Spring MVC拦截器用以及和Servlet Filter的区别

SpringMVC Spring

说到拦截器, 首先要说一下Spring MVC的工作流程图(借用网络图):

Spring MVC中的拦截器指的就是图中步骤三中HandlerExecutionChain处理器执行链中的HandlerInterceptor.
一个请求首先到达前端控制器DispatcherServlet后前端控制器将该请求指派给预先定义或默认的处理器映射器HandleMapping去根据请求路径找到具体的处理器(代码中指的是'Controller')来处理该请求, 处理器映射器'HandlerMapping'找到具体的处理器之后会返回处理器执行链, 执行链包括一系列的拦截器(如果有)和目标处理器'Controller', 再由前端控制器请求处理器适配器HandlerAdapter去请求执行执行链中的一个一个拦截器的preHandle()方法和目标处理器Controller的逻辑代码, 在处理器逻辑代码执行完, 前端控制器使用ModelAndView渲染视图之前执行一个一个拦截器的postHandle()方法以对处理器执行结果做二次加工操作.

定义自己的拦截器需要实现org.springframework.web.servlet.HandlerInterceptor接口或者继承该接口的适配器org.springframework.web.servlet.handler.HandlerInterceptorAdapter.

其中需要实现或重写三个关键方法:

• preHandle()方法
• postHandle()方法
• afterCompletion()方法

关于以上三个方法的执行顺序, 觉知此事要躬行:
定义两个拦截器:

拦截器1:
public class Interceptor1 implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse         response, Object handler)throws Exception {
        System.err.println(">>>>>>>>>>>>> Interceptor1 preHandle() ");
        return true;
    }
    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse           response, Object handler, @Nullable ModelAndView modelAndView) throws            Exception {
        System.err.println(">>>>>>>>>>>>> Interceptor1 postHandle() ");
    }
    @Override
    public void afterCompletion(HttpServletRequest request,                              HttpServletResponse response, Object handler,
                                 @Nullable Exception ex) throws Exception {
        System.err.println(">>>>>>>>>>>>> Interceptor1 afterCompletion() ");
    }
}

拦截器2:
public class Interceptor2 implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
            throws Exception {
        System.err.println(">>>>>>>>>>>>> Interceptor2 preHandle() ");
        return true;
    }
    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
                            @Nullable ModelAndView modelAndView) throws Exception {
        System.err.println(">>>>>>>>>>>>> Interceptor2 postHandle() ");
    }
    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,
                                 @Nullable Exception ex) throws Exception {
        System.err.println(">>>>>>>>>>>>> Interceptor2 afterCompletion() ");
    }
}

定义一个处理器Controller:

@Controller
public class MyController {
    @ResponseBody
    @RequestMapping("/my/haha")
    public String method() {
        System.out.println(">>>>>>>> MyController#method running ");
        return "haha";
    }
}

用java config的方式配置这两个拦截器:

@Configuration
@EnableWebMvc
public class MyWebMvcConfig implements WebMvcConfigurer {
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new Interceptor1()).addPathPatterns("/my/**");
        registry.addInterceptor(new Interceptor2()).addPathPatterns("/my/**");
    }
}

请求:http://localhost:9898/my/haha

控制台打印(亲测!!!):

>>>>>>>>>>>>> Interceptor1 preHandle() 
>>>>>>>>>>>>> Interceptor2 preHandle() 
>>>>>>>> MyController#method running 
>>>>>>>>>>>>> Interceptor2 postHandle() 
>>>>>>>>>>>>> Interceptor1 postHandle() 
>>>>>>>>>>>>> Interceptor2 afterCompletion() 
>>>>>>>>>>>>> Interceptor1 afterCompletion() 

注意拦截器的添加顺序!

如果我先添加的是第二个拦截器, 然后再添加第一个拦截器, 则输出为:

>>>>>>>>>>>>> Interceptor2 preHandle() 
>>>>>>>>>>>>> Interceptor1 preHandle() 
>>>>>>>> MyController#method running 
>>>>>>>>>>>>> Interceptor1 postHandle() 
>>>>>>>>>>>>> Interceptor2 postHandle() 
>>>>>>>>>>>>> Interceptor1 afterCompletion() 
>>>>>>>>>>>>> Interceptor2 afterCompletion() 

结论, 执行顺序 :
preHandle()(拦截器添加顺序正序) -> 目标处理器COntroller -> postHandle()(拦截器添加顺序反序) -> afterCompletion()(拦截器添加顺序反序)

