Filter


ํ•„ํ„ฐ๋ž€?

๐Ÿ“ข J2EE ํ‘œ์ค€ ์ŠคํŽ™ ๊ธฐ๋Šฅ์œผ๋กœ ๋””์ŠคํŒจ์ฒ˜ ์„œ๋ธ”๋ฆฟ์— ์š”์ฒญ์ด ์ „๋‹ฌ๋˜๊ธฐ ์ „/ํ›„์— url ํŒจํ„ด์— ๋งž๋Š” ๋ชจ๋“  ์š”์ฒญ์— ๋Œ€ํ•ด ๋ถ€๊ฐ€์ž‘์—…์„ ์ฒ˜๋ฆฌํ•  ์ˆ˜ ์žˆ๋Š” ๊ธฐ๋Šฅ์„ ์ œ๊ณต

๊ฐ„๋‹จํ•˜๊ฒŒ ๋งํ•˜๋ฉด ์š”์ฒญ๊ณผ ์‘๋‹ต์„ ๊ฑฐ๋ฅธ๋’ค ์ •์ œํ•˜๋Š” ์—ญํ• ์„ ํ•ฉ๋‹ˆ๋‹ค.

์œ„์— ์‚ฌ์ง„์ฒ˜๋Ÿผ ํ•„ํ„ฐ๋Š” ์Šคํ”„๋ง ์ปจํ…Œ์ด๋„ˆ๊ฐ€ ์•„๋‹Œ ํ†ฐ์บฃ๊ณผ ๊ฐ™์€ ์›น ์ปจํ…Œ์ด๋„ˆ์— ์˜ํ•ด ๊ด€๋ฆฌ๊ฐ€ ๋˜๊ณ , ์Šคํ”„๋ง ๋ฒ”์œ„ ๋ฐ–์—์„œ ์ฒ˜๋ฆฌ๋ฉ๋‹ˆ๋‹ค.

ํ•„ํ„ฐ์˜ ๋ฉ”์†Œ๋“œ ์ข…๋ฅ˜

javax.servlet์˜ Filter ์ธํ„ฐํŽ˜์ด์Šค๋ฅผ ๊ตฌํ˜„ํ•ด์•ผ ๋ฉ๋‹ˆ๋‹ค.

public interface Filter {   
  
				public default void init(FilterConfig filterConfig) throws ServletException {} 
    
				public void doFilter(ServletRequest request, ServletResponse response,           
							 FilterChain chain) throws IOException, ServletException;
     
				public default void destroy() {}
}

init()

  • ํ•„ํ„ฐ ๊ฐ์ฒด๋ฅผ ์ดˆ๊ธฐํ™”ํ•˜๊ณ  ์„œ๋น„์Šค์— ์ถ”๊ฐ€ํ•˜๊ธฐ ์œ„ํ•œ ๋ฉ”์†Œ๋“œ
  • ์›น ์ปจํ…Œ์ด๋„ˆ๊ฐ€ 1ํšŒ init()์„ ํ˜ธ์ถœํ•˜์—ฌ ํ•„ํ„ฐ ๊ฐ์ฒด๋ฅผ ์ดˆ๊ธฐํ™”ํ•˜๋ฉด ์ดํ›„ ์š”์ฒญ๋“ค์€ doFilter()๋ฅผ ํ†ตํ•ด ์ฒ˜๋ฆฌ

doFilter()

  • url-pattern์— ๋งž๋Š” ๋ชจ๋“  HTTP ์š”์ฒญ์ด ๋””์ŠคํŒจ์ฒ˜ ์„œ๋ธ”๋ฆฟ์œผ๋กœ ์ „๋‹ฌ๋˜๊ธฐ ์ „์— ์›น ์ปจํ…Œ์ด๋„ˆ์— ์˜ํ•ด ์‹คํ–‰๋˜๋Š” ๋ฉ”์†Œ๋“œ
  • chain.doFilter()๋กœ ์ „,ํ›„์— ์šฐ๋ฆฌ๊ฐ€ ํ•„์š”ํ•œ ์ฒ˜๋ฆฌ ๊ณผ์ •์„ ๋„ฃ์–ด์คŒ์œผ๋กœ์จ ์›ํ•˜๋Š” ์ฒ˜๋ฆฌ ์ง„ํ–‰ ๊ฐ€๋Šฅ

destroy()

