Spring安全依赖查找

依赖查找安全性对比

依赖查找类型 代表实现 是否安全
单一类型 BeanFactory#getBean
ObjectFactory#getObject
ObjectProvider#getIfAvailable
集合类 ListableBeanFactory#getBeansOfType
ObjectProvider#stream

实体类Rumenz.java

package com.rumenz;
public class Rumenz{
    private Integer id;
    private String name;
    @Override
    public String toString() {
        return "Rumenz{" +
                "id=" + id +
                ", name='" + name + '/'' +
                '}';
    }

    public Integer getId() {
        return id;
    }

    public void setId(Integer id) {
        this.id = id;
    }

    public String getName() {
        return name;
    }
    public void setName(String name) {
        this.name = name;
    }
}

BeanFactory#getBean 单一类型查找

package com.rumenz;



import org.springframework.context.annotation.AnnotationConfigApplicationContext;

import java.util.Map;


public class DemoApplication {

    public static void main(String[] args) {
         AnnotationConfigApplicationContext ac=new AnnotationConfigApplicationContext();
         ac.register(DemoApplication.class); //没有注册Rumenz.class
         ac.refresh();
         //通过BeanFactory#getBean
         byBeanFactory(ac);
         ac.close();
    }

    private static void byBeanFactory(AnnotationConfigApplicationContext ac) {
        printBeanException("byBeanFactory",()->ac.getBean(Rumenz.class));
    }

    private static void printBeanException(String msg,  Runnable runnable) {
        System.err.println("from---->>>"+msg);
        try{
            runnable.run();
        }catch (Exception e){
            e.printStackTrace();
        }

    }


}

输出

由于没有注册Rumenz.class,所以查找报错,不安全

from---->>>byBeanFactory
org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type 'com.rumenz.Rumenz' available

ObjectFactory#getObject 单一类型查找

package com.rumenz;



import org.springframework.beans.factory.ObjectProvider;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;

import java.util.Map;


public class DemoApplication {

    public static void main(String[] args) {
         AnnotationConfigApplicationContext ac=new AnnotationConfigApplicationContext();
         ac.register(DemoApplication.class);
         ac.refresh();

         //通过ObjectFactory#getObject
         byObjectFactory(ac);
         ac.close();
    }

    private static void byObjectFactory(AnnotationConfigApplicationContext ac) {
        ObjectProvider<Rumenz> beanProvider = ac.getBeanProvider(Rumenz.class);
        printBeanException("byObjectFactory",()->beanProvider.getObject());
    }
    private static void printBeanException(String msg,  Runnable runnable) {
        System.err.println("from---->>>"+msg);
        try{
            runnable.run();
        }catch (Exception e){
            e.printStackTrace();
        }

    }
}

输出

由于没有注册Rumenz.class,所以查找报错,不安全

from---->>>byObjectFactory
org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type 'com.rumenz.Rumenz' available

ObjectProvider#getIfAvailable 单一类型查找

package com.rumenz;



import org.springframework.beans.factory.ObjectProvider;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;

import java.util.Map;


public class DemoApplication {

    public static void main(String[] args) {
         AnnotationConfigApplicationContext ac=new AnnotationConfigApplicationContext();
         ac.register(DemoApplication.class);
         ac.refresh();
         //通过ObjectProvider#getIfAvailable
         byObjectProvider(ac);
         ac.close();
    }

    private static void byObjectProvider(AnnotationConfigApplicationContext ac) {
        ObjectProvider<Rumenz> beanProvider = ac.getBeanProvider(Rumenz.class);
        printBeanException("byObjectProvider",()->beanProvider.getIfAvailable());
    }

    private static void printBeanException(String msg,  Runnable runnable) {
        System.err.println("from---->>>"+msg);
        try{
            runnable.run();
        }catch (Exception e){
            e.printStackTrace();
        }

    }


}

输出

不存在Rumenz.class,也不会报错,安全

from---->>>byObjectProvider

ListableBeanFactory#getBeansOfType 集合查找

package com.rumenz;



import org.springframework.beans.factory.ObjectProvider;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;

import java.util.Map;


public class DemoApplication {

    public static void main(String[] args) {
         AnnotationConfigApplicationContext ac=new AnnotationConfigApplicationContext();
         ac.register(DemoApplication.class);
         ac.refresh();
         // 通过ListableBeanFactory#getBeansOfType 集合类型查找
         byListableBeanFactory(ac);


         ac.close();
    }

    private static void byListableBeanFactory(AnnotationConfigApplicationContext ac) {
        printBeanException("byListableBeanFactory",()->ac.getBeansOfType(Rumenz.class));

    }

    private static void printBeanException(String msg,  Runnable runnable) {
        System.err.println("from---->>>"+msg);
        try{
            runnable.run();
        }catch (Exception e){
            e.printStackTrace();
        }

    }


}

输出

不存在Rumenz.class,也不会报错,安全

from---->>>byListableBeanFactory

ObjectProvider#Stream 集合类型查找

package com.rumenz;



import org.springframework.beans.factory.ObjectProvider;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;

import java.util.Map;


public class DemoApplication {

    public static void main(String[] args) {
         AnnotationConfigApplicationContext ac=new AnnotationConfigApplicationContext();
         ac.register(DemoApplication.class);
         ac.refresh();
        

         // 通过ObjectProvider#stream
         byObjectProviderStream(ac);


         ac.close();
    }

    private static void byObjectProviderStream(AnnotationConfigApplicationContext ac) {
        ObjectProvider<Rumenz> beanProvider = ac.getBeanProvider(Rumenz.class);
        printBeanException("byObjectProviderStream",()->beanProvider.stream().forEach(System.out::println));
    }

    private static void printBeanException(String msg,  Runnable runnable) {
        System.err.println("from---->>>"+msg);
        try{
            runnable.run();
        }catch (Exception e){
            e.printStackTrace();
        }

    }

}

输出

不存在Rumenz.class,也不会报错,安全

from---->>>byObjectProviderStream

Spring安全依赖查找

源码: https://github.com/mifunc/Spr…

原文: https://rumenz.com/rumenbiji/.html

原文 

https://segmentfault.com/a/1190000023180406

本站部分文章源于互联网,本着传播知识、有益学习和研究的目的进行的转载,为网友免费提供。如有著作权人或出版方提出异议,本站将立即删除。如果您对文章转载有任何疑问请告之我们,以便我们及时纠正。

PS:推荐一个微信公众号: askHarries 或者qq群:474807195,里面会分享一些资深架构师录制的视频录像:有Spring,MyBatis,Netty源码分析,高并发、高性能、分布式、微服务架构的原理,JVM性能优化这些成为架构师必备的知识体系。还能领取免费的学习资源,目前受益良多

转载请注明原文出处:Harries Blog™ » Spring安全依赖查找

赞 (0)
分享到:更多 ()

评论 0

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址