當(dāng)前位置:首頁 > IT技術(shù) > 數(shù)據(jù)庫 > 正文

Shiro系列教程 AccessControlFilter源碼分析
2022-02-14 10:37:31


AccessControlFilter是shiro-web模塊當(dāng)中比較重要的類,所有的攔截器都繼承此類,分析此類源碼對應(yīng)使用其它的filter有很大的幫助。

下圖是shiro-web 提供的filter,每種filter都對應(yīng)了不同的權(quán)限攔截規(guī)則,本文主要分析AccessControlFilter。

Shiro系列教程 AccessControlFilter源碼分析_sed


AccessControlFilter的繼承關(guān)系

Shiro系列教程 AccessControlFilter源碼分析_sed_02


ServletContextSupport 源碼比較簡單不做分析。


AbstractFilter源碼分析


public abstract class AbstractFilter extends ServletContextSupport implements Filter {

private static transient final Logger log = LoggerFactory.getLogger(AbstractFilter.class);


protected FilterConfig filterConfig;


public FilterConfig getFilterConfig() {
return filterConfig;
}


public void setFilterConfig(FilterConfig filterConfig) {
this.filterConfig = filterConfig;
setServletContext(filterConfig.getServletContext());
}

//獲取filter的配置參數(shù)
protected String getInitParam(String paramName) {
FilterConfig config = getFilterConfig();
if (config != null) {
return StringUtils.clean(config.getInitParameter(paramName));
}
return null;
}

//filter初始化方法
public final void init(FilterConfig filterConfig) throws ServletException {
//設(shè)置配置信息對象FilterConfig
setFilterConfig(filterConfig);
try {
//初始化完畢后回調(diào)
onFilterConfigSet();
} catch (Exception e) {
if (e instanceof ServletException) {
throw (ServletException) e;
} else {
if (log.isErrorEnabled()) {
log.error("Unable to start Filter: [" + e.getMessage() + "].", e);
}
throw new ServletException(e);
}
}
}


protected void onFilterConfigSet() throws Exception {
}

}

NameableFilter源碼分析





public abstract class NameableFilter extends AbstractFilter implements Nameable {


//給filter加了名字
private String name;

//獲取名字
protected String getName() {
//如果為空則返回web.xml filter-name的值
if (this.name == null) {
FilterConfig config = getFilterConfig();
if (config != null) {
this.name = config.getFilterName();
}
}

return this.name;
}

public void setName(String name) {
this.name = name;
}

protected StringBuilder toStringBuilder() {
String name = getName();
if (name == null) {
return super.toStringBuilder();
} else {
StringBuilder sb = new StringBuilder();
sb.append(name);
return sb;
}
}

}






OncePerRequestFilter類源碼分析


public abstract class OncePerRequestFilter extends NameableFilter {

//后綴
public static final String ALREADY_FILTERED_SUFFIX = ".FILTERED";

//是允許此filter處理
private boolean enabled = true; //most filters wish to execute when configured, so default to true

public boolean isEnabled() {
return enabled;
}

public void setEnabled(boolean enabled) {
this.enabled = enabled;
}


public final void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
//獲得一個(gè)key用來標(biāo)識(shí)當(dāng)前request(請求)已經(jīng)執(zhí)行過一次doFilterInternal
String alreadyFilteredAttributeName = getAlreadyFilteredAttributeName();

//判斷是否已經(jīng)執(zhí)行過doFilterInternal
if ( request.getAttribute(alreadyFilteredAttributeName) != null ) {
log.trace("Filter '{}' already executed. Proceeding without invoking this filter.", getName());
//跳過當(dāng)前filter的處理,直接走后續(xù)邏輯(說白了就是脫離shiro的處理)
filterChain.doFilter(request, response);
} else //noinspection deprecation
//判斷是否允許執(zhí)行doFilterInternal 默認(rèn)是允許的,不走下面的邏輯
if (/* added in 1.2: */ !isEnabled(request, response) ||
/* retain backwards compatibility: */ shouldNotFilter(request) ) {
log.debug("Filter '{}' is not enabled for the current request. Proceeding without invoking this filter.",
getName());
filterChain.doFilter(request, response);
} else {
// Do invoke this filter...

log.trace("Filter '{}' not yet executed. Executing now.", getName());
//設(shè)置標(biāo)識(shí)
request.setAttribute(alreadyFilteredAttributeName, Boolean.TRUE);