  • ํ•„ํ„ฐ ๊ฐ์ฒด๋ฅผ ์ œ๊ฑฐํ•˜๊ณ  ์‚ฌ์šฉํ•˜๋Š” ์ž์›์„ ๋ฐ˜ํ™˜ํ•˜๊ธฐ ์œ„ํ•œ ๋ฉ”์†Œ๋“œ
  • ์›น ์ปจํ…Œ์ด๋„ˆ๊ฐ€ 1ํšŒ destroy()๋ฅผ ํ˜ธ์ถœํ•˜์—ฌ ํ•„ํ„ฐ ๊ฐ์ฒด๋ฅผ ์ข…๋ฃŒํ•˜๋ฉด ์ดํ›„์—๋Š” doFilter์— ์˜ํ•ด ์ฒ˜๋ฆฌ๋˜์ง€ ์•Š์Œ

Interceptor


์ธํ„ฐ์…‰ํ„ฐ๋ž€?

๐Ÿ“ข Spring MVC๊ฐ€ ์ œ๊ณตํ•˜๋Š” ๊ธฐ์ˆ ๋กœ์จ, ๋””์ŠคํŒจ์ฒ˜ ์„œ๋ธ”๋ฆฟ์ด ์ปจํŠธ๋กค๋Ÿฌ๋ฅผ ํ˜ธ์ถœํ•˜๊ธฐ ์ „๊ณผ ํ›„์— ์š”์ฒญ๊ณผ ์‘๋‹ต์„ ์ฐธ์กฐํ•˜๊ฑฐ๋‚˜ ๊ฐ€๊ณตํ•  ์ˆ˜ ์žˆ๋Š” ๊ธฐ๋Šฅ ์ œ๊ณต

์‰ฝ๊ฒŒ ๋งํ•˜๋ฉด ์š”์ฒญ์— ๋Œ€ํ•œ ์ž‘์—… ์ „/ ํ›„๋กœ ๊ฐ€๋กœ์ฑ„๋Š”๊ฒƒ!!!!

์œ„ ์‚ฌ์ง„์ฒ˜๋Ÿผ ์›น ์ปจํ…Œ์ด๋„ˆ์—์„œ ๋™์ž‘ํ•˜๋Š” ํ•„ํ„ฐ์™€ ๋‹ฌ๋ฆฌ ์ธํ„ฐ์…‰ํ„ฐ๋Š” ์Šคํ”„๋ง ์ปจํ…์ŠคํŠธ์—์„œ ๋™์ž‘์„ ํ•ฉ๋‹ˆ๋‹ค. ๋””์ŠคํŒจ์ฒ˜ ์„œ๋ธ”๋ฆฟ์ด ํ•ธ๋“ค๋Ÿฌ ๋งคํ•‘์„ ํ†ตํ•ด ์ปจํŠธ๋กค๋Ÿฌ๋ฅผ ์ฐพ๋„๋ก ์š”์ฒญํ•˜๋Š”๋ฐ, ๊ทธ ๊ฒฐ๊ณผ๋กœ ์‹คํ–‰ ์ฒด์ธ์„ ๋Œ๋ ค์ค๋‹ˆ๋‹ค. ์—ฌ๊ธฐ์„œ 1๊ฐœ ์ด์ƒ์˜ ์ธํ„ฐ์…‰ํ„ฐ๊ฐ€ ๋“ฑ๋ก๋˜์–ด ์žˆ๋‹ค๋ฉด ์ˆœ์ฐจ์ ์œผ๋กœ ์ธํ„ฐ์…‰ํ„ฐ๋“ค์„ ๊ฑฐ์ณ ์ปจํŠธ๋กค๋Ÿฌ๊ฐ€ ์‹คํ–‰๋˜๋„๋ก ํ•˜๊ณ , ์—†๋‹ค๋ฉด ๋ฐ”๋กœ ์ปจํŠธ๋กค๋Ÿฌ๊ฐ€ ์‹คํ–‰๋ฉ๋‹ˆ๋‹ค.

