什麼是Servlet
對一個HTTP請求的正常的處理流程是:
- 發送HTTP請求
- 服務端的HTTP服務器收到請求
- 調用業務邏輯
- 返回HTTP響應
產生了下面3個問題:
-
HTTP 服務器怎麼知道要調用哪個業務邏輯,也就是 Java 類的哪個方法呢?
HTTP服務器可以被設計成收到請求後,接續尋找該請求的處理邏輯,但是這樣就會使得HTTP 服務器的代碼跟業務邏輯耦合在一起。
-
如果問題1交給HTTP服務器,如何解決HTTP 服務器的代碼跟業務邏輯耦合在一起?
根據職責單一原則,HTTP服務器的功能就應當設計成接收請求、發送響應,具體的處理邏輯可以交給一個第三方,由第三方去尋找處理邏輯所在的Java類。這個第三方就是Servlet容器。
-
Servlet容器是否需要知道具體的業務邏輯?
不需要,只需要給到基本的數據(
ServletRequest、ServletResponse)給到業務邏輯處理單位即可,不用關注業務邏輯的具體實現。
所以Servlet被設計成了一個接口:
public interface Servlet {
// Servlet容器在加載Servlet類的時候會調用
void init(ServletConfig config) throws ServletException;
// 在web.xml給改Servlet配置的參數
ServletConfig getServletConfig();
// 業務邏輯處理入口
void service(ServletRequest req, ServletResponse res)throws ServletException, IOException;
String getServletInfo();
// 在卸載的時候會調用
void destroy();
}
其處理的流程:
HTTP 服務器不直接調用業務類,而是把請求交給容器來處理,容器通過 Servlet 接口調用業務類。因此 Servlet 接口和 Servlet 容器的出現,達到了 HTTP 服務器與業務類解耦的目的。
Servlet 接口和 Servlet 容器這一整套規範叫作 Servlet 規範。Tomcat按照 Servlet 規範的要求實現了 Servlet 容器,同時它們也具有 HTTP 服務器的功能。
什麼是Filter
過濾器。這個接口允許你對請求和響應做一些統一的定製化處理,比如你可以根據請求的頻率來限制訪問,或者根據國家地區的不同來修改響應內容。過濾器的工作原理是這樣的:Web 應用部署完成後,Servlet 容器需要實例化 Filter 並把 Filter 鏈接成一個 FilterChain。當請求進來時,獲取第一個 Filter 並調用 doFilter 方法,doFilter 方法負責調用這個 FilterChain 中的下一個 Filter。
它在Java中的變現爲一個接口:
/**
* A filter is an object that performs filtering tasks on either the request to
* a resource (a servlet or static content), or on the response from a resource,
* or both.
*
* Filters perform filtering in the <code>doFilter</code> method. Every Filter
* has access to a FilterConfig object from which it can obtain its
* initialization parameters, a reference to the ServletContext which it can
* use, for example, to load resources needed for filtering tasks.
*/
public interface Filter {
/**
* Called by the web container to indicate to a filter that it is being
* placed into service. The servlet container calls the init method exactly
* once after instantiating the filter. The init method must complete
* successfully before the filter is asked to do any filtering work.
*/
public default void init(FilterConfig filterConfig) throws ServletException {}
/**
* The <code>doFilter</code> method of the Filter is called by the container
* each time a request/response pair is passed through the chain due to a
* client request for a resource at the end of the chain. The FilterChain
* passed in to this method allows the Filter to pass on the request and
* response to the next entity in the chain.
* <p>
* A typical implementation of this method would follow the following
* pattern:- <br>
* 1. Examine the request<br>
* 2. Optionally wrap the request object with a custom implementation to
* filter content or headers for input filtering <br>
* 3. Optionally wrap the response object with a custom implementation to
* filter content or headers for output filtering <br>
* 4. a) <strong>Either</strong> invoke the next entity in the chain using
* the FilterChain object (<code>chain.doFilter()</code>), <br>
* 4. b) <strong>or</strong> not pass on the request/response pair to the
* next entity in the filter chain to block the request processing<br>
* 5. Directly set headers on the response after invocation of the next
* entity in the filter chain.
*/
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException;
/**
* Called by the web container to indicate to a filter that it is being
* taken out of service. This method is only called once all threads within
* the filter's doFilter method have exited or after a timeout period has
* passed. After the web container calls this method, it will not call the
* doFilter method again on this instance of the filter.
