概述

Tomcat的类ApplicationFilterChain是一个Java Servlet API规范javax.servlet.FilterChain的实现,用于管理某个请求request的一组过滤器Filter的执行。当针对一个request所定义的一组过滤器Filter处理完该请求后,组后一个doFilter()调用才会执行目标Servlet的方法service(),然后响应对象response会按照相反的顺序依次被这些Filter处理,最终到达客户端。
事实上,一个Filter的逻辑可以被设计成既可以在目标servlet执行前执行,也可以在目标servlet执行之后执行,或者二者都有,甚至可以不执行目标servlet而是自己直接响应客户端。因此,在一个ApplicationFilterChain链执行到目标servlet实例的service()方法时,你可以认为此时所有Filter被设计在servlet执行之前执行的逻辑都执行完了,而所有Filter的被设计在servlet执行之后执行的逻辑都还尚未执行。

源代码分析

  1. /*
  2.  * 此源代码摘自Tomcat版本9
  3.  */
  4. public final class ApplicationFilterChain implements FilterChain {
  6.     // Used to enforce requirements of SRV.8.2 / SRV.14.2.5.1
  7.     private static final ThreadLocal<ServletRequest> lastServicedRequest;
  8.     private static final ThreadLocal<ServletResponse> lastServicedResponse;
  10.     static {
  11.         if (ApplicationDispatcher.WRAP_SAME_OBJECT) {
  12.             lastServicedRequest = new ThreadLocal<>();
  13.             lastServicedResponse = new ThreadLocal<>();
  14.         } else {
  15.             lastServicedRequest = null;
  16.             lastServicedResponse = null;
  17.         }
  18.     }
  20.     // -------------------------------------------------------------- Constants
  23.     public static final int INCREMENT = 10;
  26.     // ----------------------------------------------------- Instance Variables
  28.     /**
  29.      * Filters. 执行目标Servlet.service()方法前需要经历的过滤器Filter,初始化为0个元素的数组对象
  30.      */
  31.     private ApplicationFilterConfig[] filters = new ApplicationFilterConfig[0];
  34.     /**
  35.      * The int which is used to maintain the current position
  36.      * in the filter chain.
  37.      * 用于记录过滤器链中当前所执行的过滤器的位置,是当前过滤器在filters数组的下标,初始化为0
  38.      */
  39.     private int pos = 0;
  42.     /**
  43.      * The int which gives the current number of filters in the chain.
  44.      * 过滤器链中过滤器的个数(注意:并不是数组filters的长度),初始化为0,和filters数组的初始长度一致
  45.      */
  46.     private int n = 0;
  49.     /**
  50.      * The servlet instance to be executed by this chain.
  51.      * 该过滤器链执行完过滤器后最终要执行的目标Servlet
  52.      */
  53.     private Servlet servlet = null;
  56.     /**
  57.      * Does the associated servlet instance support async processing?
  58.      * 所关联的Servlet实例是否支持异步处理 ? 缺省为 false,表示缺省情况下不支持异步处理。
  59.      */
  60.     private boolean servletSupportsAsync = false;
  62.     /**
  63.      * The string manager for our package.
  64.      */
  65.     private static final StringManager sm =
  66.       StringManager.getManager(Constants.Package);
  69.     /**
  70.      * Static class array used when the SecurityManager is turned on and
  71.      * <code>doFilter</code> is invoked.
  72.      */
  73.     private static final Class<?>[] classType = new Class[]{
  74.         ServletRequest.class, ServletResponse.class, FilterChain.class};
  76.     /**
  77.      * Static class array used when the SecurityManager is turned on and
  78.      * <code>service</code> is invoked.
  79.      */
  80.     private static final Class<?>[] classTypeUsedInService = new Class[]{
  81.         ServletRequest.class, ServletResponse.class};
  84.     // ---------------------------------------------------- FilterChain Methods
  86.     /**
  87.      * Invoke the next filter in this chain, passing the specified request
  88.      * and response.  If there are no more filters in this chain, invoke
  89.      * the <code>service()</code> method of the servlet itself.
