Spring MVC的DelegatingFilterProxy有什么意义？ [英] What's the point of Spring MVC's DelegatingFilterProxy?

问题描述

我在我的Spring MVC应用程序的 web.xml 中看到了这一点：

I see this in my Spring MVC app's web.xml:

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

我正在试图找出它为什么存在以及它是否真的需要。

I'm trying to figure out why it's there and whether it's actually needed.

我发现 Spring文档中的这个解释但它无助于我理解它：

I found this explanation in the Spring docs but it doesn't help me make sense of it:

似乎暗示这个组件是在 web.xml 中定义的servlet与Spring applicationContext.xml 中定义的组件之间的粘合剂。 / p>

It seems to suggest that this component is the "glue" between the servlets defined in web.xml and the components defined in the Spring applicationContext.xml.

7.1 DelegatingFilterProxy

7.1 DelegatingFilterProxy

使用servlet过滤器时，显然需要声明它们你的 web.xml ，或者servlet容器会忽略它们。在Spring Security中，过滤器类也是在应用程序上下文中定义的Spring bean，因此能够利用Spring丰富的依赖注入工具和生命周期接口。 Spring的 DelegatingFilterProxy 提供 web.xml 与应用程序上下文之间的链接。

When using servlet filters, you obviously need to declare them in your web.xml, or they will be ignored by the servlet container. In Spring Security, the filter classes are also Spring beans defined in the application context and thus able to take advantage of Spring's rich dependency-injection facilities and lifecycle interfaces. Spring's DelegatingFilterProxy provides the link between web.xml and the application context.

使用DelegatingFilterProxy时，您会在 web.xml 文件中看到类似的内容：

When using DelegatingFilterProxy, you will see something like this in the web.xml file:

<filter>
  <filter-name>myFilter</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
  <filter-name>myFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

请注意，过滤器实际上是 DelegatingFilterProxy ，而不是实际实现过滤器逻辑的类。什么 DelegatingFilterProxy 确实将Filter的方法委托给从Spring应用程序上下文中获取的bean。这使bean能够受益于Spring Web应用程序上下文生命周期支持和配置灵活性。 bean必须实现 javax.servlet.Filter ，并且它必须与filter-name元素中的名称相同。阅读 Javadoc for DelegatingFilterProxy 更多信息

Notice that the filter is actually a DelegatingFilterProxy, and not the class that will actually implement the logic of the filter. What DelegatingFilterProxy does is delegate the Filter's methods through to a bean which is obtained from the Spring application context. This enables the bean to benefit from the Spring web application context lifecycle support and configuration flexibility. The bean must implement javax.servlet.Filter and it must have the same name as that in the filter-name element. Read the Javadoc for DelegatingFilterProxy for more information

所以，如果我从我的 web.xml中取出，会发生什么？我的servlet将无法与Spring容器通信？**

So, if I take this out of my web.xml, what will happen? My servlets won't be able to communicate with the Spring container?**

推荐答案

这里有一些魔法，但是最后，一切都是确定性的程序。

There's some kind of magic here, but at the end, everything is a deterministic program.

DelegatingFilterProxy 是一个过滤器，如上所述，其目标是 委托实现Filter接口的Spring托管bean ，也就是说，它在Spring应用程序上下文中找到一个bean（目标bean或委托）并调用它。这怎么可能？因为这个bean实现了javax.servlet.Filter，所以调用它的doFilter方法。

The DelegatingFilterProxy is a Filter as it was explained above, whose goal is "delegating to a Spring-managed bean that implements the Filter interface", that is, it finds a bean ("target bean" or "delegate") in your Spring application context and invokes it. How is it possible? Because this bean implements javax.servlet.Filter, its doFilter method is called.

调用哪个bean？ DelegatingFilterProxy支持targetBeanName[...]，在Spring应用程序上下文中指定目标bean的名称。

Which bean is called? the DelegatingFilterProxy "Supports a "targetBeanName" [...], specifying the name of the target bean in the Spring application context."

正如您在Web中看到的那样。 xml bean的名称是 springSecurityFilterChain 。

As you saw in your web.xml that the bean's name is "springSecurityFilterChain".

因此，在Web应用程序的上下文中， Filter在您的应用程序上下文中实例化一个名为springSecurityFilterChain的bean，然后通过doFilter（）方法委托给它。

So, in the context of a web application, a Filter instantiates a bean called "springSecurityFilterChain" in your application context and then delegate to it via the doFilter() method.

请记住，您的应用程序上下文是使用所有应用程序定义的-CONTEXT（XML）文件。例如：applicationContext.xml AND applicationContext-security.xml。

Remember, your application context is defined with ALL THE APPLICATION-CONTEXT (XML) files. For instance: applicationContext.xml AND applicationContext-security.xml.

因此，尝试在后者中找到一个名为springSecurityFilterChain的bean 。 。

... 可能你不能（例如，如果您按照教程或使用Roo配置了安全性）

...and probably you can't (for instance if you followed a tutorial or if you configured the security using Roo)

这是神奇的：有一个用于配置安全性的新元素，类似于

<http auto-config="true" use-expressions="true"> 

因为 http://www.springframework.org/schema/security/spring-security-3.0.xsd ，可以解决问题。

当Spring使用XML文件加载应用程序上下文时，如果找到一个元素，它将尝试设置HTTP安全性，即过滤器堆栈和受保护的URL以及注册名为springSecurityFilterChain的FilterChainProxy。

When Spring loads the application context using XML files, if it finds a element, it will try to set up the HTTP security, that is, a filter stack and protected URLs and to register the FilterChainProxy named "springSecurityFilterChain".

或者，你可以用经典方式定义bean，即：

Alternatively, you can define the bean in the classic way, that is:

<beans:bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">

但它不太值得推荐，因为你需要进行大量的配置（所有过滤器都是你'重新开始使用。其中有十几个）

But it's less recommended, since you need to do a lot of configuration (all the filters that you're going to use. And there are more than a dozen of them)

这篇关于Spring MVC的DelegatingFilterProxy有什么意义？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！