์ธํ„ฐ์…‰ํ„ฐ์˜ ๋ฉ”์†Œ๋“œ ์ข…๋ฅ˜

org.springframework.web.servlet์˜ HandlerInterceptor ์ธํ„ฐํŽ˜์ด์Šค๋ฅผ ๊ตฌํ˜„ํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

public interface HandlerInterceptor { 	

		default boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)			
						throws Exception { 		

				return true;	

} 	

default void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,			
				@Nullable ModelAndView modelAndView) throws Exception {

	} 	

default void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,			
				@Nullable Exception ex) throws Exception {	

}

preHandle()

  • ์ปจํŠธ๋กค๋Ÿฌ๊ฐ€ ํ˜ธ์ถœ๋˜๊ธฐ ์ „์— ์‹คํ–‰
  • ์ปจํŠธ๋กค๋Ÿฌ ์ด์ „์— ์ฒ˜๋ฆฌํ•ด์•ผ ํ•˜๋Š” ์ „์ฒ˜๋ฆฌ ์ž‘์—…์ด๋‚˜ ์š”์ฒญ ์ •๋ณด๋ฅผ ๊ฐ€๊ณตํ•˜๊ฑฐ๋‚˜ ์ถ”๊ฐ€ํ•˜๋Š” ๊ฒฝ์šฐ์— ์‚ฌ์šฉ

postHandle()

  • ์ปจํŠธ๋กค๋Ÿฌ๊ฐ€ ํ˜ธ์ถœ๋œ ํ›„์— ์‹คํ–‰
  • ์ปจํŠธ๋กค๋Ÿฌ ์ดํ›„์— ์ฒ˜๋ฆฌํ•ด์•ผ ํ•˜๋Š” ํ›„์ฒ˜๋ฆฌ ์ž‘์—…์ด ์žˆ์„ ๋•Œ ์‚ฌ์šฉ
  • ์ปจํŠธ๋กค๋Ÿฌ๊ฐ€ ๋ฐ˜ํ™˜ํ•˜๋Š” ModelAndView ํƒ€์ž…์˜ ์ •๋ณด๊ฐ€ ์ œ๊ณต๋˜๋Š”๋ฐ, ์ตœ๊ทผ์—๋Š” JSON ํ˜•ํƒœ๋กœ ์ œ๊ณตํ•˜๋Š” RestAPI ๊ธฐ๋ฐ˜์˜ ์ปจํŠธ๋กค๋Ÿฌ(@RestController)๋ฅผ ๋งŒ๋“ค๋ฉด์„œ ์ž์ฃผ ์‚ฌ์šฉ X

afterCompletion()

  • ๋ชจ๋“  ๋ทฐ์—์„œ ์ตœ์ข… ๊ฒฐ๊ณผ๋ฅผ ์ƒ์„ฑํ•˜๋Š” ์ผ์„ ํฌํ•จํ•ด ๋ชจ๋“  ์ž‘์—…์ด ์™„๋ฃŒ๋œ ํ›„์— ์‹คํ–‰
  • ์š”์ฒญ ์ฒ˜๋ฆฌ ์ค‘์— ์‚ฌ์šฉํ•œ ๋ฆฌ์†Œ์Šค๋ฅผ ๋ฐ˜ํ™˜ํ•  ๋•Œ ์‚ฌ์šฉ ๊ฐ€๋Šฅ

Filter vs Interceptor

Request, Response ๊ฐ์ฒด ์กฐ์ž‘ ๊ฐ€๋Šฅ ์—ฌ๋ถ€

ํ•„ํ„ฐ๋Š” Request์™€ Response๋ฅผ ์กฐ์ž‘ํ•  ์ˆ˜ ์žˆ์ง€๋งŒ, ์ธํ„ฐ์…‰ํ„ฐ๋Š” ์กฐ์ž‘ํ•  ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค.

Filter

public class MyFilter implements Filter {     

		@Override    
		public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)    
		throws IOException, ServletException {        
			// ๋‹ค๋ฅธ request์™€ response๋ฅผ ๋„ฃ์–ด์ค„ ์ˆ˜ ์žˆ์Œ        
			chain.doFilter(request, response);    
	}
}

ํ•„ํ„ฐ๊ฐ€ ๋‹ค์Œ ํ•„ํ„ฐ๋ฅผ ํ˜ธ์ถœํ•˜๊ธฐ ์œ„ํ•ด์„œ๋Š” ํ•„ํ„ฐ ์ฒด์ด๋‹์„ ํ•ด์ฃผ์–ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

