一、基础概念
1.1 spring mvc是什么?
Spring 框架提供了构建 Web 应用程序的全功能 MVC 模块。使用 Spring 可插入的 MVC 架构,可以选择是使用内置的 Spring Web 框架还是 Struts 这样的 Web 框架。通过策略接口,Spring 框架是高度可配置的,而且包含多种视图技术,例如 JavaServer Pages(JSP)技术、Velocity、Tiles、iText 和 POI。Spring MVC 框架并不知道使用的视图,所以不会强迫您只使用 JSP 技术。
Spring MVC 分离了控制器、模型对象、分派器以及解析视图的角色,这种分离让它们更容易进行定制。
自我总结:
简单的说就是web应用程序MVC架构的一种实现框架
Spring MVC的优点:
- 容易和其它View框架(Titles等)无缝集成,采用IOC便于测试。
- 它是一个典型的教科书式的mvc构架,而不像struts等都是变种或者不是完全基于mvc系统的框架,spring适用于初学者或者想了解mvc的人。
- 它和tapestry一样是一个纯正的servlet系统,这也是它和tapestry相比
struts所没有的优势。而且框架本身有代码,而且看起来也不费劲比较简单可以理解。
1.2 Spring MVC的运行流程简介
- 客户端请求提交到DispatcherServlet
- 由DispatcherServlet控制器查询一个或多个HandlerMapping,找到处理请求的Controller
- DispatcherServlet将请求提交到Controller类,Controller调用业务逻辑处理后,返回ModelAndView
- DispatcherServlet查询一个或多个ViewResoler视图解析器,找到ModelAndView指定的视图
- 视图负责将结果显示到客户端
二、实现原理
2.1 spring mvc整体处理流程
各个组件职责
1.DisPatcherServlet(前端控制器):调用init方法进行初始化,调用doDispatch(request, response)方法进行请求逻辑处理
2.HandlerMapping(处理器映射器):调用HandlerMapping的getHandler方法找到获得HandlerExecutionChain,没有找到则返回404.
HandlerExecutionChain对象里面就包含了handler和interceptors,即找到@RequestMapping注解配置对应的Controller类和method
3.HandlerAdapter(处理器适配器:根据HandlerMapping所映射的方法,找到适合的处理器交给相应的处理器进行处理。并且会对视图类型进行适配。
4.HandLer:处理器(需要程序员开发),对所适配的方法进行处理。
2.2 核心组件
各个组件的合作关系如下:
2.2.1 DisPatcherServlet
其结构如图
DisPatcherServlet实际上继承了HttpServlet,既可以说spring MVC实质就是对servlet的实现。
各个组件的责任
- HttpServletBean
主要做一些初始化的工作,将web.xml中配置的参数设置到Servlet中。比如servlet标签的子标签init-param标签中配置的参数。
- FrameworkServlet
将Servlet与Spring容器上下文关联。其实也就是初始化FrameworkServlet的属性webApplicationContext,这个属性代表SpringMVC上下文,它有个父类上下文,既web.xml中配置的ContextLoaderListener监听器初始化的容器上下文。FrameworkServlet会实现service方法,而DispatcherServlet不会实现service方法,DispatcherServlet只是重写了doService方法。
- DispatcherServlet
初始化各个功能的实现类。比如异常处理、视图处理、请求映射处理等。
HttpServletBean:
主要做参与创建工作,不会涉及进行请求的处理。该类的结构如图
FrameworkServlet:
FrameworkServlet重写了HttpServlet的service方法,所以web的请求实际上是交给了FrameworkServlet的service方法进行了处理。
其源码如下:
/**
* Override the parent class implementation in order to intercept PATCH requests.
*/
@Override
protected void service(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
HttpMethod httpMethod = HttpMethod.resolve(request.getMethod());
if (HttpMethod.PATCH == httpMethod || httpMethod == null) {
//真正的处理逻辑
processRequest(request, response);
}
else {
super.service(request, response);
}
}
processRequest(request, response)方法源码如下
/**
* Process this request, publishing an event regardless of the outcome.
* <p>The actual event handling is performed by the abstract
* {@link #doService} template method.
