Spring Boot 2.0 Cookbook（Second Edition）

上QQ阅读APP看书，第一时间看更新

How it works...

The magic behind this functionality is actually very simple. Let's start from the separate configuration class and work our way to the filter bean detection.

If we look in our main class, BookPubApplication, we will see that it is annotated with @SpringBootApplication, which in turn is a convenience meta-annotation that declares @ComponentScan among others. We discussed this in detail in one of our earlier recipes. The presence of @ComponentScan instructs Spring Boot to detect WebConfiguration as a @Configuration class and add its definitions to the context. So, anything that we will declare in WebConfiguration is as good as if we were to put it right in BookPubApplication itself.

The @BeanpublicRemoteIpFilterremoteIpFilter() {...} declaration simply creates a Spring bean for the RemoteIpFilter class. When Spring Boot detects all the beans of javax.servlet.Filter, it will add them to the filter chain automatically. So, all we have to do, if we want to add more filters, is to just declare them as @Bean configurations. For example, for a more advanced filter configuration, if we want a particular filter to apply only to specific URL patterns, we can create a @Bean configuration of a FilterRegistrationBean type and use it to configure the precise settings.

To make supporting this use-case easier Spring Boot provides us with configuration properties that can be used instead of manually configuring the RemoteIpFilter bean for occasions when Tomcat servlet container is being used. Use server.use-forward-headers=true to indicate to Spring Boot that it needs to automatically configure support for proxy headers, to provide proper request obfuscation. Specifically for Tomcat, one can also use server.tomcat.remote_ip_header=x-forwarded-for and server.tomcat.protocol_header=x-forwarded-proto properties to configure what specific header names should be used to retrieve the values.