์ด๋•Œ request, response ๊ฐ์ฒด๋ฅผ ๋„˜๊ฒจ์ฃผ๋ฏ€๋กœ ์šฐ๋ฆฌ๊ฐ€ ์›ํ•˜๋Š” request, response ๊ฐ์ฒด๋ฅผ ๋„ฃ์„ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Interceptor

public class MyInterceptor implements HandlerInterceptor {     

		public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)     
		throws Exception {       
			 // Request, Response๋ฅผ ๊ต์ฒดํ•  ์ˆ˜ ์—†๊ณ  boolean ๊ฐ’๋งŒ ๋ฐ˜ํ™˜ ๊ฐ€๋Šฅ       
			 return true;    
		}
}

๋””์ŠคํŒจ์ฒ˜ ์„œ๋ธ”๋ฆฟ์ด ์—ฌ๋Ÿฌ ์ธํ„ฐ์…‰ํ„ฐ ๋ชฉ๋ก์„ ๊ฐ€์ง€๊ณ  ์žˆ๊ณ , ์ˆœ์ฐจ์ ์œผ๋กœ ์‹คํ–‰์‹œํ‚ต๋‹ˆ๋‹ค.

true์„ ๋ฐ˜ํ™˜ํ•˜๋ฉด ๋‹ค์Œ ์ธํ„ฐ์…‰ํ„ฐ๊ฐ€ ์‹คํ–‰๋˜๊ฑฐ๋‚˜ ์ปจํŠธ๋กค๋Ÿฌ๋กœ ์š”์ฒญ์ด ์ „๋‹ฌ๋˜๋ฉฐ, fase๊ฐ€ ๋ฐ˜ํ™˜๋˜๋ฉด ์š”์ฒญ์ด ์ค‘๋‹จ๋˜๊ธฐ ๋•Œ๋ฌธ์— request, response ๊ฐ์ฒด๋ฅผ ๋„˜๊ฒจ์ค„ ์ˆ˜ ์—†์Šต๋‹ˆ๋‹ค.

ํ•„ํ„ฐ์™€ ์ธํ„ฐ์…‰ํ„ฐ์˜ ์‚ฌ์šฉ ์‚ฌ๋ก€

Filter

  • ๋ณด์•ˆ ๋ฐ ์ธ์ฆ/์ธ๊ฐ€ ๊ด€๋ จ ์ž‘์—…
  • ๋ชจ๋“  ์š”์ฒญ์— ๋Œ€ํ•œ ๋กœ๊น… ๋˜๋Š” ๊ฒ€์‚ฌ
  • ์ด๋ฏธ์ง€/๋ฐ์ดํ„ฐ ์••์ถ• ๋ฐ ๋ฌธ์ž์—ด ์ธ์ฝ”๋”ฉ
  • Spring๊ณผ ๋ถ„๋ฆฌ๋˜์–ด์•ผ ํ•˜๋Š” ๊ธฐ๋Šฅ

Interceptor

  • ์„ธ๋ถ€์ ์ธ ๋ณด์•ˆ ๋ฐ ์ธ์ฆ/์ธ๊ฐ€ ๊ณตํ†ต ์ž‘์—…
  • API ํ˜ธ์ถœ์— ๋Œ€ํ•œ ๋กœ๊น… ๋˜๋Š” ๊ฒ€์‚ฌ
  • Controller๋กœ ๋„˜๊ฒจ์ฃผ๋Š” ์ •๋ณด(๋ฐ์ดํ„ฐ)์˜ ๊ฐ€๊ณต

์ •๋ฆฌ

์ •๋ฆฌ๋ฅผ ํ•ด๋ณด์ž๋ฉด

ํ•„ํ„ฐ์™€ ์ธํ„ฐ์…‰ํ„ฐ ๋ชจ๋‘ ๋น„์ฆˆ๋‹ˆ์Šค ๋กœ์ง๊ณผ ๋ถ„๋ฆฌ๋˜์–ด ํŠน์ • ์š”๊ตฌ์‚ฌํ•ญ(๋ณด์•ˆ, ์ธ์ฆ, ์ธ์ฝ”๋”ฉ ๋“ฑ)์„ ๋งŒ์กฑ์‹œ์ผœ์•ผ ํ•  ๋•Œ ์ ์šฉ๋ฉ๋‹ˆ๋‹ค.

