本文主要用于记录在SpringBoot中过滤器的使用,以及使用过滤器进行防盗链。
一、使用过滤器强制用户登录后进入主页面。
/** * 登录过滤器 * * @author LIUTAO * @version 2017/5/3 * @see * @since */ @WebFilter(filterName="loginFilter",urlPatterns="/admin/*") public class LoginFilter implements Filter { private Logger logger = LoggerFactory.getLogger(LoginFilter.class); @Override public void init(FilterConfig filterConfig) throws ServletException { } @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { logger.debug("enter login filter"); HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; HttpSession session = request.getSession(); String path = request.getRequestURI(); AdmAccount user = (AdmAccount) session.getAttribute("admAccount"); //防止未登录用户从其他路径进入 if ("/admin/login".equals(path)) { filterChain.doFilter(servletRequest, servletResponse); return; } if (user == null) { logger.debug("enter error"); response.sendRedirect("/admin/login"); } else { logger.debug("enter success"); filterChain.doFilter(request, response); } } @Override public void destroy() { } }@EnableFeignClients(basePackages={"com.hongtu.supplychain.main"}) @EnableDiscoveryClient @SpringBootApplication @ServletComponentScan(basePackages = {"com.hongtu.supplychain"}) @ComponentScan(basePackages={"com.hongtu.supplychain.main"}) public class MainApplication { public static void main(String[] args) { SpringApplication.run(MainApplication.class, args); } } 注意:(1)在SpringBoot中使用过滤器需要在过滤器类上加@WebFilte注解,里面的参数filterName和urlPatterns分别是过滤器名称和需要过滤的地址。
(2)需要在程序启动类上添加@ServletComponentScan注解。
二、使用过滤器实现防盗链
package com.hongtu.supplychain.finance.filter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.core.env.Environment; import javax.servlet.*; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; /** * 防盗链过滤器 * * @author LIUTAO * @version 2017/5/3 * @see * @since */ @WebFilter(filterName="loginFilter",urlPatterns="/*") public class LoginFilter implements Filter { private Logger logger = LoggerFactory.getLogger(LoginFilter.class); @Autowired private Environment env; @Override public void init(FilterConfig filterConfig) throws ServletException { } @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; //防盗链 String mainReferer = env.getProperty("main.referer.url"); String purAndTraReferer = env.getProperty("purAndTra.referer.url"); String breakupOrderReferer = env.getProperty("breakupOrder.referer.url"); String batchModifyReferer = env.getProperty("batchModify.referer.url"); String referer = request.getHeader("referer"); if (referer.startsWith(mainReferer)||referer.startsWith(purAndTraReferer)||referer.startsWith(breakupOrderReferer)||referer.startsWith(batchModifyReferer)) { filterChain.doFilter(servletRequest, servletResponse); return; }else{ response.sendRedirect("/hongtu/v1/error"); } } @Override public void destroy() { } }注意:针对防盗链,需要获取到请求头的refer,然后将refer和放行的链接地址进行比对。