*/
protected final void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
long startTime = System.currentTimeMillis();
Throwable failureCause = null;
LocaleContext previousLocaleContext = LocaleContextHolder.getLocaleContext();
LocaleContext localeContext = buildLocaleContext(request);
RequestAttributes previousAttributes = RequestContextHolder.getRequestAttributes();
ServletRequestAttributes requestAttributes = buildRequestAttributes(request, response, previousAttributes);
WebAsyncManager asyncManager = WebAsyncUtils.getAsyncManager(request);
asyncManager.registerCallableInterceptor(FrameworkServlet.class.getName(), new RequestBindingInterceptor());
initContextHolders(request, localeContext, requestAttributes);
try {
//真正的处理逻辑
doService(request, response);
}
catch (ServletException ex) {
failureCause = ex;
throw ex;
}
catch (IOException ex) {
failureCause = ex;
throw ex;
}
catch (Throwable ex) {
failureCause = ex;
throw new NestedServletException("Request processing failed", ex);
}
finally {
resetContextHolders(request, previousLocaleContext, previousAttributes);
if (requestAttributes != null) {
requestAttributes.requestCompleted();
}
if (logger.isDebugEnabled()) {
if (failureCause != null) {
this.logger.debug("Could not complete request", failureCause);
}
else {
if (asyncManager.isConcurrentHandlingStarted()) {
logger.debug("Leaving response open for concurrent processing");
}
else {
this.logger.debug("Successfully completed request");
}
}
}
publishRequestHandledEvent(request, response, startTime, failureCause);
}
}
正真请求处理的实际上是doService(request, response),更据模板设计模式的思想,doService的具体实现将会交给下层进行实现,即交给了DispatcherServlet的doService方法进行处理。
DispatcherServlet的doService方法的源码如下
/**
* Exposes the DispatcherServlet-specific request attributes and delegates to {@link #doDispatch}
* for the actual dispatching.
*/
@Override
protected void doService(HttpServletRequest request, HttpServletResponse response) throws Exception {
if (logger.isDebugEnabled()) {
String resumed = WebAsyncUtils.getAsyncManager(request).hasConcurrentResult() ? " resumed" : "";
logger.debug("DispatcherServlet with name '" + getServletName() + "'" + resumed +
" processing " + request.getMethod() + " request for [" + getRequestUri(request) + "]");
}
// Keep a snapshot of the request attributes in case of an include,
// to be able to restore the original attributes after the include.
Map<String, Object> attributesSnapshot = null;
if (WebUtils.isIncludeRequest(request)) {
attributesSnapshot = new HashMap<String, Object>();
Enumeration<?> attrNames = request.getAttributeNames();
while (attrNames.hasMoreElements()) {
String attrName = (String) attrNames.nextElement();
if (this.cleanupAfterInclude || attrName.startsWith("org.springframework.web.servlet")) {
attributesSnapshot.put(attrName, request.getAttribute(attrName));
}
}
}
// Make framework objects available to handlers and view objects.
request.setAttribute(WEB_APPLICATION_CONTEXT_ATTRIBUTE, getWebApplicationContext());
request.setAttribute(LOCALE_RESOLVER_ATTRIBUTE, this.localeResolver);
request.setAttribute(THEME_RESOLVER_ATTRIBUTE, this.themeResolver);
request.setAttribute(THEME_SOURCE_ATTRIBUTE, getThemeSource());
FlashMap inputFlashMap = this.flashMapManager.retrieveAndUpdate(request, response);
if (inputFlashMap != null) {
request.setAttribute(INPUT_FLASH_MAP_ATTRIBUTE, Collections.unmodifiableMap(inputFlashMap));
}
request.setAttribute(OUTPUT_FLASH_MAP_ATTRIBUTE, new FlashMap());
request.setAttribute(FLASH_MAP_MANAGER_ATTRIBUTE, this.flashMapManager);
try {
//最终的核心实现是交给了doDispatch进行处理
doDispatch(request, response);
}
finally {
if (!WebAsyncUtils.getAsyncManager(request).isConcurrentHandlingStarted()) {
// Restore the original attribute snapshot, in case of an include.
if (attributesSnapshot != null) {
restoreAttributesAfterInclude(request, attributesSnapshot);
}
}
}
}
DispatcherServlet的doService方法实际最终的核心实现是交给了doDispatch进行处理
1.初始化
DispatcherServlet初始化的逻辑主要是在initStrategies方法里面进行基本实现的。
org.springframework.web.servlet.DispatcherServlet#initStrategies
源码分析如下
/**
* This implementation calls {@link #initStrategies}.