ํ•„ํ„ฐ๋Š” ํŠน์ • ์š”์ฒญ๊ณผ ์ปจํŠธ๋กค๋Ÿฌ์— ๊ด€๊ณ„์—†์ด ์ „์—ญ์ ์œผ๋กœ ์ฒ˜๋ฆฌํ•ด์•ผ ํ•˜๋Š” ์ž‘์—…์ด๋‚˜ ์›น ์–ดํ”Œ๋ฆฌ์ผ€์ด์…˜์— ์ „๋ฐ˜์ ์œผ๋กœ ์‚ฌ์šฉ๋˜๋Š” ๊ธฐ๋Šฅ์„ ๊ตฌํ˜„ํ•  ๋•Œ ์ ์šฉํ•˜๊ณ , ์ธํ„ฐ์…‰ํ„ฐ๋Š” ํด๋ผ์ด์–ธํŠธ์˜ ์š”์ฒญ๊ณผ ๊ด€๋ จ๋œ ์ž‘์—…์— ๋Œ€ํ•ด ์ถ”๊ฐ€์ ์ธ ์š”๊ตฌ์‚ฌํ•ญ์„ ๋งŒ์กฑํ•ด์•ผ ํ•  ๋•Œ ์ ์šฉํ•ฉ๋‹ˆ๋‹ค.

๋ฉด์ ‘ ์งˆ๋ฌธ

๐Ÿ’ก Filter์™€ Interceptor์˜ ์ฐจ์ด๋ฅผ ์•Œ๋ ค์ฃผ์‹œ์˜ค

ํ•„ํ„ฐ์™€ ์ธํ„ฐ์…‰ํ„ฐ๋Š” ๋ชจ๋‘ ๊ณตํ†ต์ ์œผ๋กœ ์ฒ˜๋ฆฌํ•ด์•ผ ํ•˜๋Š” ์ผ๋“ค(ex.๋กœ๊ทธ์ธ ๊ด€๋ จ ์„ธ์…˜ ์ฒ˜๋ฆฌ, ๊ถŒํ•œ ์ฒดํฌ,

XSS ๋ฐฉ์–ด ๋“ฑ)์„ ์ฒ˜๋ฆฌํ•˜๋Š” ์—ญํ• ์„ ํ•ฉ๋‹ˆ๋‹ค. ํ•„ํ„ฐ๋Š” ๋””์ŠคํŒจ์ฒ˜ ์„œ๋ธ”๋ฆฟ์— ์š”์ฒญ์ด ์ „๋‹ฌ๋˜๊ธฐ ์ „/ํ›„์— url ํŒจํ„ด์— ๋งž๋Š” ๋ชจ๋“  ์š”์ฒญ์— ๋Œ€ํ•ด ๋ถ€๊ฐ€์ž‘์—…์„ ์ฒ˜๋ฆฌํ•  ์ˆ˜ ์žˆ๋Š” ๊ธฐ๋Šฅ์„ ์ œ๊ณตํ•ด์ค๋‹ˆ๋‹ค. ๋ฐ˜๋ฉด ์ธํ„ฐ์…‰ํ„ฐ๋Š” Spring์ด ์ œ๊ณตํ•˜๋Š” ๊ธฐ์ˆ ๋กœ์จ, ๋””์ŠคํŒจ์ฒ˜ ์„œ๋ธ”๋ฆฟ์ด ์ปจํŠธ๋กค๋Ÿฌ๋ฅผ ํ˜ธ์ถœํ•˜๊ธฐ ์ „๊ณผ ํ›„์— ์š”์ฒญ๊ณผ ์‘๋‹ต์„ ์ฐธ์กฐํ•˜๊ฑฐ๋‚˜ ๊ฐ€๊ณตํ•  ์ˆ˜ ์žˆ๋Š” ๊ธฐ๋Šฅ์„ ์ œ๊ณตํ•ฉ๋‹ˆ๋‹ค. ์ฆ‰ ํ•„ํ„ฐ๋Š” ์›น ์ปจํ…Œ์ด๋„ˆ์—์„œ, ์ธํ„ฐ์…‰ํ„ฐ๋Š” ์Šคํ”„๋ง ์ปจํ…Œ์ด๋„ˆ์—์„œ ๋™์ž‘ํ•œ๋‹ค๋Š” ์ฐจ์ด๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค.

profile
๊ฐœ๋ฐœ ๊ณต๋ถ€ ์ผ์ง€

0๊ฐœ์˜ ๋Œ“๊ธ€

Powered by GraphCDN, the GraphQL CDN