在Spring中,filter默认继承OncePerRequestFilter,
OncePerRequestFilter源代码如下:
/* * Copyright 2002-2008 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.springframework.web.filter; import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * Filter base class that guarantees to be just executed once per request, * on any servlet container. It provides a {@link #doFilterInternal} * method with HttpServletRequest and HttpServletResponse arguments. * * <p>The {@link #getAlreadyFilteredAttributeName} method determines how * to identify that a request is already filtered. The default implementation * is based on the configured name of the concrete filter instance. * * @author Juergen Hoeller * @since 06.12.2003 */ public abstract class OncePerRequestFilter extends GenericFilterBean { /** * Suffix that gets appended to the filter name for the * "already filtered" request attribute. * @see #getAlreadyFilteredAttributeName */ public static final String ALREADY_FILTERED_SUFFIX = ".FILTERED"; /** * This <code>doFilter</code> implementation stores a request attribute for * "already filtered", proceeding without filtering again if the * attribute is already there. * @see #getAlreadyFilteredAttributeName * @see #shouldNotFilter * @see #doFilterInternal */ public final void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws ServletException, IOException { if (!(request instanceof HttpServletRequest) || !(response instanceof HttpServletResponse)) { throw new ServletException("OncePerRequestFilter just supports HTTP requests"); } HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; String alreadyFilteredAttributeName = getAlreadyFilteredAttributeName(); if (request.getAttribute(alreadyFilteredAttributeName) != null || shouldNotFilter(httpRequest)) { // Proceed without invoking this filter... filterChain.doFilter(request, response); } else { // Do invoke this filter... request.setAttribute(alreadyFilteredAttributeName, Boolean.TRUE); try { doFilterInternal(httpRequest, httpResponse, filterChain); } finally { // Remove the "already filtered" request attribute for this request. request.removeAttribute(alreadyFilteredAttributeName); } } } /** * Return the name of the request attribute that identifies that a request * is already filtered. * <p>Default implementation takes the configured name of the concrete filter * instance and appends ".FILTERED". If the filter is not fully initialized, * it falls back to its class name. * @see #getFilterName * @see #ALREADY_FILTERED_SUFFIX */ protected String getAlreadyFilteredAttributeName() { String name = getFilterName(); if (name == null) { name = getClass().getName(); } return name + ALREADY_FILTERED_SUFFIX; } /** * Can be overridden in subclasses for custom filtering control, * returning <code>true</code> to avoid filtering of the given request. * <p>The default implementation always returns <code>false</code>. * @param request current HTTP request * @return whether the given request should <i>not</i> be filtered * @throws ServletException in case of errors */ protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException { return false; } /** * Same contract as for <code>doFilter</code>, but guaranteed to be * just invoked once per request. Provides HttpServletRequest and * HttpServletResponse arguments instead of the default ServletRequest * and ServletResponse ones. */ protected abstract void doFilterInternal( HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException; }
OncePerRequestFilter,顾名思义,它能够确保在一次请求中只通过一次filter,而需要重复的执行。大家常识上都认为,一次请求本来就只filter一次,为什么还要由此特别限定呢,往往我们的常识和实际的实现并不真的一样,经过一番资料的查阅,此方法是为了兼容不同的web container,也就是说并不是所有的container都入我们期望的只过滤一次,servlet版本不同,执行过程也不同,
请看官方对OncePerRequestFilter的注释:
/** * Filter base class that guarantees to be just executed once per request, * on any servlet container. It provides a {@link #doFilterInternal} * method with HttpServletRequest and HttpServletResponse arguments. * * <p>The {@link #getAlreadyFilteredAttributeName} method determines how * to identify that a request is already filtered. The default implementation * is based on the configured name of the concrete filter instance. * * @author Juergen Hoeller * @since 06.12.2003 */
如:servlet2.3与servlet2.4也有一定差异:
在servlet2.3中,Filter会经过一切请求,包括服务器内部使用的forward转发请求和<%@ include file=”/login.jsp”%>的情况
servlet2.4中的Filter默认情况下只过滤外部提交的请求,forward和include这些内部转发都不会被过滤,因此,为了兼容各种不同运行环境和版本,默认filter继承OncePerRequestFilter是一个比较稳妥的选择
posted on