*/
@Override
protected void onRefresh(ApplicationContext context) {
initStrategies(context);
}
/**
* Initialize the strategy objects that this servlet uses.
* <p>May be overridden in subclasses in order to initialize further strategy objects.
*/
protected void initStrategies(ApplicationContext context) {
initMultipartResolver(context);
initLocaleResolver(context);
initThemeResolver(context);
initHandlerMappings(context);
initHandlerAdapters(context);
initHandlerExceptionResolvers(context);
initRequestToViewNameTranslator(context);
initViewResolvers(context);
initFlashMapManager(context);
}
2.处理请求
更据前面的分析springmvc的请求链为:
FrameworkServlet的service(HttpServletRequest request, HttpServletResponse response)方法
到Service方法的processRequest(request, response)
到processRequest的doService(request, response)
到DispatcherServlet的doService
到doService的doDispatch(request, response);
故DispatcherServlet正真进行处理请求逻辑核心是在doDispatch方法里进行实现的
源码分析如下
/**
* Process the actual dispatching to the handler.
* <p>The handler will be obtained by applying the servlet's HandlerMappings in order.
* The HandlerAdapter will be obtained by querying the servlet's installed HandlerAdapters
* to find the first that supports the handler class.
* <p>All HTTP methods are handled by this method. It's up to HandlerAdapters or handlers
* themselves to decide which methods are acceptable.
* @param request current HTTP request
* @param response current HTTP response
* @throws Exception in case of any kind of processing failure
*/
protected void doDispatch(HttpServletRequest request, HttpServletResponse response) throws Exception {
HttpServletRequest processedRequest = request;
HandlerExecutionChain mappedHandler = null;
boolean multipartRequestParsed = false;
WebAsyncManager asyncManager = WebAsyncUtils.getAsyncManager(request);
try {
ModelAndView mv = null;
Exception dispatchException = null;
try {
processedRequest = checkMultipart(request);
multipartRequestParsed = (processedRequest != request);
// Determine handler for the current request.
//获取HandlerExecutionChain
mappedHandler = getHandler(processedRequest);
//没有找到handler就进行提示404
if (mappedHandler == null || mappedHandler.getHandler() == null) {
noHandlerFound(processedRequest, response);
return;
}
// Determine handler adapter for the current request.
HandlerAdapter ha = getHandlerAdapter(mappedHandler.getHandler());
// Process last-modified header, if supported by the handler.
String method = request.getMethod();
boolean isGet = "GET".equals(method);
if (isGet || "HEAD".equals(method)) {
long lastModified = ha.getLastModified(request, mappedHandler.getHandler());
if (logger.isDebugEnabled()) {
logger.debug("Last-Modified value for [" + getRequestUri(request) + "] is: " + lastModified);
}
if (new ServletWebRequest(request, response).checkNotModified(lastModified) && isGet) {
return;
}
}
//调用HandlerInterceptor的preHandle方法
if (!mappedHandler.applyPreHandle(processedRequest, response)) {
return;
}
// Actually invoke the handler.
mv = ha.handle(processedRequest, response, mappedHandler.getHandler());
if (asyncManager.isConcurrentHandlingStarted()) {
return;
}
applyDefaultViewName(processedRequest, mv);
//调用HandlerInterceptor的postHandle方法
mappedHandler.applyPostHandle(processedRequest, response, mv);
}
catch (Exception ex) {
dispatchException = ex;
}
catch (Throwable err) {
// As of 4.3, we're processing Errors thrown from handler methods as well,
// making them available for @ExceptionHandler methods and other scenarios.
dispatchException = new NestedServletException("Handler dispatch failed", err);
}
processDispatchResult(processedRequest, response, mappedHandler, mv, dispatchException);
}
catch (Exception ex) {
triggerAfterCompletion(processedRequest, response, mappedHandler, ex);
}
catch (Throwable err) {
triggerAfterCompletion(processedRequest, response, mappedHandler,
new NestedServletException("Handler processing failed", err));
}
finally {
if (asyncManager.isConcurrentHandlingStarted()) {
// Instead of postHandle and afterCompletion
if (mappedHandler != null) {
mappedHandler.applyAfterConcurrentHandlingStarted(processedRequest, response);
}
}
else {
// Clean up any resources used by a multipart request.
