浅谈SpringMVC HandlerInterceptor诡异问题排查

网友投稿 249 2023-01-06


浅谈SpringMVC HandlerInterceptor诡异问题排查

发现问题

最近在进行压测发现,有一些接口时好时坏,通过sentry日志平台及sky walking平台跟踪发现,用户张三获取到的用户上下文确是李四。

代码走读

用户登录下上文

/**

* 用户登录下上文

*

* @author : jamesfu

* @date : 22/5/2019

* @time : 9:18 AM

*/

@Data

public class UserContext {

private final static ThreadLocal threadLocal = new ThreadLocal<>();

private Long id;

private String loginName;

public static UserContext get() {

UserContext context = threadLocal.get();

if (context == null) {

// TODO(james.h.fu):根据请求上下文获取token, 然后恢复用户登录下上文

context = new UserContext() {{

setId(1L);

setLoginName("james.h.fu1");

}};

threadLocal.set(context);

}

return context;

}

public static void clear() {

threadLocal.remove();

}

public static void set(UserContext context) {

if (context != null) {

threadLocal.set(context);

}

}

}

在拦截器中有调用UserContext.set恢复用户登录上下文,并在请求结束时调用UserContext.clear清理用户登录上下文。

拦截器注册配置

/**

* 拦截器注册配置

*

* @author : jamesfu

* @date : 22/5/2019

* @time : 9:15 AM

*/

@Configuration

public class FilterConfig implements WebMvcConfigurer {

@Autowired

private jsonRpcInterceptor jsonRpcInterceptor;

@Override

public void addInterceptors(InterceptorRegistry registry) {

registry.addInterceptor(jsonRpcInterceptor)

.addPathPatterns("/json.rpc");

}

}

通过debug可以发现UserContext中的ThreadLocal的清理工作没有得到执行。导致请求进来时,有可能ThreadLocal已存在了,就不会再根据请求上下文恢复了。

springmvc 源码走读

tomcat 在收到http请求后,最终会交由spring mvc的 DispatcherServlet 处理。 这里可以从doDispatch按图索骥,顺藤摸瓜地往下看起走。

源码走读:DispatcherServlet

/**

* Process the actual dispatching to the handler.

*

The handler will be obtained by applying the servlet's HandlerMappings in order.

* The HandlerAdapter will be obtained by querying the servlet's installed HandlerAdapters

* to find the first that supports the handler class.

*

All HTTP methods are handled by this method. It's up to HandlerAdapters or handlers

* themselves to decide which methods are acceptable.

* @param request current HTTP request

* @param response current HTTP response

* @throws Exception in case of any kind of processing failure

*/

protected void doDispatch(HttpServletRequest request, HttpServletResponse response) throws Exception

请求会得到分发,然后执行各个已注册HanhzqpPVbKadler的preHandle-->postHandle-->afterCompletion。

源码走读:HandlerExecutionChain applyPreHandle

/**

* Apply preHandle methods of registered interceptors.

* @return {@code true} if the execution chain should proceed with the

* next interceptor or the handler itself. Else, DispatcherServlet assumes

* that this interceptor has already dealt with the response itself.

*/

boolean applyPreHandle(HttpServletRequest request, HttpServletResponse response) throws Exception {

HandlerInterceptor[] interceptors = getInterceptors();

if (!ObjectUtils.isEmpty(interceptors)) {

for (int i = 0; i < interceptors.length; i++) {

HandlerInterceptor interceptor = interceptors[i];

if (!interceptor.preHandle(request, response, this.handler)) {

triggerAfterCompletion(request, response, null);

return false;

}

this.interceptorIndex = i;

}

}

return true;

}

当执行到preHandle返回false时,它就会从上一个返回true的handler依次往前执行afterCompletion,它自己的afterCompletion得不到执行。

triggerAfterCompletion

/**

* Trigger afterCompletion callbacks on the mapped HandlerInterceptors.

* Will just invoke afterCompletion for all interceptors whose preHandle invocation

* has successfully completed and returned true.

*/

void triggerAfterCompletion(HttpServletRequest request, HttpServletResponse response, @Nullable Exception ex)

throws Exception {

HandlerInterceptor[] interceptors = getInterceptors();

if (!ObjectUtils.isEmpty(interceptors)) {

for (int i = this.interceptorIndex; i >= 0; i--) {

HandlerInterceptor interceptor = interceptors[i];

try {

interceptor.afterCompletion(request, response, this.handler, ex);

}

catch (Throwable ex2) {

logger.error("HandlerInterceptor.afterCompletion threw exception", ex2);

}

}

}

}

triggerAfterCompletion只会在(1)出现异常,(2)preHandle返回false 或(3)正常执行结束才会从索引interceptorIndex依次往前执行。

所以基于以上源码可以得知,在写拦截器时preHandle返回false时,afterCompletion是不会执行的。所以一些必要的清理工作得不到执行,会出现类似我们遇到的帐号串的问题。


版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。

上一篇:最新接口测试工具下载速度(常见接口测试工具)
下一篇:接口自动化框架大数据(接口自动化数据处理)
相关文章

 发表评论

暂时没有评论,来抢沙发吧~