额外的, 除了上述代码中通过java config方式配置拦截器, 也可通过xml文件的方式配置,例如:
springmvc.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd
        http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.1.xsd">
    <mvc:interceptors>
        <!--注意拦截器的配置顺序, 例如最后一个全局拦截器WholeScopeInterceptor
        的preHandle方法会在最后执行-->
        <mvc:interceptor>
            <mvc:mapping path="/my/**"/>
            <!--<mvc:exclude-mapping path="排除的路径"/>-->
            <bean class="com.example.demo.Interceptors.Interceptor1"/>
        </mvc:interceptor>
        <mvc:interceptor>
            <mvc:mapping path="/my/**"/>
            <bean class="com.example.demo.Interceptors.Interceptor2"/>
        </mvc:interceptor>
        <mvc:interceptor>
            <mvc:mapping path="/your/**"/>
            <bean class="com.example.demo.Interceptors.Interceptor3"/>
        </mvc:interceptor>
        <!--直接定义在<mvc:interceptors>一级的拦截器会拦截所有的请求-->
        <bean class="com.example.demo.Interceptors.WholeScopeInterceptor"/>
    </mvc:interceptors>
</beans>

来测试一下:

@Controller
public class YourController {
    @ResponseBody
    @RequestMapping("/your/haha")
    public String method() {
        System.out.println(">>>>>>>> YourController#method running ");
        return "haha";
    }
}

public class Interceptor3 implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
            throws Exception {
        System.err.println(">>>>>>>>>>>>> Interceptor3 preHandle() ");
        return true;
    }
    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
                            @Nullable ModelAndView modelAndView) throws Exception {
        System.err.println(">>>>>>>>>>>>> Interceptor3 postHandle() ");
    }
    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,
                                 @Nullable Exception ex) throws Exception {
        System.err.println(">>>>>>>>>>>>> Interceptor3 afterCompletion() ");
    }
}

public class WholeScopeInterceptor implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
            throws Exception {
        System.err.println(">>>>>>>>>>>>> WholeScopeInterceptor preHandle() ");
        return true;
    }
    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
                           @Nullable ModelAndView modelAndView) throws Exception {
        System.err.println(">>>>>>>>>>>>> WholeScopeInterceptor postHandle() ");
    }
    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,
                                @Nullable Exception ex) throws Exception {
        System.err.println(">>>>>>>>>>>>> WholeScopeInterceptor afterCompletion() ");
    }
}

请求http://localhost:9898/your/haha控制台输出:

>>>>>>>>>>>>> Interceptor3 preHandle() 
>>>>>>>>>>>>> WholeScopeInterceptor preHandle() 
>>>>>>>> YourController#method running 
>>>>>>>>>>>>> WholeScopeInterceptor postHandle() 
>>>>>>>>>>>>> Interceptor3 postHandle() 
>>>>>>>>>>>>> WholeScopeInterceptor afterCompletion() 
>>>>>>>>>>>>> Interceptor3 afterCompletion() 

请求http://localhost:9898/my/haha控制台输出:

    >>>>>>>>>>>>> Interceptor1 preHandle() 
    >>>>>>>>>>>>> Interceptor2 preHandle() 
    >>>>>>>>>>>>> WholeScopeInterceptor preHandle() 
    >>>>>>>> MyController#method running 
    >>>>>>>>>>>>> WholeScopeInterceptor postHandle() 
    >>>>>>>>>>>>> Interceptor2 postHandle() 
    >>>>>>>>>>>>> Interceptor1 postHandle() 
    >>>>>>>>>>>>> WholeScopeInterceptor afterCompletion() 
    >>>>>>>>>>>>> Interceptor2 afterCompletion() 
    >>>>>>>>>>>>> Interceptor1 afterCompletion() 

额外的, 由于pringboot强调0配置文件方式, 推荐使用java config的方式. 如果非要使用xml配置文件的方式, 可以在使用@Configuration的地方使用@ImportResource("springmvc.xml")导入该配置文件, 由于@SpringBootApplication注解被@Configuration所标注,所以在@SpringBootApplication处导入也是一样的:

@SpringBootApplication
@ImportResource("springmvc.xml")
public class DemoApplication {
    public static void main(String[] args) {
        SpringApplication.run(DemoApplication.class, args);
    }
//  @Bean
//  public MyClass newMyClass() {
//      return new MyClass();
//  }
}

说完SpringMvc的拦截器接下来说说servlet的Filter过滤器:
这里的Filter通常指的是javax.servlet.Filter, 该接口定义如下:

public interface Filter {
    void init(FilterConfig var1) throws ServletException;
    void doFilter(ServletRequest var1, ServletResponse var2, FilterChain var3) throws IOException, ServletException;
    void destroy();
}

Filter可以拦截所有到达java web server的HTTP请求(如果web.xml配置文件中将该Filter的url-pattern配置成<url-pattern>/*</url-pattern>), 包括到达指定servlet的请求, 静态资源例如xxx.html的请求等.