if (multipartRequestParsed) {
cleanupMultipart(processedRequest);
}
}
}
}
2.2.2 HandlerMapping
HandlerMapping接口的结构图:
HandlerMapping接口只有一个方法getHandler,它的作用就是更据HttpServletRequest找到对应的Handler和interceptors,它的方法如下:
public interface HandlerMapping {
/**
* Return a handler and any interceptors for this request. The choice may be made
* on request URL, session state, or any factor the implementing class chooses.
* <p>The returned HandlerExecutionChain contains a handler Object, rather than
* even a tag interface, so that handlers are not constrained in any way.
* For example, a HandlerAdapter could be written to allow another framework's
* handler objects to be used.
* <p>Returns {@code null} if no match was found. This is not an error.
* The DispatcherServlet will query all registered HandlerMapping beans to find
* a match, and only decide there is an error if none can find a handler.
* @param request current HTTP request
* @return a HandlerExecutionChain instance containing handler object and
* any interceptors, or {@code null} if no mapping found
* @throws Exception if there is an internal error
*/
HandlerExecutionChain getHandler(HttpServletRequest request) throws Exception;
HandlerMapping接口的实现类主要为RequestMappingHandlerMapping类,其结构:
获取Handler的逻辑是遍历所有的HandlerMapping的getHandler方法直到找到对应的handler(可以理解为匹配@RequestMapping(“/account/queryAccountByConditionPager”)上的路径,匹配上了就表示找到了对应的Handler),
其org.springframework.web.servlet.DispatcherServlet#getHandler源码如下:
/**
* Return the HandlerExecutionChain for this request.
* <p>Tries all handler mappings in order.
* @param request current HTTP request
* @return the HandlerExecutionChain, or {@code null} if no handler could be found
*/
protected HandlerExecutionChain getHandler(HttpServletRequest request) throws Exception {
for (HandlerMapping hm : this.handlerMappings) {
if (logger.isTraceEnabled()) {
logger.trace(
"Testing handler map [" + hm + "] in DispatcherServlet with name '" + getServletName() + "'");
}
HandlerExecutionChain handler = hm.getHandler(request);
if (handler != null) {
return handler;
}
}
return null;
}
实现了HandlerMapping接口的类主要有以下几种,一般的实现是通过RequestMappingHandlerMapping类来进行实现的。
RequestMappingHandlerMapping类是使用AbstractHandlerMapping的getHandler方法来获取HandlerExecutionChain的。
其中org.springframework.web.servlet.handler.AbstractHandlerMapping#getHandler源码如下:
/**
* Look up a handler for the given request, falling back to the default
* handler if no specific one is found.
* @param request current HTTP request
* @return the corresponding handler instance, or the default handler
* @see #getHandlerInternal
*/
@Override
@Nullable
public final HandlerExecutionChain getHandler(HttpServletRequest request) throws Exception {
Object handler = getHandlerInternal(request);
if (handler == null) {
handler = getDefaultHandler();
}
if (handler == null) {
return null;
}
// Bean name or resolved handler?
if (handler instanceof String) {
String handlerName = (String) handler;
handler = obtainApplicationContext().getBean(handlerName);
}
HandlerExecutionChain executionChain = getHandlerExecutionChain(handler, request);
if (CorsUtils.isCorsRequest(request)) {
CorsConfiguration globalConfig = this.globalCorsConfigSource.getCorsConfiguration(request);
CorsConfiguration handlerConfig = getCorsConfiguration(handler, request);
CorsConfiguration config = (globalConfig != null ? globalConfig.combine(handlerConfig) : handlerConfig);
executionChain = getCorsHandlerExecutionChain(request, executionChain, config);
}
return executionChain;
}
获取getHandlerInternal方法可以看到是返回的是HandlerMethod。
其org.springframework.web.servlet.handler.AbstractHandlerMethodMapping#getHandlerInternal源码如下:
/**
* Look up a handler method for the given request.
