我们常常在项目中会使用filters用于录调用日志、排除有XSS威胁的字符、执行权限验证等等。Spring Boot自动添加了OrderedCharacterEncodingFilter和HiddenHttpMethodFilter
自定义filter
- 实现Filter接口,实现Filter方法
- 添加
@Configuration注解,将自定义Filter加入过滤链
如跨域源访问配置CORS的Filter:
@Configuration public class CorsFilterConfig implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException {} @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletResponse res = (HttpServletResponse) servletResponse; res.setHeader("Access-Control-Allow-Origin", "*"); res.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, PUT"); res.setHeader("Access-Control-Max-Age", "1728000"); res.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type, Accept, x-requested-with, Cache-Control"); filterChain.doFilter(servletRequest, res); } @Override public void destroy() {} }
其他例子:
@Configuration public class WebConfiguration { @Bean public RemoteIpFilter remoteIpFilter() { return new RemoteIpFilter(); } @Bean public FilterRegistrationBean testFilterRegistration() { FilterRegistrationBean registration = new FilterRegistrationBean(); registration.setFilter(new MyFilter()); registration.addUrlPatterns("/*"); registration.addInitParameter("paramName", "paramValue"); registration.setName("MyFilter"); registration.setOrder(1); return registration; } public class MyFilter implements Filter { @Override public void destroy() { // TODO Auto-generated method stub } @Override public void doFilter(ServletRequest srequest, ServletResponse sresponse, FilterChain filterChain) throws IOException, ServletException { // TODO Auto-generated method stub HttpServletRequest request = (HttpServletRequest) srequest; System.out.println("this is MyFilter,url :"+request.getRequestURI()); filterChain.doFilter(srequest, sresponse); } @Override public void init(FilterConfig arg0) throws ServletException { // TODO Auto-generated method stub } } }