  90.      * 执行过滤器链中的下一个过滤器Filter。如果链中所有过滤器都执行过,
  91.      * 则调用servlet的service()方法。
  92.      *
  93.      * @param request The servlet request we are processing
  94.      * @param response The servlet response we are creating
  95.      *
  96.      * @exception IOException if an input/output error occurs
  97.      * @exception ServletException if a servlet exception occurs
  98.      */
  99.     @Override
  100.     public void doFilter(ServletRequest request, ServletResponse response)
  101.         throws IOException, ServletException {
  102.         // 下面的if-else分支主要是根据Globals.IS_SECURITY_ENABLED是true还是false决定
  103.         // 如何调用目标逻辑,但两种情况下,目标逻辑最终都是 internalDoFilter(req,res)
  104.         if( Globals.IS_SECURITY_ENABLED ) {
  105.             final ServletRequest req = request;
  106.             final ServletResponse res = response;
  107.             try {
  108.                 java.security.AccessController.doPrivileged(
  109.                     new java.security.PrivilegedExceptionAction<Void>() {
  110.                         @Override
  111.                         public Void run()
  112.                             throws ServletException, IOException {
  113.                             internalDoFilter(req,res);
  114.                             return null;
  115.                         }
  116.                     }
  117.                 );
  118.             } catch( PrivilegedActionException pe) {
  119.                 Exception e = pe.getException();
  120.                 if (e instanceof ServletException)
  121.                     throw (ServletException) e;
  122.                 else if (e instanceof IOException)
  123.                     throw (IOException) e;
  124.                 else if (e instanceof RuntimeException)
  125.                     throw (RuntimeException) e;
  126.                 else
  127.                     throw new ServletException(e.getMessage(), e);
  128.             }
  129.         } else {
  130.             internalDoFilter(request,response);
  131.         }
  132.     }
  134.     private void internalDoFilter(ServletRequest request,
  135.                                   ServletResponse response)
  136.         throws IOException, ServletException {
  138.         // Call the next filter if there is one
  139.         if (pos < n) {
  140.             ApplicationFilterConfig filterConfig = filters[pos++];
  141.             try {
  142.                 // 找到目标 Filter 对象
  143.                 Filter filter = filterConfig.getFilter();
  145.                 if (request.isAsyncSupported() && "false".equalsIgnoreCase(
  146.                         filterConfig.getFilterDef().getAsyncSupported())) {
  147.                     request.setAttribute(Globals.ASYNC_SUPPORTED_ATTR, Boolean.FALSE);
  148.                 }
  149.                 // 执行目标 Filter 对象的 doFilter方法,
  150.                 // 注意,这里当前ApplicationFilterChain对象被传递到了目标
  151.                 // Filter对象的doFilter方法,而目标Filter对象的doFilter在执行完自己
  152.                 // 被指定的逻辑之后会反过来调用这个ApplicationFilterChain对象的
  153.                 // doFilter方法,只是pos向前推进了一个过滤器。这个ApplicationFilterChain
  154.                 // 和Filter之间反复调用彼此doFilter方法的过程一直持续直到当前链发现所有的
  155.                 // Filter都已经被执行
  156.                 if( Globals.IS_SECURITY_ENABLED ) {
  157.                     final ServletRequest req = request;
  158.                     final ServletResponse res = response;
  159.                     Principal principal =
  160.                         ((HttpServletRequest) req).getUserPrincipal();
  162.                     Object[] args = new Object[]{req, res, this};
  163.                     SecurityUtil.doAsPrivilege ("doFilter", filter, classType, args, principal);
  164.                 } else {
  165.                     filter.doFilter(request, response, this);
  166.                 }
  167.             } catch (IOException | ServletException | RuntimeException e) {
  168.                 throw e;
  169.             } catch (Throwable e) {
  170.                 e = ExceptionUtils.unwrapInvocationTargetException(e);
  171.                 ExceptionUtils.handleThrowable(e);
  172.                 throw new ServletException(sm.getString("filterChain.filter"), e);
  173.             }
  174.             return;
  175.         }
  177.         // We fell off the end of the chain -- call the servlet instance
  178.         // 这里是过滤器链中所有的过滤器都已经被执行的情况,现在需要调用servlet实例本身了。
  179.         // !!! 注意 : 虽然这里开始调用servlet实例了,但是从当前方法执行堆栈可以看出,过滤器链
  180.         // 和链中过滤器的doFilter方法的执行帧还在堆栈中并未退出,他们会在servlet实例的逻辑
  181.         // 执行完后,分别执行完自己剩余的的逻辑才会逐一结束。
  182.         try {
  183.             if (ApplicationDispatcher.WRAP_SAME_OBJECT) {
  184.                 lastServicedRequest.set(request);
  185.                 lastServicedResponse.set(response);
  186.             }
  188.             if (request.isAsyncSupported() && !servletSupportsAsync) {
  189.                 request.setAttribute(Globals.ASYNC_SUPPORTED_ATTR,
  190.                         Boolean.FALSE);
  191.             }
  192.             // Use potentially wrapped request from this point
  193.             if ((request instanceof HttpServletRequest) &&
  194.                     (response instanceof HttpServletResponse) &&
  195.                     Globals.IS_SECURITY_ENABLED ) {
  196.                 final ServletRequest req = request;
  197.                 final ServletResponse res = response;
  198.                 Principal principal =
  199.                     ((HttpServletRequest) req).getUserPrincipal();
  200.                 Object[] args = new Object[]{req, res};
  201.                 SecurityUtil.doAsPrivilege("service",
  202.                                            servlet,
  203.                                            classTypeUsedInService,
  204.                                            args,
  205.                                            principal);
  206.             } else {
  207.                 servlet.service(request, response);
  208.             }
  209.         } catch (IOException | ServletException | RuntimeException e) {
  210.             throw e;
  211.         } catch (Throwable e) {
  212.             e = ExceptionUtils.unwrapInvocationTargetException(e);
  213.             ExceptionUtils.handleThrowable(e);
  214.             throw new ServletException(sm.getString("filterChain.servlet"), e);
  215.         } finally {
  216.             if (ApplicationDispatcher.WRAP_SAME_OBJECT) {
  217.                 lastServicedRequest.set(null);
  218.                 lastServicedResponse.set(null);
  219.             }
  220.         }
  221.     }
  224.     /**
  225.      * The last request passed to a servlet for servicing from the current
  226.      * thread.
