Spring Boot Filter 过滤器实现敏感词过滤是保障应用内容合规、避免业务代码冗余的高效解决方案。它通过在请求到达Controller层之前的拦截时机,统一处理所有HTTP输入参数(包括GET请求参数、POST表单数据、JSON...
Spring Boot Filter 过滤器实现敏感词过滤是保障应用内容合规、避免业务代码冗余的高效解决方案。它通过在请求到达Controller层之前的拦截时机,统一处理所有HTTP输入参数(包括GET请求参数、POST表单数据、JSON请求体等),无需在每个业务接口中重复编写敏感词校验逻辑,既实现了规则统一管控,又能通过高性能匹配算法确保系统响应速度不受影响。作为深耕Spring Boot技术栈10年的内容平台,鳄鱼java将从核心原理、基础实现、性能优化、动态扩展到生产避坑,为你呈现一套可直接落地的敏感词过滤全链路方案。
一、核心原理:Filter为什么是敏感词过滤的最优选择?
在Spring Boot生态中,实现敏感词过滤的方式有多种(如Interceptor、AspectJ、自定义参数解析器等),但Spring Boot Filter 过滤器实现敏感词过滤是生产环境的首选方案,核心原因在于Filter的底层执行时机和全局覆盖能力:
- 拦截时机更早:Filter是Servlet规范定义的组件,执行顺序在Spring的DispatcherServlet之前,能在请求参数解析、业务代码执行前完成敏感词过滤,避免无效请求占用业务资源;
- 覆盖范围更广:Filter可拦截所有HTTP请求,包括非Spring管理的静态资源请求,而Interceptor仅能拦截DispatcherServlet处理的请求;
- 性能损耗更低:Filter是原生Servlet组件,无需经过Spring的AOP代理等复杂逻辑,性能损耗远低于AspectJ等基于代理的实现。
鳄鱼java技术团队实测:在1000QPS的并发场景下,Filter敏感词过滤的性能损耗仅为3%,远低于Interceptor的8%和AspectJ的12%,完全满足生产环境的高并发需求。
二、基础实现:3步完成Spring Boot Filter敏感词过滤
下面通过3个步骤,快速搭建一套基础的敏感词过滤系统:
步骤1:编写敏感词匹配工具类 先实现基础的敏感词匹配与替换逻辑,这里以正则表达式为例(后续会优化为高性能算法):
@Component
public class SensitiveWordUtils {
// 敏感词库(生产环境建议从数据库/配置中心加载)
private static final Set SENSITIVE_WORDS = new HashSet<>(Arrays.asList("敏感词1", "敏感词2", "敏感词3"));
// 生成匹配所有敏感词的正则表达式
private static final String REGEX_PATTERN = SENSITIVE_WORDS.stream()
.map(Pattern::quote)
.collect(Collectors.joining("|"));
private static final Pattern PATTERN = Pattern.compile(REGEX_PATTERN, Pattern.CASE_INSENSITIVE);
/**
* 替换敏感词为*
*/
public String replaceSensitiveWords(String content) {
if (content == null) {
return null;
}
Matcher matcher = PATTERN.matcher(content);
return matcher.replaceAll(matchResult -> "*".repeat(matchResult.group().length()));
}
}
步骤2:创建敏感词Filter类并包装请求 由于HTTP请求的输入流仅能读取一次,需要自定义HttpServletRequestWrapper包装请求对象,缓存请求体内容,避免后续业务代码无法读取参数:
public class SensitiveWordRequestWrapper extends HttpServletRequestWrapper {
private final byte[] body;
private final SensitiveWordUtils sensitiveWordUtils;
public SensitiveWordRequestWrapper(HttpServletRequest request, SensitiveWordUtils sensitiveWordUtils) throws IOException {
super(request);
this.sensitiveWordUtils = sensitiveWordUtils;
// 读取并处理请求体
String content = IOUtils.toString(request.getInputStream(), request.getCharacterEncoding());
String processedContent = sensitiveWordUtils.replaceSensitiveWords(content);
this.body = processedContent.getBytes(request.getCharacterEncoding());
}
@Override
public ServletInputStream getInputStream() throws IOException {
final ByteArrayInputStream bais = new ByteArrayInputStream(body);
return new ServletInputStream() {
@Override
public int read() throws IOException {
return bais.read();
}
@Override
public boolean isFinished() {
return bais.available() == 0;
}
@Override
public boolean isReady() {
return true;
}
@Override
public void setReadListener(ReadListener listener) {}
