1. Overview
1.概述
The DelegatingFilterProxy is a servlet filter that allows passing control to Filter classes that have access to the Spring application context. Spring Security relies on this technique heavily.
DelegatingFilterProxy是一个servlet过滤器,它允许将控制权传递给能够访问Spring应用上下文的Filter类。Spring Security在很大程度上依赖于这种技术。
In this tutorial, we’ll cover it in detail.
在本教程中,我们将详细介绍它。
2. DelegatingFilterProxy
2.DelegatingFilterProxy
The Javadoc for DelegatingFilterProxy states that it’s a
DelegatingFilterProxy的Javadoc指出,它是一个
Proxy for a standard Servlet Filter, delegating to a Spring-managed bean that implements the Filter interface.
标准Servlet过滤器的代理,委托给一个实现了Filter接口的Spring管理的bean。
When using servlet filters, we obviously need to declare them as a filter-class in our Java-config or web.xml, otherwise, the servlet container will ignore them. Spring’s DelegatingFilterProxy provides the link between web.xml and the application context.
在使用servlet过滤器时,我们显然需要在Java-config或web.xml中把它们声明为过滤器类,否则,servlet容器会忽略它们。Spring的DelegatingFilterProxy提供了web.xml和应用程序上下文之间的联系。
2.1. Internal Working of DelegatingFilterProxy
2.1.DelegatingFilterProxy的内部工作
Let’s have a look at how DelegatingFilterProxy transfers control to our Spring bean.
让我们看看DelegatingFilterProxy如何将控制权转移到我们的Spring Bean。
During initialization, DelegatingFilterProxy fetches the filter-name and retrieves the bean with that name from Spring Application Context. This bean must be of Type javax.Servlet.Filter, i.e. a “normal” servlet filter. Incoming requests will then be passed to this filter bean.
在初始化期间,DelegatingFilterProxy会获取过滤器名称,并从Spring应用上下文中检索具有该名称的Bean。这个Bean必须是javax.Servlet.Filter类型,即一个 “正常 “的Servlet过滤器。然后,传入的请求将被传递给这个过滤器Bean。
In short, DelegatingFilterProxy’s doFilter() method will delegate all calls to a Spring bean, enabling us to use all Spring features within our filter bean.
简而言之,DelegatingFilterProxy的doFilter()方法将把所有调用委托给Spring Bean,使我们能够在我们的过滤器bean中使用所有Spring功能。
If we’re using Java-based configuration, our filter registration in ApplicationInitializer will be defined as:
如果我们使用基于Java的配置,我们在ApplicationInitializer中的过滤器注册将被定义为。
@Override
protected javax.servlet.Filter[] getServletFilters() {
DelegatingFilterProxy delegateFilterProxy = new DelegatingFilterProxy();
delegateFilterProxy.setTargetBeanName("applicationFilter");
return new Filter[]{delegateFilterProxy};
}If we use XML, then, in the web.xml file:
如果我们使用XML,那么,在web.xml文件中。
<filter>
<filter-name>applicationFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>This means that any request can be made to pass through the filter defined as Spring bean with the name applicationFilter.
这意味着任何请求都可以通过定义为Spring Bean的过滤器,名称为applicationFilter。
2.2. Need for DelegatingFilterProxy
2.2.对DelegatingFilterProxy的需求
DelegatingFilterProxy is a class in Spring’s Web module. It provides features for making HTTP calls pass through filters before reaching the actual destination. With the help of DelegatingFilterProxy, a class implementing the javax.Servlet.Filter interface can be wired into the filter chain.
DelegatingFilterProxy是Spring的Web模块中的一个类。它提供的功能是让HTTP调用在到达实际目的地之前通过过滤器。在DelegatingFilterProxy的帮助下,实现javax.Servlet.Filter接口的类可以被连接到过滤器链中。
As an example, Spring Security makes use of DelegatingFilterProxy to so it can take advantage of Spring’s dependency injection features and lifecycle interfaces for security filters.
例如,Spring Security使用了DelegatingFilterProxyto,因此它可以利用Spring的依赖注入功能和安全过滤器的生命周期接口。
DelegatingFilterProxy also leverages invoking specific or multiple filters as per Request URI paths by providing the configuration in Spring’s application context or in web.xml.