*/
@Override
protected HandlerMethod getHandlerInternal(HttpServletRequest request) throws Exception {
String lookupPath = getUrlPathHelper().getLookupPathForRequest(request);
if (logger.isDebugEnabled()) {
logger.debug("Looking up handler method for path " + lookupPath);
}
this.mappingRegistry.acquireReadLock();
try {
HandlerMethod handlerMethod = lookupHandlerMethod(lookupPath, request);
if (logger.isDebugEnabled()) {
if (handlerMethod != null) {
logger.debug("Returning handler method [" + handlerMethod + "]");
}
else {
logger.debug("Did not find handler method for [" + lookupPath + "]");
}
}
return (handlerMethod != null ? handlerMethod.createWithResolvedBean() : null);
}
finally {
this.mappingRegistry.releaseReadLock();
}
}
获取到的Handler的数据结构如下
Handler的实列为HandlerMethod,他主要负责准备数据,他持有了Method属性,可以invoke方法执行具体请求。
HandlerMethod
HandlerMethod的结构如下:
public class HandlerMethod {
/** Logger that is available to subclasses */
protected final Log logger = LogFactory.getLog(getClass());
private final Object bean;
@Nullable
private final BeanFactory beanFactory;
private final Class<?> beanType;
private final Method method;
private final Method bridgedMethod;
private final MethodParameter[] parameters;
@Nullable
private HttpStatus responseStatus;
@Nullable
private String responseStatusReason;
@Nullable
private HandlerMethod resolvedFromHandlerMethod;
}
Handler实际上就是spring容器中被@Controller标识的bean及被@RequestMapping标识的method,即处理请求的类及所对应的方法
2.2.3 HandlerAdapter
HandlerAdapter接口的结构图:
一般实现类为RequestMappingHandlerAdapter类。
HandlerAdapter才是真正使用handler来进行处理开发者的业务逻辑的。其源码如下
public interface HandlerAdapter {
/**
* 判断当前的 HandlerAdapter 是否支持这个 Handler
* Given a handler instance, return whether or not this {@code HandlerAdapter}
* can support it. Typical HandlerAdapters will base the decision on the handler
* type. HandlerAdapters will usually only support one handler type each.
* <p>A typical implementation:
* <p>{@code
* return (handler instanceof MyHandler);
* }
* @param handler handler object to check
* @return whether or not this object can use the given handler
*/
boolean supports(Object handler);
/**
* 利用参数中的 Handler 处理请求
* Use the given handler to handle this request.
* The workflow that is required may vary widely.
* @param request current HTTP request
* @param response current HTTP response
* @param handler handler to use. This object must have previously been passed
* to the {@code supports} method of this interface, which must have
* returned {@code true}.
* @throws Exception in case of errors
* @return ModelAndView object with the name of the view and the required
* model data, or {@code null} if the request has been handled directly
*/
ModelAndView handle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception;
/**
* Same contract as for HttpServlet's {@code getLastModified} method.
* Can simply return -1 if there's no support in the handler class.
* @param request current HTTP request
* @param handler handler to use
* @return the lastModified value for the given handler
* @see javax.servlet.http.HttpServlet#getLastModified
* @see org.springframework.web.servlet.mvc.LastModified#getLastModified
*/
long getLastModified(HttpServletRequest request, Object handler);
HandlerAdapter最主要的就是supports和handle方法,supports方法用来找到支持Handler的HandlerAdapter,handle方法用来处理请求。
1.获取HandlerAdapter
获取HandlerAdapter与获取handler的思路非常相似,也是通过遍历的方式,遍历所有的HandlerAdapter来找到对应的HandlerAdapter,其源码如下
/**
* Return the HandlerAdapter for this handler object.
* @param handler the handler object to find an adapter for
* @throws ServletException if no HandlerAdapter can be found for the handler. This is a fatal error.
