web resource.
以上定義有幾層意思:
Filter是一個物件
(A filter is an object)
Filter物件的功能是可以變換請求或相應的頭和內容
(can transform the header and content (or both) of a request or response)
Filter與web components不同,不自己建立相應
(Filters differ from web components in that filters usually do not themselves create a response)
Web Components是什麼?(Wiki:Web Components)
Wiki上的定義比較抽象,但是它也給出了Web Components所表現的幾個具象形式:
自定義元素(Custom Elements)
隱藏DOM(Shadow DOM)
HTML引入(HTML Imports)
HTML模板(HTML Templates)
總而言之,Web Components可以認為是一些資源(resource)的元件。
為什麼我將它看成資源的元件?下面這點可以看出(Instead...web resource)
Filter可以“附在”(attached)任何web資源上
(Instead, a filter provides functionality that can be “attached” to any kind of web resource)
Filter不應依賴與它“依附”的web資源
(Consequently, a filter should not have any dependencies on a web resource for which it is acting as a filter)
這點是與上第4點對應。第4點為正說:應該怎樣;這裡為反說:不應怎樣。
Filter可以與多個web資源組合在一起使用
(this way, it can be composed with more than one type of web resource)
正因為有4、5兩特點,所以Filter具有這種能力。
何種能力呢?
功能
The main tasks that a filter can perform are as follows:
- Query the request and act accordingly.
- Block the request-and-response pair from passing any further.
- Modify the request headers and data. You do this by providing a customized version of the request.
- Modify the response headers and data. You do this by providing a customized version of the response.
- Interact with external resources.
Filter的主要功能包括:
查詢請求然後做相應動作
(Query the request and act accordingly)
這裡“查詢”(Query)主要體現在filter-mapping中的url-pattern。
攔截請求與響應對(在向下傳遞時)
(Block the request-and-response pair from passing any further)
注意這裡是請求與響應對,這個“對”(pair)十分重要。
修改請求的頭與資料
(Modify the request headers and data. You do this by providing a customized version of the request)
修改響應的頭與資料
(Modify the response headers and data. You do this by providing a customized version of the response)
與外部資源互動
(Interact with external resources)
以上這點比較抽象。與什麼樣的外部資源?如何互動?
暫且不回答這個問題,看Filter的應用場景。
應用
驗證(Authentication)
例如SSO等驗證實現都有AuthenticationFilter。
日誌(Logging)
為了實現任何Filter的應用,都可以加入日誌之類的功能。
影象轉換(Image Conversion)
主要常見於影象格式的轉換,根據不同客戶端可能支援顯示的格式不同,處理圖片響應。
資料壓縮(Data Compression)
對於較大的請求與響應體,可以設定資料壓縮GZipFilter。
加密(Encryption)
對於SSL或者自行實現的安全措施,會對請求與響應進行加密。
標記流(Tokenizing Streams)
這個主要見於搜尋應用中,比如Elastic會有TokenFilter。
XML變換(XML transformations)
一個典型應用可能是使用xslt轉換xml的內容。
等
如此看來,功能中的最後一點中提到的“與外部資源的互動”就很好理解了,以上的這些驗證、加密、壓縮、變換等功能都需要外部資源的支援。
實現
最後實現也只是兩句話,但是足以將Filter的內涵說清楚。
You can configure a web resource to be filtered by a chain of zero, one, or more filters in a specific order.
這裡提到了幾個關鍵點:
- 目標——配置web資源(web resource)
- 方式——鏈式(chain)
- 數量——0、1或多(zero, one, or more filters)
- 順序——特定的順序(in a specific order)
This chain is specified when the web application containing the component is deployed and is instantiated when a web container loads the component.
補充說明鏈式是如何工作的:
- 編譯時(靜態)——在編譯部署的時候,這個鏈就已經定義好了。
- 執行時(動態)——在載入元件的時候,這個鏈被例項化。
至於詳細實現方式,另開文章做具體說明。
原文
Filtering Requests and Responses
A filter is an object that can transform the header and content (or both) of a request or response. Filters differ from web components in that filters usually do not themselves create a response. Instead, a filter provides functionality that can be “attached” to any kind of web resource. Consequently, a filter should not have any dependencies on a web resource for which it is acting as a filter; this way, it can be composed with more than one type of web resource.
The main tasks that a filter can perform are as follows:
- Query the request and act accordingly.
- Block the request-and-response pair from passing any further.
- Modify the request headers and data. You do this by providing a customized version of the request.
- Modify the response headers and data. You do this by providing a customized version of the response.
- Interact with external resources.
Applications of filters include authentication, logging, image conversion, data compression, encryption, tokenizing streams, XML transformations, and so on.
You can configure a web resource to be filtered by a chain of zero, one, or more filters in a specific order. This chain is specified when the web application containing the component is deployed and is instantiated when a web container loads the component.
*擴充套件
問題
Filter有以上的職責,那麼Interceptor的主要作用是什麼呢?