编写Redkale的HttpServlet与 JSR 340中的javax.servlet.http.HttpServlet 基本相同,只需继承 org.redkale.net.http.HttpServlet, Redkale也提供了更友好的基类 org.redkale.net.http.HttpBaseServlet, 比较好的习惯是一个项目先定义一个项目级的BaseServlet类,这样方便以后加入类似javax.servlet.Filter的功能。
一个典型的BaseSerlvet实现:
public class BaseSerlvet extends org.redkale.net.http.HttpBaseServlet {
+ public class BaseSerlvet extends org.redkale.net.http.HttpBaseServlet {
protected final Logger logger = Logger.getLogger(this.getClass().getSimpleName());
@@ -69,35 +69,38 @@
//在调用authenticate之前调用, 返回false表示请求不合法
//该方法可以用于判断请求源是否合法或加入一些全局的拦截操作
@Override
- public boolean preExecute(final HttpRequest request, final HttpResponse response) throws IOException {
+ public void preExecute(final HttpRequest request, final HttpResponse response, HttpServlet next) throws IOException {
if (!request.getHeader("User-Agent", "").contains("Redkale-Agent")) { //只用移动APP的接口可以判断User-Agent是否正确
response.addHeader("retcode", "10001");
response.addHeader("retmessage", "User-Agent error");
response.finish(201, "{'success':false, 'message':'User-Agent error, must be Redkale-Agent'}");
- return false;
+ return;
}
//可以加上一些统计操作
if (fine) response.setRecycleListener((req, resp) -> { //记录处理时间太长的请求操作
long e = System.currentTimeMillis() - request.getCreatetime();
if (e > 500) logger.fine("耗时居然用了 " + e + " 毫秒. 请求为: " + req);
});
- return true;
+ next.execute(request, response);
}
//标记为@AuthIgnore 的方法将不会调用authenticate方法
//一般用于判断用户的登录态, 返回false表示鉴权失败
//moduleid值来自 @WebServlet.moduleid()用于定义模块ID; actionid值自来@WebMapping.actionid()用于定义操作ID; 需要系统化的鉴权需要定义这两个值
@Override
- public boolean authenticate(int moduleid, int actionid, HttpRequest request, HttpResponse response) throws IOException {
- UserInfo user = (UserInfo) request.getAttribute("_current_userinfo");
- if (user != null) return true; //已经判断过了
- String sessionid = request.getSessionid(false);
- if (sessionid == null) return false; //没有sessionid表示没有登录
- user = service.current(sessionid);
- if (user != null) request.setAttribute("_current_userinfo", user);
- return user != null; //存在用户表示登录态正常
+ public void authenticate(int moduleid, int actionid, HttpRequest request, HttpResponse response, HttpServlet next) throws IOException {
+ UserInfo info = currentUser(request);
+ if (info == null) {
+ response.finishJson(RetCodes.retResult(RetCodes.RET_USER_UNLOGIN));
+ return;
+ } else if (!info.checkAuth(module, actionid)) {
+ response.finishJson(RetCodes.retResult(RetCodes.RET_USER_AUTH_ILLEGAL));
+ return;
+ }
+ next.execute(request, response);
}
-}
+}
+ 继承HttpBaseServlet的子类可以使用其自带的鉴权、请求分支、缓存等功能, 一个典型的操作用户HttpServlet:
@WebServlet(value = {"/user/*"}, comment = "用户模块服务") //拦截所有 /user/ 开头的请求
@@ -582,6 +585,9 @@
//异步输出指定内容
public <A> void sendBody(ByteBuffer buffer, A attachment, AsyncHandler<Integer, A> handler);
+ //创建AsyncHandler实例,将非字符串对象以JSON格式输出,字符串以文本输出
+ public AsyncHandler createAsyncHandler();
+
//关闭HTTP连接,如果是keep-alive则不强制关闭
public void finish();
@@ -646,7 +652,6 @@
//HttpResponse回收时回调的监听方法
public void setRecycleListener(BiConsumer<HttpRequest, HttpResponse> recycleListener);
-
}
通常配置都需要编写一个 org.redkale.net.http.RestHttpServlet 子类,主要用于获取当前用户信息和鉴权,且必须指定具体的User对象类。开发者的实现类可以参考 redkale-demo 中的BaseServlet类,以下是一个简单的范例:
public class SimpleRestServlet extends RestHttpServlet<UserInfo> {
+ public class SimpleRestServlet extends RestHttpServlet<UserInfo> {
protected static final RetResult RET_UNLOGIN = RetCodes.retResult(RetCodes.RET_USER_UNLOGIN);
@@ -427,16 +427,16 @@
//普通鉴权
@Override
- public boolean authenticate(int module, int actionid, HttpRequest request, HttpResponse response) throws IOException {
+ public void authenticate(int module, int actionid, HttpRequest request, HttpResponse response, HttpServlet next) throws IOException {
UserInfo info = currentUser(request);
if (info == null) {
response.finishJson(RET_UNLOGIN);
- return false;
- } else if (!info.checkAuth(module, actionid)) {
+ return;
+ } else if (!info.checkAuth(module, actionid)) {
response.finishJson(RET_AUTHILLEGAL);
- return false;
+ return;
}
- return true;
+ next.execute(request, response);
}
}