1.@ServletComponentScan用法
在 Spring Boot启动类上使用@ServletComponentScan 注解后,使用@WebServlet、@WebFilter、@WebListener标记的 Servlet、Filter、Listener 就可以自动注册到Servlet容器中,无需其他代码。
2.错误用法示例:
package cn.rivamed.um.filter; import cn.rivamed.common.exception.ExeceptionDto; import cn.rivamed.common.util.Constants; import cn.rivamed.entity.AccessToken; import cn.rivamed.framework.common.BaseConstants; import cn.rivamed.framework.common.config.PropertiesBean; import cn.rivamed.service.OauthService; import cn.rivamed.um.common.TokenUtils; import com.alibaba.fastjson.JSONObject; import com.alibaba.fastjson.serializer.SerializerFeature; import org.springframework.boot.web.servlet.ServletComponentScan; import org.springframework.stereotype.Component; import javax.annotation.Resource; import javax.servlet.*; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.io.OutputStream; @Component @ServletComponentScan @WebFilter() public class LoginFilter implements Filter { @Resource private OauthService oauthService; @Resource private TokenUtils tokenUtils; private String[] ignoreUrls = null; // 刷新患者的地址 private static final String IGNORE_URL = PropertiesBean.getInstance() .getProperty("rivamed.security.cas.app-pattern.ignoring"); @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletResponse response2 = (HttpServletResponse) response; response2.setHeader("Access-Control-Allow-Origin","*"); response2.setHeader("Access-Control-Allow-Credentials", "true"); response2.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE"); response2.setHeader("Access-Control-Max-Age", "5000"); response2.setHeader("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since," + " Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,Authorization,Token,tokenId,tokenid"); HttpServletRequest request2 = (HttpServletRequest) request; String tokenId = request2.getHeader("tokenId"); for (String ignoreUrl : ignoreUrls) { if (request2.getRequestURI().contains(ignoreUrl)) { chain.doFilter(request, response2); return; } } // Long startTime=System.currentTimeMillis(); AccessToken token = oauthService.findAccessToken(tokenId); // Long endTime=System.currentTimeMillis(); // System.out.println(request2.getRequestURI()+"获取token用时---used time---"+(endTime-startTime)); if (null != token) { if (token.tokenExpired() && token.refreshTokenExpired()) { writeResponse(response2, Constants.LOGIN_EXPIRED); return; } if (token.tokenExpired() && !token.refreshTokenExpired()) { writeResponse(response2, Constants.TOKEN_EXPIRED); return; } else { tokenUtils.initRequestUserInfo(token); chain.doFilter(request, response2); } } else { writeResponse(response2, Constants.LOGIN_EXPIRED); return; } } private void writeResponse(ServletResponse response, String status) throws IOException { HttpServletResponse response2 = (HttpServletResponse) response; OutputStream outputStream = response2.getOutputStream();// 获取 ExeceptionDto dto = new ExeceptionDto(); dto.setOpFlg(status); dto.setOperateSuccess(BaseConstants.OPERATE_FAIL); response2.setHeader("content-type", "application/json;charset=UTF-8");// 通过设置响应头控制浏览器以UTF-8的编码显示数据,如果不加这句话,那么浏览器显示的将是乱码 byte[] bs = JSONObject.toJSONBytes(dto, SerializerFeature.EMPTY); outputStream.write(bs);// 使用OutputStream流向客户端输出字节数组 } @Override public void init(FilterConfig filterConfig) throws ServletException { ignoreUrls = IGNORE_URL.split(","); } @Override public void destroy() { } }
@Component、@ServletComponentScan、@WebFilter()这三个注解连用会导致doFilter方法执行两次,解决方法就是将@ServletComponentScan注解去掉,这个注解不是在这里的!