一、Filter簡介
Filter也稱之爲過濾器,它是Servlet技術中最激動人心的技術,WEB開發人員通過Filter技術,對web服務器管理的所有web資源:例如Jsp, Servlet, 靜態圖片文件或靜態 html 文件等進行攔截,從而實現一些特殊的功能。例如實現URL級別的權限訪問控制、過濾敏感詞彙、壓縮響應信息等一些高級功能。
Servlet API中提供了一個Filter接口,開發web應用時,如果編寫的Java類實現了這個接口,則把這個java類稱之爲過濾器Filter。通過Filter技術,開發人員可以實現用戶在訪問某個目標資源之前,對訪問的請求和響應進行攔截。
二、Filter是如何實現攔截的?
實現了Filter接口的Servlet是過濾器,因爲Filter接口有一個doFilter(ServletRequest request, ServletResponse response, FilterChain chain)方法,只要用戶訪問我們在web.xml中配置的映射目錄,服務器便會調用過濾器的doFilter方法。我們在這裏實現過慮功能代碼,當我們調用chain.doFilter(request, response)方法時,將請求反給服務器服務器再去調用相當的Servlet。如果我們不調用此方法,說明拒絕了用戶的請求。
三、過濾器的應用(登錄和編碼轉換)
1.編寫java類實現Filter接口,並實現其doFilter方法。LoginFilter.java如下:
package com.web.filter
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginFilter implements Filter {
private FilterConfig config;
public void destroy() {
// TODO Auto-generated method stub
}
public void doFilter(ServletRequest arg0, ServletResponse arg1,FilterChain arg2) throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletRequest request = (HttpServletRequest)arg0;
HttpSession session = request.getSession();
HttpServletResponse response = (HttpServletResponse)arg1;
String noLoginPaths = config.getInitParameter("noLoginPaths");
String charset =config.getInitParameter("charset");
if(charset==null){
charset="UTF-8";
}
request.setCharacterEncoding(charset);
if(noLoginPaths!=null)
{
String[] str = noLoginPaths.split(";");
for (int i = 0; i < str.length; i++) {
if(str[i]==null || "".equals(str[i])) continue;
if(request.getRequestURI().indexOf(str[i])!=-1 )
{
arg2.doFilter(arg0, arg1);
return;
}
}
}
if(session.getAttribute("username")==null){
response.sendRedirect("login.jsp");
}else{
arg2.doFilter(arg0, arg1);
}
}
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
config = arg0;
}
}
2.在 web.xml 文件中使用和元素對編寫的filter類進行註冊,並設置它所能攔截的資源。web.xml如下:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.web.filter.LoginFilter</filter-class>
<init-param>
<param-name>noLoginPaths</param-name>
<param-value>login.jsp;fail.jsp;LoginServlet</param-value>
</init-param>
<init-param>
<param-name>charset</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<description>This is the description of my J2EE component</description>
<display-name>This is the display name of my J2EE component</display-name>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>com.web.servlet.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/servlet/LoginServlet</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
</web-app>
3.判斷用戶名和密碼是否正確,LoginServlet.java如下:
package com.web.servlet;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginServlet extends HttpServlet {
/**
* Constructor of the object.
*/
public LoginServlet() {
super();
}
/**
* Destruction of the servlet. <br>
*/
public void destroy() {
super.destroy(); // Just puts "destroy" string in log
// Put your code here
}
/**
* The doPost method of the servlet. <br>
*
* This method is called when a form has its tag value method equals to post.
*
* @param request the request send by the client to the server
* @param response the response send by the server to the client
* @throws ServletException if an error occurred
* @throws IOException if an error occurred
*/
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
System.out.println("username:"+username);
if("admin".equals(username) && "admin".equals(password))
{
HttpSession session = request.getSession();
session.setAttribute("username", username);
response.sendRedirect(request.getContextPath()+"/success.jsp");
}else{
response.sendRedirect(request.getContextPath()+"/fail.jsp");
}
}
/**
* Initialization of the servlet. <br>
*
* @throws ServletException if an error occurs
*/
public void init() throws ServletException {
// Put your code here
}
}
4.jsp頁面。login.jsp關鍵代碼如下:(success.jsp,fail.jsp省略)
<body>
<form action="<%=request.getContextPath() %>/servlet/LoginServlet" method="post">
用戶名:<input type="text" name="username">
密碼:<input type="password" name="password">
<input type="submit" value="提交">
</form>
</body>四、Filter的生命週期
4.1、Filter的創建
Filter的創建和銷燬由WEB服務器負責。 web 應用程序啓動時,web 服務器將創建Filter 的實例對象,並調用其init方法,完成對象的初始化功能,從而爲後續的用戶請求作好攔截的準備工作,filter對象只會創建一次,init方法也只會執行一次。通過init方法的參數,可獲得代表當前filter配置信息的FilterConfig對象。
4.2、Filter的銷燬
Web容器調用destroy方法銷燬Filter。destroy方法在Filter的生命週期中僅執行一次。在destroy方法中,可以釋放過濾器使用的資源。
4.3、FilterConfig接口
用戶在配置filter時,可以使用爲filter配置一些初始化參數,當web容器實例化Filter對象,調用其init方法時,會把封裝了filter初始化參數的filterConfig對象傳遞進來。因此開發人員在編寫filter時,通過filterConfig對象的方法,就可獲得:
String getFilterName():得到filter的名稱。
String getInitParameter(String name): 返回在部署描述中指定名稱的初始化參數的值。如果不存在返回null.
Enumeration getInitParameterNames():返回過濾器的所有初始化參數的名字的枚舉集合。
public ServletContext getServletContext():返回Servlet上下文對象的引用。