An old project of mine has been upgraded from SpringMvc to SpringBoot. The project uses two filters, namely the XSS injection filter and the CSRF attack filter.
Servlet The three major components: Servlet, Filter, and Listener need to be configured in traditional projects.
Servlet 3.0 began to provide 3 corresponding @WebServlet, @WebFilter, and @WebListener annotations under the package to simplify operations. @WebServlet, @WebFilter, and @WebListener are written on the corresponding Servlet, Filter, and Listener classes as identifiers, so there is no need to configure it in it.
Therefore the new code is as follows
@Component
@WebFilter(urlPatterns = {"/*"}, filterName = "csrfFilter")
public class WebCsrfFilter implements Filter{
}and
@Component
@WebFilter(urlPatterns = {"/*"}, filterName = "xssFilter")
public class WebXssFilter extends XssFilter {
}During the test, I found that the set Filter was not effective. After troubleshooting, it should be noted that these three annotations in Spring Boot application are not scanned by default. You need to add the @ServletComponentScan annotation to the project startup class, indicating that you scan the Servlet component.
Therefore, after using @ServletComponentScan annotation on the SpringBootApplication project, Servlet, Filter, and Listener can be automatically registered directly through @WebServlet, @WebFilter, and @WebListener annotation, without other code.
import ;
import ;
import ;
@SpringBootApplication
@ServletComponentScan(basePackages = "")
public class WebApplication extends SpringBootServletInitializer{
public static void main(String[] args) {
(, args);
}This is the article about the reason why Filter in SpringBoot is not effective. For more related content about Filter in SpringBoot, please search for my previous articles or continue browsing the related articles below. I hope everyone will support me in the future!