当前位置: 文江博客话题详情

Struts 2 中的过滤器与拦截器

发布于 2024-09-10 05:09:33 字数 295 浏览 1 评论 0原文

过滤器和拦截器之间到底有什么区别?我意识到拦截器会在操作之前和之后递归地触发,并且过滤器可以配置为在操作和某些 url 模式上触发。但你怎么知道何时使用每一种呢?

在我正在阅读的关于 Struts 2 的书中,似乎拦截器正在被推送,我什至按照教程编写了一个身份验证拦截器来确保用户已登录。但是,如果用户尝试访问一个不存在的 URL,如果没有与之关联的操作,拦截器不会捕获它,这意味着我必须将一个操作与我想要保证安全的每个 jsp 关联起来。这似乎不对。

我可以创建一个处理 URL 的身份验证过滤器,这样我就不必这样做,但是拦截器有什么意义呢?

原文

What's the difference, really, between filters and interceptors? I realize that interceptors fire before and after an action, recursively, and filters can be configured to fire on actions and on certain url patterns. But how do you know when to use each one?

In the book I'm reading on Struts 2, it seems that interceptors are being pushed and I even followed a tutorial to write an Authentication Interceptor to make sure a user is logged in. However, if the user tries to access a URL that doesn't have an action associated with it, the interceptor doesn't catch it, which means I'd have to associate an action with every jsp that I want to be secure. That doesn't seem right.

I can make an Authentication Filter that handles URLs so that I don't have to do that, but then, what's the point of interceptors?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(6

治碍 2024-09-17 05:09:34

最显着的区别是“拦截器”是 Struts 2 框架的一部分,并且只是 Struts 2 框架完成的请求处理的一部分。另一方面,“过滤器”是 Servlet 规范的一部分;换句话说,它们是 Servlet API 的一部分。如果您使用的是 Struts 2,则应该使用拦截器来包装 Struts 2 操作的功能。如果您尝试围绕传入您的 web 应用程序的请求封装功能,但不由 Struts 2 处理,那么过滤器可能更合适。

顺便说一句,整个 Struts 2 框架部署在 Web 应用程序中配置的过滤器内,在 Web 应用程序的部署描述符 ( web.xml ) 中声明如下:

    <filter>
        <filter-name>struts2</filter-name>
        <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
    </filter>

     <filter-mapping>
        <filter-name>struts2</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

此过滤器配置为捕获所有请求 URL 模式,是整个 Struts 2 框架。

我希望这有帮助。

The most significant difference is that "interceptors" are a part of the Struts 2 framework, and are only part of the request handling that is done by the Struts 2 framework. "Filters" on the other hand are a part of the Servlet Specifcation; in other words, they are part of the Servlet API. If you are using Struts 2, you should use interceptors for wrapping functionality around your Struts 2 actions. If you are trying to wrap functionality around requests coming to your webapp, but not being handled by Struts 2, then a filter might be more appropriate.

BTW, the entire Struts 2 Framework is deployed inside a filter configured in your web app, declared in your webapp's deployment descriptor ( web.xml ) like:

    <filter>
        <filter-name>struts2</filter-name>
        <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
    </filter>

     <filter-mapping>
        <filter-name>struts2</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

This filter, which is configured to catch all requests URL patterns, is the entry point into the entire Struts 2 framework.

I hope that helps.

回复 原文
凌乱心跳 2024-09-17 05:09:34

拦截器堆栈会在每个请求时触发。
过滤器仅适用于为其定义的 url。

编辑——您可以根据需要使用其中之一。假设您需要验证每个请求都存在 cookie。使用拦截器。假设您需要根据某些请求(由 url 驱动)弹出外部应用程序,请使用过滤器。

我认为拦截器是更常用的工具...

为什么你会有一个没有关联操作的 url?

the interceptor stack fires on every request.
filters only apply to the urls for which they are defined.

edit -- you use one or the other depending on need. Lets say you need to verify a cookie is present for every request. User an interceptor. Lets say that you need to pop up an external app on some requests (driven by a url), use a filter.

I think interceptors are the more commonly used tool...

why would you have a url with no associated action?

回复 原文
你的背包 2024-09-17 05:09:34

什么是拦截器?

Struts 2框架使用拦截器的概念来通过不同的操作共享一些常见问题的解决方案。

正如我们所知,框架在提交请求时调用特定的 Action 对象。但在执行 Action 之前,调用会被其他对象拦截以提供所需的额外处理。

同样,Action执行后,可以再次拦截调用。这个拦截对象被称为Interceptor。

因此,使用Interceptor的目的是允许对控制器层进行更大的控制,并分离一些适用于多个动作的通用逻辑。

Struts 2框架已经提供了自己的一组拦截器,可以在应用程序中使用它们来在Action类执行之前和之后提供所需的处理。

其中之一是我将在这里讨论的“别名拦截器”。

别名拦截器:

别名拦截器用于操作链接的情况。动作链接是指一个动作在成功执行第一个动作后调用其他动作。

该拦截器将命名参数别名为不同的参数名称。在动作链中,当两个不同的动作类共享一个具有不同名称的公共参数时,此拦截器用于为第一个动作类的参数提供别名,该别名与第二个动作类中的参数名称相匹配。

action 的别名表达式应采用以下形式:

             #{ 'name1' : 'alias1' , 'name2' : 'alias2' }

What is Interceptor ?

The Struts 2 Framework uses the concept of Interceptors to share the solution for some common concerns by different actions.

As we know the framework invokes a particular Action object on the submssion of a request for it. But before executing of Action, the invocation is intercepted by some other object to provide additional processing required.

Similarly after the execution of Action, the invocation can be intercepted again. This intercepting object is known as Interceptor.