  227.      *
  228.      * @return The last request to be serviced.
  229.      */
  230.     public static ServletRequest getLastServicedRequest() {
  231.         return lastServicedRequest.get();
  232.     }
  235.     /**
  236.      * The last response passed to a servlet for servicing from the current
  237.      * thread.
  238.      *
  239.      * @return The last response to be serviced.
  240.      */
  241.     public static ServletResponse getLastServicedResponse() {
  242.         return lastServicedResponse.get();
  243.     }
  246.     // -------------------------------------------------------- Package Methods
  248.     /**
  249.      * Add a filter to the set of filters that will be executed in this chain.
  250.      * 往当前要执行的过滤器链的过滤器集合filters中增加一个过滤器
  251.      * @param filterConfig The FilterConfig for the servlet to be executed
  252.      */
  253.     void addFilter(ApplicationFilterConfig filterConfig) {
  255.         // Prevent the same filter being added multiple times
  256.           //去重处理,如果已经添加进来则避免二次添加
  257.         for(ApplicationFilterConfig filter:filters)
  258.             if(filter==filterConfig)
  259.                 return;
  261.         if (n == filters.length) {
  262.           // !!! 请注意:每次需要扩容时并不是增加一个元素空间,而是增加INCREMENT(默认是10)个,
  263.             // 这个行为的结果是filters数组的长度和数组中过滤器的个数n并不相等
  264.             ApplicationFilterConfig[] newFilters =
  265.                 new ApplicationFilterConfig[n + INCREMENT];
  266.             System.arraycopy(filters, 0, newFilters, 0, n);
  267.             filters = newFilters;
  268.         }
  269.         filters[n++] = filterConfig;
  271.     }
  274.     /**
  275.      * Release references to the filters and wrapper executed by this chain.
  276.      */
  277.     void release() {
  278.         for (int i = 0; i < n; i++) {
  279.             filters[i] = null;
  280.         }
  281.         n = 0;
  282.         pos = 0;
  283.         servlet = null;
  284.         servletSupportsAsync = false;
  285.     }
  288.     /**
  289.      * Prepare for reuse of the filters and wrapper executed by this chain.
  290.      */
  291.     void reuse() {
  292.         pos = 0;
  293.     }
  296.     /**
  297.      * Set the servlet that will be executed at the end of this chain.
  298.      *
  299.      * @param servlet The Wrapper for the servlet to be executed
  300.      */
  301.     void setServlet(Servlet servlet) {
  302.         this.servlet = servlet;
  303.     }
  306.     void setServletSupportsAsync(boolean servletSupportsAsync) {
  307.         this.servletSupportsAsync = servletSupportsAsync;
  308.     }
  311.     /**
  312.      * Identifies the Filters, if any, in this FilterChain that do not support
  313.      * async.
  314.      *
  315.      * @param result The Set to which the fully qualified class names of each
  316.      *               Filter in this FilterChain that does not support async will
  317.      *               be added
  318.      */
  319.     public void findNonAsyncFilters(Set<String> result) {
  320.         for (int i = 0; i < n ; i++) {
  321.             ApplicationFilterConfig filter = filters[i];
  322.             if ("false".equalsIgnoreCase(filter.getFilterDef().getAsyncSupported())) {
  323.                 result.add(filter.getFilterClass());
  324.             }
  325.         }
  326.     }
  327. }