DelegatingFilterProxy还可以通过在Spring的应用上下文或web.xml.中提供配置,根据请求URI路径调用特定或多个过滤器。
3. Creating a Custom Filter
3.创建一个自定义过滤器
As described above, DelegatingFilterProxy is a servlet filter itself which delegates to a specific Spring-managed bean that implements the Filter Interface.
如上所述,DelegatingFilterProxy是一个servlet过滤器本身,它委托给实现Filter接口的特定Spring管理的bean。
In the next few sections, we’ll create a custom filter and configure it using Java & XML-based configuration.
在接下来的几节中,我们将创建一个自定义过滤器,并使用基于Java和XML的配置对其进行配置。
3.1. Filter Class
3.1.过滤器类
We’re going to create a simple filter that logs request information before the request proceeds further.
我们将创建一个简单的过滤器,在请求进一步进行之前记录请求信息。
Let’s first create a custom filter class:
让我们首先创建一个自定义过滤器类。
@Component("loggingFilter")
public class CustomFilter implements Filter {
private static Logger LOGGER = LoggerFactory.getLogger(CustomFilter.class);
@Override
public void init(FilterConfig config) throws ServletException {
// initialize something
}
@Override
public void doFilter(
ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
LOGGER.info("Request Info : " + req);
chain.doFilter(request, response);
}
@Override
public void destroy() {
// cleanup code, if necessary
}
}
CustomFilter implements javax.Servlet.Filter. This class has a @Component annotation to register as Spring bean in the application context. This way, the DelegatingFilterProxy class can find our filter class while initializing the filter chain.
CustomFilter实现了javax.Servlet.Filter。这个类有一个@Component注解,以便在应用上下文中注册为Spring Bean。这样,DelegatingFilterProxy类可以在初始化过滤器链时找到我们的过滤器类。
Note that the name of the Spring bean must be the same as the value in the filter-name provided during the registration of the custom filter in ApplicationInitializer class or in web.xml later because the DelegatingFilterProxy class will look for the filter bean with the exact same name in the application context.
注意Spring Bean的名称必须与在ApplicationInitializer类中或之后的web.xml中注册自定义过滤器时提供的filter-name中的值相同因为DelegatingFilterProxy类将在应用程序上下文中寻找具有完全相同名称的过滤器bean。
If it can’t find a bean with this name, it will raise an exception at application startup.
如果它找不到这个名字的Bean,它将在应用程序启动时引发一个异常。
3.2. Configuring the Filter via Java Configuration
3.2.通过Java配置来配置过滤器
To register a custom filter using Java configuration, we need to override the getServletFilters() method of AbstractAnnotationConfigDispatcherServletInitializer:
要使用Java配置注册一个自定义过滤器,我们需要覆盖getServletFilters()方法的AbstractAnnotationConfigDispatcherServletInitializer。
public class ApplicationInitializer
extends AbstractAnnotationConfigDispatcherServletInitializer {
// some other methods here
@Override
protected javax.servlet.Filter[] getServletFilters() {
DelegatingFilterProxy delegateFilterProxy = new DelegatingFilterProxy();
delegateFilterProxy.setTargetBeanName("loggingFilter");
return new Filter[]{delegateFilterProxy};
}
}3.3. Configuring the Filter via web.xml
3.3.通过web.xml配置过滤器
Let’s see how the filter configuration in web.xml looks like:
让我们看看web.xml中的过滤器配置是什么样子。
<filter>
<filter-name>loggingFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>loggingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>The filter-class argument is of type DelegatingFilterProxy and not the filter class we created. If we run this code and hit any URL, then doFilter() method of the CustomFilter will get executed and display the request info details in the log file.
filter-class参数的类型是DelegatingFilterProxy,而不是我们创建的过滤器类。如果我们运行这段代码并点击任何URL,那么CustomFilter的doFilter()方法将被执行并在日志文件中显示请求信息细节。
4. Conclusion
4.结论
In this article, we’ve covered how DelegatingFilterProxy works and how to use it.
在这篇文章中,我们已经介绍了DelegatingFilterProxy的工作原理以及如何使用它。
Spring Security make extensive use of DelegatingFilterProxy for securing the web API calls and resources from unauthorized access.
Spring Security广泛使用DelegatingFilterProxy,以确保Web API调用和资源的安全,防止未经授权的访问。
The source code is available over on GitHub.
源代码可在GitHub上获得,。