*/
protected HandlerAdapter getHandlerAdapter(Object handler) throws ServletException {
for (HandlerAdapter ha : this.handlerAdapters) {
if (logger.isTraceEnabled()) {
logger.trace("Testing handler adapter [" + ha + "]");
}
//找到对应的HandlerAdapter
if (ha.supports(handler)) {
return ha;
}
}
throw new ServletException("No adapter for handler [" + handler +
"]: The DispatcherServlet configuration needs to include a HandlerAdapter that supports this handler");
}
实现了HandlerAdapter接口的类主要有以下几种,一般的实现是通过RequestMappingHandlerAdapter类来进行实现的
找到对应的HandlerAdapter接口的实现类就可以处理业务了,调用HandlerAdapter接口的handle方法进行处理,如下
// Actually invoke the handler.
mv = ha.handle(processedRequest, response, mappedHandler.getHandler());
三. Spring MVC中的拦截器
1. HandlerInterceptor 接口
spring mvc 提供了org.springframework.web.servlet.HandlerInterceptor接口用来控制拦截,源码如下:
public interface HandlerInterceptor {
boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception;
void postHandle(
HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView)
throws Exception;
void afterCompletion(
HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception;
}
preHandle:在业务处理器处理请求之前被调用。预处理,可以进行编码、安全控制等处理;
postHandle:在业务处理器处理请求执行完成后,生成视图之前执行。后处理(调用了Service并返回ModelAndView,但未进行页面渲染),有机会修改ModelAndView;
afterCompletion:在DispatcherServlet完全处理完请求后被调用,可用于清理资源等。返回处理(已经渲染了页面),可以根据ex是否为null判断是否发生了异常,进行日志记录;
1. HandlerInterceptorAdapter类
Spring MVC提供的org.springframework.web.servlet.handler.HandlerInterceptorAdapter这个适配器,继承此类,可以非常方便的实现自己的拦截器。
HandlerInterceptorAdapter的源码如下:
public abstract class HandlerInterceptorAdapter implements AsyncHandlerInterceptor {
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)throws Exception {
return true;
}
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView)throws Exception {
}
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)throws Exception {
}
}
它的主要作用是对HandlerInterceptor接口进行了默认实现,即使用到默认适配器模式。
2. HandlerExecutionChain组件
它包含了三个核心属性
Object handler;不做过多介绍,存储的对象是HandlerMethod
HandlerInterceptor[] interceptors :所有的HandlerInterceptor的数组
List interceptorList:所有的HandlerInterceptor的链表
HandlerExecutionChain主要就用来执行HandlerInterceptor接口中的方法。其部分源码如下:
/**
* Apply preHandle methods of registered interceptors.
* @return {@code true} if the execution chain should proceed with the
* next interceptor or the handler itself. Else, DispatcherServlet assumes
* that this interceptor has already dealt with the response itself.
*/
boolean applyPreHandle(HttpServletRequest request, HttpServletResponse response) throws Exception {
HandlerInterceptor[] interceptors = getInterceptors();
if (!ObjectUtils.isEmpty(interceptors)) {
for (int i = 0; i < interceptors.length; i++) {
HandlerInterceptor interceptor = interceptors[i];
if (!interceptor.preHandle(request, response, this.handler)) {
triggerAfterCompletion(request, response, null);
return false;
}
this.interceptorIndex = i;
}
}
return true;
}
/**
* Apply postHandle methods of registered interceptors.
*/
void applyPostHandle(HttpServletRequest request, HttpServletResponse response, @Nullable ModelAndView mv)
throws Exception {
HandlerInterceptor[] interceptors = getInterceptors();
if (!ObjectUtils.isEmpty(interceptors)) {
for (int i = interceptors.length - 1; i >= 0; i--) {
HandlerInterceptor interceptor = interceptors[i];
interceptor.postHandle(request, response, this.handler, mv);
}
}
}
这个拦截器链执行流程核心为通过遍历执行。
2. 拦截器执行流程
3. 拦截器获取参数
在拦截器中获取接口参数的时候需要分两种情况:
情况一:接口使用 @RequestParam 接收参数
情况二:接口使用 @RequestBody 接收参数