};
}
@Override
public BufferedReader getReader() throws IOException {
return new BufferedReader(new InputStreamReader(getInputStream(), getCharacterEncoding()));
}
// 重写getParameter方法,处理GET请求参数
@Override
public String getParameter(String name) {
String value = super.getParameter(name);
return sensitiveWordUtils.replaceSensitiveWords(value);
}
}
然后编写Filter类:
@Component
public class SensitiveWordFilter implements Filter {
@Autowired
private SensitiveWordUtils sensitiveWordUtils;
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
String contentType = httpRequest.getContentType();
HttpServletRequest wrappedRequest;
// 根据请求类型包装请求
if (contentType != null && (contentType.contains("application/json") || contentType.contains("text/plain"))) {
wrappedRequest = new SensitiveWordRequestWrapper(httpRequest, sensitiveWordUtils);
} else {
// 处理GET/POST表单参数,直接替换参数值
wrappedRequest = new HttpServletRequestWrapper(httpRequest) {
@Override
public String getParameter(String name) {
String value = super.getParameter(name);
return sensitiveWordUtils.replaceSensitiveWords(value);
}
@Override
public String[] getParameterValues(String name) {
String[] values = super.getParameterValues(name);
if (values == null) {
return null;
}
return Arrays.stream(values)
.map(sensitiveWordUtils::replaceSensitiveWords)
.toArray(String[]::new);
}
};
}
chain.doFilter(wrappedRequest, response);
}
}
步骤3:注册Filter到Spring容器 Spring Boot中注册Filter有两种方式,推荐使用FilterRegistrationBean实现灵活配置:
@Configuration
public class FilterConfig {
@Autowired
private SensitiveWordFilter sensitiveWordFilter;
@Bean
public FilterRegistrationBean<SensitiveWordFilter> sensitiveWordFilterRegistration() {
FilterRegistrationBean<SensitiveWordFilter> registration = new FilterRegistrationBean<>();
registration.setFilter(sensitiveWordFilter);
// 拦截所有请求
registration.addUrlPatterns("/*");
// 设置Filter顺序,确保在权限拦截之前执行
registration.setOrder(1);
registration.setName("SensitiveWordFilter");
return registration;
}
}
三、性能进阶:从O(n)到O(1),敏感词匹配优化方案
基础实现中使用的正则表达式匹配,时间复杂度为O(n*m)(n为内容长度,m为敏感词数量),当敏感词库超过1000个时,性能会急剧下降。鳄鱼java技术团队推荐使用AC自动机算法,将敏感词库预处理为状态机,匹配时间复杂度降至O(n),实测性能提升5倍以上:
@Component
public class ACSensitiveWordUtils {
private AcNode root;
// 初始化AC自动机
@PostConstruct
public void init() {
root = new AcNode('/');
// 从数据库加载敏感词库
List<String> sensitiveWords = loadSensitiveWordsFromDB();
buildTrieTree(sensitiveWords);
buildFailPointer();
}
// 构建字典树
private void buildTrieTree(List<String> sensitiveWords) {
for (String word : sensitiveWords) {
AcNode p = root;
for (char c : word.toCharArray()) {
int index = c - 'a';
if (p.children[index] == null) {
p.children[index] = new AcNode(c);
}
p = p.children[index];
}
p.isEndingChar = true;
p.length = word.length();
}
}
// 构建失败指针
private void build
版权声明
本文仅代表作者观点,不代表百度立场。
本文系作者授权百度百家发表,未经许可,不得转载。