//執(zhí)行doFilterInternal邏輯,該方法由子類重寫來執(zhí)行具體的shiro邏輯
try {
doFilterInternal(request, response, filterChain);
} finally {
// Once the request has finished, we're done and we don't
// need to mark as 'already filtered' any more.
request.removeAttribute(alreadyFilteredAttributeName);
}
}
}


@SuppressWarnings({"UnusedParameters"})
protected boolean isEnabled(ServletRequest request, ServletResponse response) throws ServletException, IOException {
return isEnabled();
}

protected String getAlreadyFilteredAttributeName() {
String name = getName();
if (name == null) {
name = getClass().getName();
}
//名稱加上后綴
return name + ALREADY_FILTERED_SUFFIX;
}


@Deprecated
@SuppressWarnings({"UnusedDeclaration"})
protected boolean shouldNotFilter(ServletRequest request) throws ServletException {
return false;
}

//由子類重寫,這個(gè)方法最多被執(zhí)行一次
protected abstract void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain chain)
throws ServletException, IOException;
}






AdviceFilter類源碼fe


//一個(gè)AOP的類,在執(zhí)行chain.doFilter(request, response); 添加了前置 后置 最終三個(gè)環(huán)繞方法.
public abstract class AdviceFilter extends OncePerRequestFilter {


//AOP方法
protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
return true;
}


//AOP方法
@SuppressWarnings({"UnusedDeclaration"})
protected void postHandle(ServletRequest request, ServletResponse response) throws Exception {
}


AOP方法
@SuppressWarnings({"UnusedDeclaration"})
public void afterCompletion(ServletRequest request, ServletResponse response, Exception exception) throws Exception {
}


protected void executeChain(ServletRequest request, ServletResponse response, FilterChain chain) throws Exception {
chain.doFilter(request, response);
}

public void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain chain)
throws ServletException, IOException {

Exception exception = null;

try {

//執(zhí)行前置AOP方法 根據(jù)返回值continueChain覺得是否繼續(xù)執(zhí)行chain.doFilter(request, response);
boolean continueChain = preHandle(request, response);
if (log.isTraceEnabled()) {
log.trace("Invoked preHandle method. Continuing chain?: [" + continueChain + "]");
}

//如果preHandle返回true則執(zhí)行
if (continueChain) {
executeChain(request, response, chain);
}

//如果不出異常則執(zhí)行postHandle
postHandle(request, response);
if (log.isTraceEnabled()) {
log.trace("Successfully invoked postHandle method");
}

} catch (Exception e) {
exception = e;
} finally {
//異常與否都在最后執(zhí)行
cleanup(request, response, exception);
}
}

protected void cleanup(ServletRequest request, ServletResponse response, Exception existing)
throws ServletException, IOException {
Exception exception = existing;
try {
//AOP方法
afterCompletion(request, response, exception);
if (log.isTraceEnabled()) {
log.trace("Successfully invoked afterCompletion method.");
}
} catch (Exception e) {
if (exception == null) {
exception = e;
} else {
log.debug("afterCompletion implementation threw an exception. This will be ignored to " +
"allow the original source exception to be propagated.", e);
}
}
//如果executeChain方法出現(xiàn)異常則在這里拋出
if (exception != null) {
if (exception instanceof ServletException) {
throw (ServletException) exception;
} else if (exception instanceof IOException) {
throw (IOException) exception;
} else {
if (log.isDebugEnabled()) {
String msg = "Filter execution resulted in an unexpected Exception " +
"(not IOException or ServletException as the Filter API recommends). " +
"Wrapping in ServletException and propagating.";
log.debug(msg);
}
throw new ServletException(exception);
}
}
}
}


PathMatchingFilter類源碼分析



public abstract class PathMatchingFilter extends AdviceFilter implements PathConfigProcessor {

//路徑匹配器
//匹配規(guī)則http://blog.csdn.net/nimasike/article/details/70739982
protected PatternMatcher pathMatcher = new AntPathMatcher();

//這里存的內(nèi)容是 例如:
// /login.jsp [anon]
// /index.jsp [bar, baz]
protected Map<String, Object> appliedPaths = new LinkedHashMap<String, Object>();

//假設(shè)你的配置是 /user/** = user, roles[admin, foo]
//如果這個(gè)類是roles path為/user/** config為admin, foo
//如果這個(gè)類是user path為/user/** config為null
public Filter processPathConfig(String path, String config) {
String[] values = null;
if (config != null) {
values = split(config);
}

this.appliedPaths.put(path, values);
return this;
}


//獲得請求路徑
//假設(shè)請求http://localhost/index.jsp?id=18
//則返回值為/index.jsp
protected String getPathWithinApplication(ServletRequest request) {
return WebUtils.getPathWithinApplication(WebUtils.toHttp(request));
}