针对情况一,代码写起来就非常简单了,我们只需要在拦截器中通过request.getParameterMap() 来获得全部 Parameter 参数就可以了;但是当接口使用 @RequestBody 接收参数时,我们在拦截器中使用同样的方法获取参数,就会出现流已关闭的异常,也就导致参数读取失败了 … 这是因为 Spring 已经对 @RequestBody 提前进行处理,而 HttpServletReqeust 获取输入流时仅允许读取一次,所以会报java.io.IOException: Stream closed。
俗话说“繁琐问题必有猥琐解法”,既然 HttpServletReqeust 获取输入流时仅允许读取一次,那么我们就可以重新构建 ServletRequest ,让输入流支持二次读取就可以了 ( •̀ ω •́ )y
1.带@RequestBody注解
直接上代码吧
1.定义过滤器,所有请求先进入过滤器,并将 request 进行处理
/**
* 公司处理拦截器
*
* @author daiwei
*/
@Slf4j
public class CpCompanyInterceptor implements AsyncHandlerInterceptor {
/**
* 白名单
*/
private static final List<String> blacklistUri = Lists.newArrayList(
"/common/queryMyCompanies",
"/common/chooseCurrentCompany");
/**
* 调度任务请求
*/
private static final List<String> schedulerListUri = Lists.newArrayList(
"/proPre/commitGenerateProPre",
"/proPre/commitInventoryProPre",
"/proPre/refreshProPre");
@Autowired
CommonBo commonBo;
@Autowired
TokenService tokenService;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
MDC.put("tid", UUID.randomUUID().toString());
if (!(handler instanceof HandlerMethod)) {
return true;
}
// 白名单放行
String requestURI = request.getRequestURI();
boolean matchBlack = blacklistUri.stream().anyMatch(p -> Objects.equals(p, requestURI));
if (matchBlack) {
return true;
}
boolean matchScheduler = schedulerListUri.stream().anyMatch(p -> Objects.equals(p, requestURI));
if (matchScheduler) {
Map parameterMap = convertParameterToMap(request);
SecurityContextHolder.set(SecurityConstants.CURRENT_COMPANY_CODE, parameterMap.get("companyCode"));
SecurityContextHolder.set(SecurityConstants.CURRENT_COMPANY_NAME, parameterMap.get("companyName"));
MDC.put("company", parameterMap.get("companyName").toString());
return true;
}
// 获取当前的用户
LoginUser loginUser = tokenService.getLoginUser(request);
if (log.isDebugEnabled()) {
log.debug("=============当前用户信息={}", JSONUtil.toJsonStr(loginUser));
}
//这里直接放行,为了兼容knife4j等静态资源. 登录的校验应该由上层拦截器拦截
if (Objects.isNull(loginUser)) {
return true;
}
//当前已经选择使用的公司
CompanyDto myChooseCompany = loginUser.getCurrentCompanyDto();
if (Objects.nonNull(myChooseCompany)) {
SecurityContextHolder.set(SecurityConstants.CURRENT_COMPANY_CODE, myChooseCompany.getCompanyCode());
SecurityContextHolder.set(SecurityConstants.CURRENT_COMPANY_NAME, myChooseCompany.getCompanyName());
MDC.put("company", myChooseCompany.getCompanyName());
return true;
}
List<CompanyBaseVo> companyBaseVoList = commonBo.queryMyCompany();
if (CollectionUtil.isEmpty(companyBaseVoList)) {
log.error("当前用户无公司权限!username={}", loginUser.getUsername());
throw new NotCompanyException(I18nGeneralConstants.PERMISSION_DENIED);
}
if (companyBaseVoList.size() >= 2) {
log.error("当前用户有多个公司,请先选择对应公司!username={}", loginUser.getUsername());
throw new NotCompanyException(I18nPoultryConstants.EXCEED_ONE_COMPANY_ERROR);
}
CompanyBaseVo currentCompany = ListUtil.findFirst(companyBaseVoList);
SecurityContextHolder.set(SecurityConstants.CURRENT_COMPANY_CODE, currentCompany.getCompanyCode());
SecurityContextHolder.set(SecurityConstants.CURRENT_COMPANY_NAME, currentCompany.getCompanyName());
MDC.put("company", currentCompany.getCompanyName());
return true;
}
private Map convertParameterToMap(HttpServletRequest request) throws IOException {
if (Objects.equals(HttpMethod.POST.name(), request.getMethod().toUpperCase())
&& Objects.equals(MediaType.APPLICATION_JSON_VALUE, request.getContentType())) {
RequestWrapper requestWrapper = new RequestWrapper(request);
Map map = JSONUtil.toBean(requestWrapper.getRequestBody(), Map.class);
return map;
}