要定义自己的Filter需要实现javax.servlet.Filter接口:

import javax.servlet.*;
import java.io.IOException;
/**
 */
public class SimpleServletFilter implements Filter {
    public void init(FilterConfig filterConfig) throws ServletException {
    }
    public void doFilter(ServletRequest request, ServletResponse response,
                         FilterChain filterChain)
    throws IOException, ServletException {
    }
    public void destroy() {
    }
}

其中init()方法仅会在应用启动时执行一次, destroy()方法会在应用关闭时执行一次. 其中最重要的方法是doFilter()方法, 可在这个方法中对指定<url-pattern>xxx</url-pattern>的的所有请求的request对象进行过滤或阻塞.例如:

public void doFilter(ServletRequest request, ServletResponse response,
                     FilterChain filterChain)
throws IOException, ServletException {
    String myParam = request.getParameter("myParam");
    if(!"blockTheRequest".equals(myParam)){
        filterChain.doFilter(request, response);
    }
}

当请求达到这个过滤器的doFilter()方法, 判断request中是否有"blockTheRequest",如果有,则拦截该请求, 如果没有则通过filterChain.doFilter(request, response); 对该请求放行,让该请求到达下一个过滤器或者到达目标资源(如果这是最后一个filter).
配置自定义的拦截器需要在web.xml配置文件中配置, 例如:

<filter>
    <filter-name>myFilter</filter-name>
    <filter-class>servlets.SimpleServletFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>myFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

特别注意过滤器的配置顺序,过滤器的拦截顺序是以该文件中过滤器的配置顺序从上往下对请求进行过滤.

servlet Filter和SpringMVC拦截器的区别:

首先应用一段HandlerInterceptor接口中的doc注释

HandlerInterceptor is basically similar to a Servlet Filter, but in contrast to the latter it just allows custom pre-processing with the option of prohibiting the execution of the handler itself, and custom post-processing. Filters are more powerful, for example they allow for exchanging the request and response objects that are handed down the chain. Note that a filter gets configured in web.xml, a HandlerInterceptor in the application context.
As a basic guideline, fine-grained handler-related preprocessing tasks are candidates for HandlerInterceptor implementations, especially factored-out common handler code and authorization checks. On the other hand, a Filter is well-suited for request content and view content handling, like multipart forms and GZIP compression. This typically shows when one needs to map the filter to certain content types (e.g. images), or to all requests.

from:stack overflow 关于filter和SpringMVC拦截器的区别

postHandle will be called after handler method invocation but before the view being rendered. So, you can add more model objects to the view but you can not change the HttpServletResponse, since it has already committed. doFilter is much more versatile than the postHandle. You can change the request or response and pass it to the chain or even block the request processing.

HandlerInterceptor的postHandle()方法会在目标处理器Controller的目标方法被调用之后, 视图被渲染之前执行, 可以往执行结果ModelAndView中添加数据, 但是不能改变已经生成的HttpServletResponse对象 因为已经提交. 而Filter总的doFilter()方法则更强, 可以对HttpServletRequest和HttpServletResponse进行更改, 甚至是阻塞这个请求.

那什么时候用Filter什么时候用SpringMVC的拦截器呢?
from:stack overflow 关于filter和SpringMVC拦截器的区别

As the doc said, fine-grained handler-related preprocessing tasks are candidates for HandlerInterceptor implementations, especially factored-out common handler code and authorization checks. On the other hand, a Filter is well-suited for request content and view content handling, like multipart forms and GZIP compression. This typically shows when one needs to map the filter to certain content types (e.g. images), or to all requests.

如果是在基于Spring的项目中, 用Filter能做到的事情, HandelerInterceptor也能做到, 并且能做到更多(拦截器是Spring容器中的bean, 可以注入其他bean), 更优雅.
更多解释看这里1, 看这里2

额外的, Spring还有另一个拦截器接口org.springframework.web.context.request.WebRequestInterceptor
该接口的定义:

public interface WebRequestInterceptor {
    void preHandle(WebRequest request) throws Exception;
    void postHandle(WebRequest request, ModelMap model) throws Exception;
    void afterCompletion(WebRequest request, Exception ex) throws Exception;
}

你可能乍眼一看发现和HandlerInterceptor的接口定义好像, 但是看方法签名, 会发现里面只有request对象的封装对象, 而没有response对象, 就是说你没办法通过这个接口的方法改变response但是刻意对request做一些操作, 比如可以往request域对象中添加Hibernate SqlSession等.
该接口的preHandle()doc如是说:

Intercept the execution of a request handler before its invocation.
Allows for preparing context resources (such as a Hibernate Session) and expose them as request attributes or as thread-local objects

如果需要对处理器目标方法的执行结果做一些操作, 必须使用HandlerInterceptor而WebRequestInterceptor做不到!

更多关于HandlerInterceptor和WebRequestInterceptor区别 看这里

不正之处, 欢迎大佬指正, 相互学习!