//請求路徑與path匹配
protected boolean pathsMatch(String path, ServletRequest request) {
String requestURI = getPathWithinApplication(request);
log.trace("Attempting to match pattern '{}' with current requestURI '{}'...", path, requestURI);
return pathsMatch(path, requestURI);
}


protected boolean pathsMatch(String pattern, String path) {
return pathMatcher.matches(pattern, path);
}


//這個(gè)方法返回false則請求會(huì)被中斷
protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {

if (this.appliedPaths == null || this.appliedPaths.isEmpty()) {
if (log.isTraceEnabled()) {
log.trace("appliedPaths property is null or empty. This Filter will passthrough immediately.");
}
return true;
}

//首先進(jìn)行路徑匹配
for (String path : this.appliedPaths.keySet()) {
// If the path does match, then pass on to the subclass implementation for specific checks
//(first match 'wins'):
if (pathsMatch(path, request)) {
//匹配到路徑執(zhí)行isFilterChainContinued
log.trace("Current requestURI matches pattern '{}'. Determining filter chain execution...", path);
Object config = this.appliedPaths.get(path);
return isFilterChainContinued(request, response, path, config);
}
}

//如果沒有匹配允許執(zhí)行
return true;
}


@SuppressWarnings({"JavaDoc"})
private boolean isFilterChainContinued(ServletRequest request, ServletResponse response,
String path, Object pathConfig) throws Exception {

//這里判斷是否允許shiro執(zhí)行 默認(rèn)允許
if (isEnabled(request, response, path, pathConfig)) { //isEnabled check added in 1.2
if (log.isTraceEnabled()) {
log.trace("Filter '{}' is enabled for the current request under path '{}' with config [{}]. " +
"Delegating to subclass implementation for 'onPreHandle' check.",
new Object[]{getName(), path, pathConfig});
}
//則執(zhí)行onPreHandle,根據(jù)返回值來決定是否繼續(xù)允許執(zhí)行后續(xù)的filter
//所有shiro-fiter都會(huì)重寫此方法,如果返回false 則請求會(huì)被中斷
return onPreHandle(request, response, pathConfig);
}

if (log.isTraceEnabled()) {
log.trace("Filter '{}' is disabled for the current request under path '{}' with config [{}]. " +
"The next element in the FilterChain will be called immediately.",
new Object[]{getName(), path, pathConfig});
}

return true;
}


protected boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
return true;
}


@SuppressWarnings({"UnusedParameters"})
protected boolean isEnabled(ServletRequest request, ServletResponse response, String path, Object mappedValue)
throws Exception {
return isEnabled(request, response);
}
}



AccessControlFilter類源碼

public abstract class AccessControlFilter extends PathMatchingFilter {

//默認(rèn)登錄頁
public static final String DEFAULT_LOGIN_URL = "/login.jsp";

public static final String GET_METHOD = "GET";

public static final String POST_METHOD = "POST";

private String loginUrl = DEFAULT_LOGIN_URL;

public String getLoginUrl() {
return loginUrl;
}

public void setLoginUrl(String loginUrl) {
this.loginUrl = loginUrl;
}

protected Subject getSubject(ServletRequest request, ServletResponse response) {
return SecurityUtils.getSubject();
}

//子類根據(jù)業(yè)務(wù)規(guī)則覺得是否中斷請求
protected abstract boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception;

protected boolean onAccessDenied(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
return onAccessDenied(request, response);
}

protected abstract boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception;

//這里調(diào)用的isAccessAllowed
public boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
return isAccessAllowed(request, response, mappedValue) || onAccessDenied(request, response, mappedValue);
}

protected boolean isLoginRequest(ServletRequest request, ServletResponse response) {
return pathsMatch(getLoginUrl(), request);
}

//保存請求路徑調(diào)轉(zhuǎn)到登錄頁面
protected void saveRequestAndRedirectToLogin(ServletRequest request, ServletResponse response) throws IOException {
saveRequest(request);
redirectToLogin(request, response);
}

//保存請求路徑
protected void saveRequest(ServletRequest request) {
WebUtils.saveRequest(request);
}

//跳轉(zhuǎn)到登錄頁
protected void redirectToLogin(ServletRequest request, ServletResponse response) throws IOException {
String loginUrl = getLoginUrl();
WebUtils.issueRedirect(request, response, loginUrl);
}

}



技術(shù)交流群:212320390






本文摘自 :https://blog.51cto.com/u

開通會(huì)員,享受整站包年服務(wù)立即開通 >