So the purpose of using Interceptor is to allow greater control over controller layer and separate some common logic that applies to multiple actions.

Struts 2 framework has already provided its own set of Interceptors which can be used in the application to provide required processing before and after the Action classs execution.

One of those is "Alias Interceptor" that I am going to discuss here.

Alias Interceptor:

Alias Interceptor is used in case of Action chaining. Action chaining means one Action calls other Action after successful execution of first action.

This interceptor aliases a named parameter to a different parameter name. In action chaining, when two different action classes share a common parameter with a different name, this Interceptor is used to give an alias name to a parmeter of first action class, which matches the parameter name in the second action class.

The alias expression of action should be in the form of :

             #{ 'name1' : 'alias1' , 'name2' : 'alias2' }
回复 原文
迟月 2024-09-17 05:09:34

根据 struts 2 生命周期/架构,在过滤器之前不会执行任何拦截器。因此,如果您的请求没有操作映射,那么它在通过过滤器时就会失败。

As per the struts 2 life cycle/architecture no interceptors are executed before filter. So if there is no action mapping for your request then it's failing in while passing through filter.

回复 原文
手心的海 2024-09-17 05:09:34

根据经验,

  • 过滤器在每个请求之前运行。 struts 本身就是一个过滤器。
  • 拦截器可以在struts操作之前、之后运行。如果请求不以 .action 结尾,它们将不会运行。

因此,过滤器的一些示例可能是:

  • 如果您想压缩 jscss 文件,您应该使用过滤器而不是拦截器。
  • 如果您只想某些 IP 地址访问您的网站,则必须将其开发为过滤器并检查请求 IP 地址。
  • 如果您想保护您的站点免受 CSRF 攻击,您必须编写一个过滤器来检查请求上的 CSRF 令牌。
  • 如果你想记录每个请求时间的站点响应,你可以使用过滤器来计算 chain.doFilter(request, response) 之前和之后的时间。

理论上,你可以开发一个 struts web 应用程序,而无需开发你的应用程序。拥有拦截器并仅使用过滤器。但是您将面临很多问题并编写锅炉过滤器。

许多 struts 2 功能都是使用拦截器构建的,您可以在 struts-default.xml 中找到它( https://struts.apache.org/docs/struts-defaultxml.html)该列表将有助于查找何时可以使用拦截器。 (例如 ParametersInterceptor 在操作之前运行,将提交的表单值应用于操作)

在使用拦截器时,您可以轻松访问 struts 功能,例如 getText从消息资源中,获取当前操作名称和名称空间,更改操作流程。

考虑到上面这里是一些可以通过拦截器开发的情况:

  • 如果您希望只有登录用户才能访问某些操作,则必须使用拦截器进行开发。
  • 如果您想跟踪用户正在导航哪些操作。您可以使用拦截器来跟踪访问的操作。
  • 如果你想在单点处理你的操作错误,你可以使用一个拦截器来捕获所有invoice.invoke()

拦截器为struts提供过滤器和责任链设计模式操作,而过滤器为您的整个 Web 应用程序提供此模式。

As a rule of thumb

  • Filters are run before each request. The struts itself is a filter.
  • interceptors can run before, after struts actions. They will not run if the request does not end with .action.

So, some example of filters could be:

  • If you want to compress your js and css files, you should go for filters not interceptors.
  • If you want only certain IP address access your web site you must develop it as filter and check request ip address.
  • If you want to safe your site against CSRF attack you must write a filter to check CSRF token on requests.
  • If you want to log your site response per request time, you can use a filter to calculate the time before and after chain.doFilter(request, response)

Theoretically you can develop an struts web application without developing your own interceptors and using filtersonly. But you will face lots problem and code boiler filters.

Lots of struts 2 features are build with interceptors, you can find it in struts-default.xml (https://struts.apache.org/docs/struts-defaultxml.html) the list will help to find when interceptors can be used. (For example ParametersInterceptor runs before actions to apply submited form values to actions)

While working with interceptors you can easily access struts features, for example getText from message resources, get current action name and name space, change the action flow.

Considering above here are some cases which can be developed by interceptors:

  • If you want that only logged in users can access certain actions, you must develop it with interceptors.
  • If you want to keep track which actions user is navigation. You can use an interceptor to keep track of visited actions.
  • If you want to handle your action errors in a single point, you can use an interceptor which catch all invocation.invoke()

The interceptors are providing the filter and Chain of Responsibility design pattern for struts actions, while filters provide this pattern to your whole web application.

回复 原文
傻比既视感 2024-09-17 05:09:34

Struts 2框架不依赖于Servlet API。
Struts 2 Action 不与容器耦合。大多数情况下,servlet 上下文被表示为简单的映射,从而允许单独测试操作。

Filter 是 Servlet API 的一部分,因此 Struts 2 Framework 使用拦截器的概念来通过不同的操作共享一些常见问题的解决方案。

您还可以轻松地为拦截器和操作类编写测试用例。

Struts 2 Framework is not dependent on Servlet API.
Struts 2 Actions are not coupled to a container. Most often the servlet contexts are represented as simple Maps, allowing Actions to be tested in isolation.

Filter is a part of Servlet API so Struts 2 Framework uses the concept of Interceptors to share the solution for some common concerns by different actions.

Also you can easily write test cases for Interceptor and Action class.

回复 原文
~没有更多了~

关于作者

月下凄凉

暂无简介

0 文章
0 评论
21 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

花开柳相依

文章 0 评论 0

zyhello

文章 0 评论 0

故友

文章 0 评论 0

对风讲故事

文章 0 评论 0

Oo萌小芽oO

文章 0 评论 0

梦明

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文