Servlet过滤器和Jersey过滤器有什么区别? [英] What is the difference between a Servlet filter and a Jersey filter?
问题描述
我阅读了很多教程,但我不了解Servlet过滤器和Jersey过滤器之间的区别.谁能向我解释差异?
I read a lot of tutorials but I don't understand what the differences are between Servlet filters and Jersey filters. Can anyone explain the differences to me?
推荐答案
在Servlet容器中,您有Servlet,并且有Servlet过滤器.通常,Servlet处理请求的处理,而Servlet Filter处理请求的后处理.因此,请求流看起来像
In a Servlet container, you have Servlets and you have Servlet Filters. Generally, the Servlets handle processing of the request, and the Servlet Filter handles pre an post processing of the request. So a request flow looks like
Request --> Filter --> Servlet --> Filter --> Response
Jersey应用程序被实现为Servlet 1 .因此,在上述流程中,只需替换"Servlet"即可.泽西岛.
The Jersey application is implemented as a Servlet1. So in the above flow, just replace "Servlet" with Jersey.
Request --> Filter --> Jersey-Servlet --> Filter --> Response
Jersey还具有自己的过滤器,即ContainerRequestFilter
和ContainerResponseFilter
.仅在Jersey应用程序的上下文中,它们具有与Servlet筛选器相同的目的.它们用于预处理和后处理.下面的流程在Jersey请求中.
Jersey also has its own filters, namely ContainerRequestFilter
and ContainerResponseFilter
. They serve the same same purpose as the Servlet Filter, just in the context of a Jersey application; they are for pre-processing and post-processing. The below flow is inside of a Jersey request.
Req --> ContainerRequestFilter --> Resource --> ContainerResponseFilter --> Res
因此,这些过滤器在请求的预处理和后处理中具有相同的目的.主要区别在于它们的连接级别. Servlet过滤器在servlet级别绑定,而Jersey过滤器在Jersey级别绑定.
So these filters serve the same purpose, pre and post processing of the request. The major difference is the level in which they are connected. Servlet filters are tied at the servlet level, while Jersey filters are tied at the Jersey level.
它取决于您何时调用它以及需要访问哪些信息.以安全为例.考虑保护应用程序安全时,您可能希望安全门尽可能远离数据.因此,您可以使用Servlet过滤器实现安全性.但是您需要只能在Jersey应用程序中获取的信息.然后,您将需要使用Jersey过滤器;例如,您需要知道调用哪个资源方法.您只能从Jersey过滤器内的ResourceInfo
获取此信息
Well it depends on when you want it called and what information you need access to. Take security for example. When thinking about securing your application, you might want your security gates as far from the data as possible. So you might implement your security using Servlet filters. But you need information that can only be obtained inside the Jersey application. Then you would need to use the Jersey filters; for example, you need to know which resource method is called. You could only get this information from the ResourceInfo
inside a Jersey filter
class MyResource {
@RolesAllowed("ADMIN")
public Response get() {}
}
class AuthorizationFilter implements ContainerRequestFilter {
@Context
private ResourceInfo resourceInfo;
@Override
public void filter(ContainerRequestContext request) {
Method method = resourceInfo.getResourceMethod();
RolesAllowed rolesAllowed = method.getAnnotation(RolesAllowed.class);
}
}
您无法在Servlet过滤器中执行上述操作.此信息只能从Jersey应用程序的上下文中访问.也许您可能想在Servlet过滤器中处理 authentication ,然后在进行身份验证之后,将结果存储在HttpServletRequest
属性中.然后,在授权中,您可以在Jersey级别进行处理,如上所示.您可以将HttpServletRequest
注入Jersey过滤器,并从那里获取属性.
You couldn't do the above in a Servlet filter. This information is only accessible from the context of a Jersey application. Maybe you might want to handle the authentication in a Servlet Filter, and after authentication, store the results in the HttpServletRequest
attributes. Then in the authorization, you could take care of it at the Jersey level, as shown above. You could inject the HttpServletRequest
into the Jersey filter, and get the attributes from there.
这只是一个例子.有很多用例.您只需决定要实现哪种过滤器类型,哪种才是最适合您的应用程序的.在大多数情况下,您可以使用Jersey过滤器,但是有时您需要尽可能早地在请求中进行过滤,以便在请求中尽早被调用,在这种情况下,您可能希望使用Servlet过滤器.在其他情况下,您需要访问只能在Jersey应用程序中获取的信息.为此,您应该使用Jersey过滤器.
This is just an example. There are so many use cases. You just need to decide what would be the best for your application, as far as which filter type to implement. Most of the time you could get away with using a Jersey filter, but sometimes you need to filter to be called as early in the request as possible, in which case you might want to use the Servlet Filter. And in other cases, you need access to information that can only be obtained inside a Jersey application. For this, you should use a Jersey filter.
1.也可以将Jersey应用程序配置为作为Servlet过滤器而不是Servlet运行.我相信他们提供此选项的原因是,某些Jersey功能需要一些仅在过滤器中提供的功能.
这篇关于Servlet过滤器和Jersey过滤器有什么区别?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!