*
* This method gives the filter an opportunity to clean up any resources
* that are being held (for example, memory, file handles, threads) and make
* sure that any persistent state is synchronized with the filter's current
* state in memory.
*/
public default void destroy() {}
}
什麼是FilterChain
/**
* A FilterChain is an object provided by the servlet container to the developer
* giving a view into the invocation chain of a filtered request for a resource.
* Filters use the FilterChain to invoke the next filter in the chain, or if the
* calling filter is the last filter in the chain, to invoke the resource at the
* end of the chain.
**/
public interface FilterChain {
/**
* Causes the next filter in the chain to be invoked, or if the calling
* filter is the last filter in the chain, causes the resource at the end of
* the chain to be invoked.
*/
// doFilter方法負責調用這個FilterChain中的下一個Filter
public void doFilter(ServletRequest request, ServletResponse response)
throws IOException, ServletException;
}
FilterChain是一個接口,Tomcat裏面有個一實現該接口的final類ApplicationFilterChain.java。
其中含有一個ApplicationFilterConfig.java
private ApplicationFilterConfig[] filters = new ApplicationFilterConfig[0];
/**
* The int which is used to maintain the current position in the filter chain.
*/
private int pos = 0;
/**
* The int which gives the current number of filters in the chain.
*/
private int n = 0;
實現了FilterChain的doFilter(ServletRequest request, ServletResponse response)方法,其實就是調用了該類中的internalDoFilter(ServletRequest request, ServletResponse response)。調用完畢後,pos++。如果下次使用該FilterChain的doFilter()方法,會調用下一個Filter(如果存在)
private void internalDoFilter(ServletRequest request,
ServletResponse response) throws IOException, ServletException {
// Call the next filter if there is one
if (pos < n) {
// 注意pos++
ApplicationFilterConfig filterConfig = filters[pos++];
try {
Filter filter = filterConfig.getFilter();
if (request.isAsyncSupported() && "false".equalsIgnoreCase(
filterConfig.getFilterDef().getAsyncSupported())) {
request.setAttribute(Globals.ASYNC_SUPPORTED_ATTR, Boolean.FALSE);
}
if( Globals.IS_SECURITY_ENABLED ) {
final ServletRequest req = request;
final ServletResponse res = response;
Principal principal =
((HttpServletRequest) req).getUserPrincipal();
Object[] args = new Object[]{req, res, this};
SecurityUtil.doAsPrivilege ("doFilter", filter, classType, args, principal);
} else {
// 實際調用Filter的doFilter()方法
filter.doFilter(request, response, this);
}
} catch (IOException | ServletException | RuntimeException e) {
throw e;
} catch (Throwable e) {
e = ExceptionUtils.unwrapInvocationTargetException(e);
ExceptionUtils.handleThrowable(e);
throw new ServletException(sm.getString("filterChain.filter"), e);
}
return;
}
其中有一個對Filter的包裝類ApplicationFilterConfig,其中持有一個Filter對象,可通過getFilter()方法去獲取。上述類之間的UML圖關係如下:
所以如果在Filter的doFilte()方法中,調用filterChain.doFilter(servletRequest, servletResponse);的話,會將流程交給chainFilter。因此也不難理解項目中Filter的使用如下:
@Order(1)
@WebFilter(urlPatterns = "/*", filterName = "requestWrapperFilter")
public class RequestWrapperFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException { }
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
// 添加traceId
String traceId = ((HttpServletRequest) servletRequest).getHeader(Constants.REQUEST_HEADER_TRACEID);
if (StringUtils.isBlank(traceId)) {
traceId = StringUtils.replace(UUID.randomUUID().toString(), "-", "");
}
MDC.put(Constants.REQUEST_HEADER_TRACEID, traceId);
try {
// multipart/form-data請求不添加traceId
if (ServletFileUpload.isMultipartContent((HttpServletRequest) servletRequest)) {
filterChain.doFilter(servletRequest, servletResponse);
} else {
filterChain.doFilter(new RequestWrapper((HttpServletRequest) servletRequest), servletResponse);
}
} finally {
// 清除 traceId
MDC.remove(Constants.REQUEST_HEADER_TRACEID);
}
}
@Override
public void destroy() {}
}