1.拦截器是基于java的反射机制的,而过滤器是基于函数回调。都是AOP的体现
2.拦截器不依赖与servlet容器,过滤器依赖与servlet容器。
3.拦截器只能对action请求起作用,而过滤器则可以对几乎所有的请求起作用。
4.拦截器可以访问action上下文、值栈里的对象,而过滤器不能访问。
5.在action的生命周期中,拦截器可以多次被调用,而过滤器只能在容器初始化时被调用一次。
6.拦截器可以获取IOC容器中的各个bean,而过滤器就不行,这点很重要,在拦截器里注入一个service,可以调用业务逻辑。
拦截器用于用户登录权限验证 preHandle
public class MyLoginInterceptor implements HandlerInterceptor {
@Override
public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)
throws Exception {
}
@Override
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3)
throws Exception {
}
@Override
public boolean preHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2) throws Exception {
//首页路径以及登录放行
if ("/index".equals(arg0.getRequestURI()) || "/login".equals(arg0.getRequestURI())) {
return true;}
if("/out".equals(arg0.getRequestURI())){
SessionListener asad = new SessionListener();
asad.sessionDestroyed((HttpSessionEvent) arg0.getSession(false));
}
//重定向------前台实现
String token = arg0.getHeader("token");
System.out.println("token: " + token);
HttpSession session = arg0.getSession();
arg0.getServletContext().log("sessionID: " + session.getId());
Object object = session.getAttribute("users");
if (null == token) {
arg1.getWriter().write("Please Login In");
return false;}
return true;
}
}
过滤器跨域放行 doFilter
@Component
public class CORSFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes)RequestContextHolder.getRequestAttributes();
HttpServletRequest request1 = servletRequestAttributes.getRequest();
String Session = request1.getHeader("users");
System.out.println("Session: " +Session);
String origin = "*";
if(req.getHeader("Origin")!=null){
origin = req.getHeader("Origin");
}
// 允许http://www.xxx.com域(自行设置,这里只做示例)发起跨域请求
res.setHeader("Access-Control-Allow-Origin", origin);
// 允许跨域请求包含content-type
res.setHeader("Access-Control-Allow-Headers", "Content-Type,X-CAF-Authorization-Token,sessionToken,X-TOKEN,Access-Token,X-Requested-With,token,x-auth-token");
// res.setHeader("Access-Control-Allow-Origin", request2.getHeader("Origin"));
// 设置允许跨域请求的方法
res.setHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT,OPTIONS");
// 设置允许Cookie
res.setHeader("Access-Control-Allow-Credentials", "true");
// 设置允许跨域请求的方法
res.setHeader("Access-Control-Max-Age", "3600");
res.setContentType("application/json");
res.setCharacterEncoding("utf-8");
if (req.getMethod().equals("OPTIONS")) {
res.setStatus(HttpServletResponse.SC_OK);
}
else
{
chain.doFilter(request, response);
}
}
@Override
public void destroy() {
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
}