Map<String, String[]> parameterMap = request.getParameterMap();
return ServletUtils.getParamMap(request);
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object arg2, Exception arg3)
throws Exception {
MDC.remove("company");
MDC.remove("tid");
}
}
2.工具类,获取请求的 body 体
package com.cpsc.poultry.interceptor;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
/**
* @author daiwei
*/
public class RequestWrapper extends HttpServletRequestWrapper {
private String requestBody;
public RequestWrapper(HttpServletRequest request) throws IOException {
super(request);
this.requestBody = parseRequestBody(request);
}
/**
* @return
* @throws IOException
*/
@Override
public ServletInputStream getInputStream() throws IOException {
final ByteArrayInputStream bais = new ByteArrayInputStream(requestBody.getBytes(StandardCharsets.UTF_8));
return new ServletInputStream() {
@Override
public boolean isFinished() {
return false;
}
@Override
public boolean isReady() {
return false;
}
@Override
public void setReadListener(ReadListener listener) {
}
@Override
public int read() {
return bais.read();
}
};
}
public String getRequestBody() {
return requestBody;
}
private String parseRequestBody(HttpServletRequest request) {
String line = "";
StringBuilder body = new StringBuilder();
int counter = 0;
try {
// 读取POST提交的数据内容
BufferedReader reader = new BufferedReader(new InputStreamReader(request.getInputStream()));
while ((line = reader.readLine()) != null) {
if (counter > 0) {
body.append("rn");
}
body.append(line);
counter++;
}
} catch (IOException e) {
e.printStackTrace();
}
return body.toString();
}
@Override
public BufferedReader getReader() throws IOException {
return new BufferedReader(new InputStreamReader(this.getInputStream()));
}
}
重要组件
1.HttpServletRequestWrapper
可以继承HttpServletRequestWrapper来重写request的相关方法。其部分源码如下:
public class HttpServletRequestWrapper extends ServletRequestWrapper implements HttpServletRequest {
/**
* The default behavior of this method is to return getParameter(String name)
* on the wrapped request object.
*/
public String getParameter(String name) {
return this.request.getParameter(name);
}
/**
* The default behavior of this method is to return getParameterMap()
* on the wrapped request object.
*/
public Map getParameterMap() {
return this.request.getParameterMap();
}
}
思考
1.spring的controller是单例还是多例,怎么保证并发的安全。
Spring中的Bean默认是单例模式的,框架并没有对bean进行多线程的封装处理。故是线程不安全的。
那如何保证并发的安全?
1.最简单的办法就是改变bean的作用域 把 "singleton"改为’‘protopyte’ 这样每次请求Bean就相当于是 new Bean() 这样就可以保证线程的
安全了。但在实际中并不这样使用,因为增加了jvm的内存开销。
2.另一种看变量是否是有状态的。
- 有状态就是有数据存储功能,比如一些全局变量。
- 无状态就是不会保存数据 controller、service和dao层本身并不是线程安全的,只是如果只是调用里面的方法,而且多线程调用一个实例的方法,会在内存中复制变量,这是自己的线程的工 作内存,是安全的。
3.看变量是想线程私有还是共享。
线程私有:那么就使用ThreadLocal把变量变为线程私有的。
线程共享:那么就只能使用synchronized、lock、CAS等这些实现线程同步的方法了。
扩展:
Spring 中的 Bean 是线程安全的吗?
对于单例存在线程共享,故不是线程安全的,但作用域如果是为多例的,每个线程会有一个实例故是线程安全的。
参考资料
1.SpringMVC源码分析系列https://www.cnblogs.com/fangjian0423/p/springMVC-directory-summary.html
2.SpringMVC流程架构图 https://www.cnblogs.com/HigginCui/p/5856780.html
3.书籍《看透springmvc源代码分析与实践》
4.Spring MVC中的拦截器/过滤器HandlerInterceptorAdapter的使用 https://www.cnblogs.com/EasonJim/p/7704740.html
5.springMVC源码分析–HandlerInterceptor拦截器调用过程(二)https://blog.youkuaiyun.com/qq924862077/article/details/53541678?utm_medium=distribute.pc_relevant_t0.none-task-blog-BlogCommendFromMachineLearnPai2-1.channel_param&depth_1-utm_source=distribute.pc_relevant_t0.none-task-blog-BlogCommendFromMachineLearnPai2-1.channel_param
扫一扫
627
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
