본문 바로가기
Back-end/JAVA

[JAVA] Spring으로 REST API 구현하기 (5) - Filter

by 허도치 2019. 12. 11.

2019/12/05 - [Back-end/JAVA] - [JAVA] Spring으로 REST API 구현하기 (1) - 프로젝트 생성 및 실행

2019/12/05 - [Back-end/JAVA] - [JAVA] Spring으로 REST API 구현하기 (2) - Interceptor

2019/12/05 - [Back-end/JAVA] - [JAVA] Spring으로 REST API 구현하기 (3) - Error Controller

2019/12/05 - [Back-end/JAVA] - [JAVA] Spring으로 REST API 구현하기 (4) - ControllerAdvice

 

 

  Spring Servlet에는 요청을 처리하기전 흐름을 제어할 수 있는 Filter, Interceptor, AOP가 있다. 그 중 가장 앞단에서 처리되는 Filter에 대해서 알아보도록하겠다.

 

1. Filter란?

   1-1. 요청이 들어왔을때 Dispatcher Servlet으로 넘어가기전 흐름을 제어.

   1-2. 주로 XXS방어, CORS 처리, RequestBody 파싱 등에 사용됨.

 

 

2. pom.xml 의존성 추가.

<dependency>
  <groupId>commons-io</groupId>
  <artifactId>commons-io</artifactId>
  <version>1.3.2</version>
</dependency>

 

3. com.dochi.prj.config.handlers.ReadReadableRequestBodyWrapper.java 추가.

package com.dochi.prj.config.handlers;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;

import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class ReadableRequestBodyWrapper extends HttpServletRequestWrapper {
    
    private Logger logger = LoggerFactory.getLogger(ReadableRequestBodyWrapper.class);
    
    private byte[] bytes = null;
    private String requestBody = null;

    public ReadableRequestBodyWrapper(HttpServletRequest request) throws IOException {
        super(request);
        InputStream is = super.getInputStream();
       
        this.bytes = IOUtils.toByteArray(is);
        this.requestBody = new String(this.bytes);
        
        logger.info(this.requestBody);
    }
    
    public String getRequestBody() {
        return this.requestBody;
    }
    
    @Override
    public ServletInputStream getInputStream() throws IOException {
        final ByteArrayInputStream bis = new ByteArrayInputStream(this.bytes);
        return new ServletImpl(bis);
    }
    
    class ServletImpl extends ServletInputStream {
        private InputStream is;
        public ServletImpl(InputStream bis) {
            this.is = bis;
        }
        @Override
        public int read() throws IOException {
            return this.is.read();
        }
        @Override
        public int read(byte[] b) throws IOException {
            return this.is.read(b);
        }
        @Override
        public boolean isFinished() {
            return false;
        }
        @Override
        public boolean isReady() {
            return false;
        }
        @Override
        public void setReadListener(ReadListener listener) {
        }
    }
}

 

4. com.dochi.prj.config.handlers.CommonFilter.java 추가.

package com.dochi.prj.config.handlers;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.tomcat.util.json.JSONParser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@Component
public class CommonFilter implements Filter {
    
    private Logger logger = LoggerFactory.getLogger(CommonFilter.class);
    
    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        
        logger.info("[filter]");

        HttpServletResponse httpResponse = (HttpServletResponse) response;
        httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
        httpResponse.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE");
        httpResponse.setHeader("Access-Control-Max-Age", "3600");
        httpResponse.setHeader("Access-Control-Allow-Headers", "x-requested-with, Content-Type");

        HttpServletRequest httpRequest = (HttpServletRequest) request;
        httpResponse.setHeader("Access-Control-Allow-Origin", "*");
        
        try {
            ReadableRequestBodyWrapper requestWrapper = new ReadableRequestBodyWrapper((HttpServletRequest) request);
            
            String requestBody = requestWrapper.getRequestBody();
            
            JSONParser parser = new JSONParser(requestBody);
            
            requestWrapper.setAttribute("requestBody", parser.object());
            
            chain.doFilter(requestWrapper, response);
        } catch ( Exception e ) {
            chain.doFilter(request, response);
        }
    }
}

 

5. com.dochi.prj.config.WebInitializer.java 추가.

package com.dochi.prj.config;

import javax.servlet.FilterRegistration;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;

import org.springframework.context.annotation.Configuration;
import org.springframework.web.WebApplicationInitializer;

import com.dochi.prj.config.handlers.CommonFilter;

@Configuration
public class WebInitializer implements WebApplicationInitializer {
    @Override
    public void onStartup(ServletContext servletContext) throws ServletException {
        FilterRegistration.Dynamic filter = servletContext.addFilter("commonFilter", CommonFilter.class);
        filter.addMappingForUrlPatterns(null, true, "/test/*");
    }
}

 

6. com.dochi.prj.config.interceptors.AuthInterceptor.java 수정.

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        String userSecretKey = null;
        
        if("POST".equals(request.getMethod())) {
            Map<String, Object> bodyMap = (Map<String, Object>)request.getAttribute("requestBody");
            
            request.setAttribute("test", "asdfasdfsf");
            
            logger.info("Pre Interceptor {}", bodyMap);
            
            if( bodyMap != null ) {
                userSecretKey = (String)bodyMap.get("secretKey");
            }
        } else {
            userSecretKey = request.getParameter("secretKey");
        }
        
        if( userSecretKey != null && userSecretKey.equals( secretKey ) ) {
            return true;
        } else {
            response.sendRedirect(request.getContextPath()+"err/invalid_secret_key");
            return false;
        }
    }

 

 

7. 마치며.

   - 이번 포스트는 예제를 직접 만들어서 데이터의 흐름을 확인해보지 않으면 쉽게 이해하기 어려울 수 있다.

   - Java는 소스가 길어서 하나하나 설명하기가 난해하다. 그래서 앞으로는 Javascript나 Python은 좀 더 자세히 정리하고 Java는 소스 위주로 정리하도록 하겠다.

   - Filter가 Pattern이나 setInitParameter가 적용되지 않아서 좀 더 자료를 찾아보고 있다. 

 

댓글