OncePerRequestFilter的作用

OncePerRequestFilter的作用

在Spring中，filter默认继承OncePerRequestFilter，

OncePerRequestFilter源代码如下：

/* * Copyright 2002-2008 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * *      http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */package org.springframework.web.filter;import java.io.IOException;import javax.servlet.FilterChain;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;/** * Filter base class that guarantees to be just executed once per request, * on any servlet container. It provides a {@link #doFilterInternal} * method with HttpServletRequest and HttpServletResponse arguments. * * <p>The {@link #getAlreadyFilteredAttributeName} method determines how * to identify that a request is already filtered. The default implementation * is based on the configured name of the concrete filter instance. * * @author Juergen Hoeller * @since 06.12.2003 */public abstract class OncePerRequestFilter extends GenericFilterBean {    /**     * Suffix that gets appended to the filter name for the     * "already filtered" request attribute.     * @see #getAlreadyFilteredAttributeName     */    public static final String ALREADY_FILTERED_SUFFIX = ".FILTERED";    /**     * This <code>doFilter</code> implementation stores a request attribute for     * "already filtered", proceeding without filtering again if the     * attribute is already there.     * @see #getAlreadyFilteredAttributeName     * @see #shouldNotFilter     * @see #doFilterInternal     */    public final void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)            throws ServletException, IOException {        if (!(request instanceof HttpServletRequest) || !(response instanceof HttpServletResponse)) {            throw new ServletException("OncePerRequestFilter just supports HTTP requests");        }        HttpServletRequest httpRequest = (HttpServletRequest) request;        HttpServletResponse httpResponse = (HttpServletResponse) response;        String alreadyFilteredAttributeName = getAlreadyFilteredAttributeName();        if (request.getAttribute(alreadyFilteredAttributeName) != null || shouldNotFilter(httpRequest)) {            // Proceed without invoking this filter...            filterChain.doFilter(request, response);        }        else {            // Do invoke this filter...            request.setAttribute(alreadyFilteredAttributeName, Boolean.TRUE);            try {                doFilterInternal(httpRequest, httpResponse, filterChain);            }            finally {                // Remove the "already filtered" request attribute for this request.                request.removeAttribute(alreadyFilteredAttributeName);            }        }    }    /**     * Return the name of the request attribute that identifies that a request     * is already filtered.     * <p>Default implementation takes the configured name of the concrete filter     * instance and appends ".FILTERED". If the filter is not fully initialized,     * it falls back to its class name.     * @see #getFilterName     * @see #ALREADY_FILTERED_SUFFIX     */    protected String getAlreadyFilteredAttributeName() {        String name = getFilterName();        if (name == null) {            name = getClass().getName();        }        return name + ALREADY_FILTERED_SUFFIX;    }    /**     * Can be overridden in subclasses for custom filtering control,     * returning <code>true</code> to avoid filtering of the given request.     * <p>The default implementation always returns <code>false</code>.     * @param request current HTTP request     * @return whether the given request should <i>not</i> be filtered     * @throws ServletException in case of errors     */    protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException {        return false;    }    /**     * Same contract as for <code>doFilter</code>, but guaranteed to be     * just invoked once per request. Provides HttpServletRequest and     * HttpServletResponse arguments instead of the default ServletRequest     * and ServletResponse ones.     */    protected abstract void doFilterInternal(            HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)            throws ServletException, IOException;}

OncePerRequestFilter，顾名思义，它能够确保在一次请求中只通过一次filter，而需要重复的执行。大家常识上都认为，一次请求本来就只filter一次，为什么还要由此特别限定呢，往往我们的常识和实际的实现并不真的一样，经过一番资料的查阅，此方法是为了兼容不同的web container，也就是说并不是所有的container都入我们期望的只过滤一次，servlet版本不同，执行过程也不同，

请看官方对OncePerRequestFilter的注释：

/** * Filter base class that guarantees to be just executed once per request, * on any servlet container. It provides a {@link #doFilterInternal} * method with HttpServletRequest and HttpServletResponse arguments. * * <p>The {@link #getAlreadyFilteredAttributeName} method determines how * to identify that a request is already filtered. The default implementation * is based on the configured name of the concrete filter instance. * * @author Juergen Hoeller * @since 06.12.2003 */

如：servlet2.3与servlet2.4也有一定差异：

在servlet2.3中，Filter会经过一切请求，包括服务器内部使用的forward转发请求和<%@ include file=”/login.jsp”%>的情况servlet2.4中的Filter默认情况下只过滤外部提交的请求，forward和include这些内部转发都不会被过滤，

因此，为了兼容各种不同运行环境和版本，默认filter继承OncePerRequestFilter是一个比较稳妥的选择

TAG: