一、統一全站字符編碼
通過配置參數charset指明使用何種字符編碼,以處理Html Form請求參數的中文問題
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
/**
* @ClassName: CharacterEncodingFilter
* @Description: 此過濾器用來解決全站中文亂碼問題
* @author: 孤傲蒼狼
* @date: 2014-8-31 下午11:09:37
*
*/
public class CharacterEncodingFilter implements Filter {
private FilterConfig filterConfig = null;
//設置默認的字符編碼
private String defaultCharset = "UTF-8";
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
String charset = filterConfig.getInitParameter("charset");
if(charset==null){
charset = defaultCharset;
}
request.setCharacterEncoding(charset);
response.setCharacterEncoding(charset);
response.setContentType("text/html;charset="+charset);
MyCharacterEncodingRequest requestWrapper = new MyCharacterEncodingRequest(request);
chain.doFilter(requestWrapper, response);
}
public void init(FilterConfig filterConfig) throws ServletException {
//得到過濾器的初始化配置信息
this.filterConfig = filterConfig;
}
public void destroy() {
}
}
/*
1.實現與被增強對象相同的接口
2、定義一個變量記住被增強對象
3、定義一個構造器,接收被增強對象
4、覆蓋需要增強的方法
5、對於不想增強的方法,直接調用被增強對象(目標對象)的方法
*/
class MyCharacterEncodingRequest extends HttpServletRequestWrapper{
private HttpServletRequest request;
public MyCharacterEncodingRequest(HttpServletRequest request) {
super(request);
this.request = request;
}
/* 重寫getParameter方法
* @see javax.servlet.ServletRequestWrapper#getParameter(java.lang.String)
*/
@Override
public String getParameter(String name) {
try{
//獲取參數的值
String value= this.request.getParameter(name);
if(value==null){
return null;
}
//如果不是以get方式提交數據的,就直接返回獲取到的值
if(!this.request.getMethod().equalsIgnoreCase("get")) {
return value;
}else{
//如果是以get方式提交數據的,就對獲取到的值進行轉碼處理
value = new String(value.getBytes("ISO8859-1"),this.request.getCharacterEncoding());
return value;
}
}catch (Exception e) {
throw new RuntimeException(e);
}
}
}
web.xml文件中的配置如下:
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>me.gacl.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>charset</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
二、禁止瀏覽器緩存所有動態頁面
有3 個HTTP 響應頭字段都可以禁止瀏覽器緩存當前頁面,它們在 Servlet 中的示例代碼如下:
response.setDateHeader("Expires",-1);
response.setHeader("Cache-Control","no-cache");
response.setHeader("Pragma","no-cache");
並不是所有的瀏覽器都能完全支持上面的三個響應頭,因此最好是同時使用上面的三個響應頭。
- Expires數據頭:值爲GMT時間值,爲-1指瀏覽器不要緩存頁面
- Cache-Control響應頭有兩個常用值:
- no-cache指瀏覽器不要緩存當前頁面。
- max-age:xxx指瀏覽器緩存頁面xxx秒。
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* @ClassName: NoCacheFilter
* @Description: 禁止瀏覽器緩存所有動態頁面
* @author: 孤傲蒼狼
* @date: 2014-8-31 下午11:25:40
*
*/
public class NoCacheFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
//把ServletRequest強轉成HttpServletRequest
HttpServletRequest request = (HttpServletRequest) req;
//把ServletResponse強轉成HttpServletResponse
HttpServletResponse response = (HttpServletResponse) resp;
//禁止瀏覽器緩存所有動態頁面
response.setDateHeader("Expires", -1);
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Pragma", "no-cache");
chain.doFilter(request, response);
}
public void init(FilterConfig filterConfig) throws ServletException {
}
public void destroy() {
}
}
web.xml文件中的配置如下:
<filter>
<filter-name>NoCacheFilter</filter-name>
<filter-class>me.gacl.web.filter.NoCacheFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>NoCacheFilter</filter-name>
<!--只攔截Jsp請求-->
<servlet-name>*.jsp</servlet-name>
</filter-mapping>
三、控制瀏覽器緩存頁面中的靜態資源
有些動態頁面中引用了一些圖片或css文件以修飾頁面效果,這些圖片和css文件經常是不變化的,所以爲減輕服務器的壓力,可以使用filter控制瀏覽器緩存這些文件,以提升服務器的性能。
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* @ClassName: CacheFilter
* @Description: 控制緩存的filter
* @author: 孤傲蒼狼
* @date: 2014-9-1 下午9:39:38
*
*/
public class CacheFilter implements Filter {
private FilterConfig filterConfig;
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
//1.獲取用戶想訪問的資源
String uri = request.getRequestURI();
//2.得到用戶想訪問的資源的後綴名
String ext = uri.substring(uri.lastIndexOf(".")+1);
//得到資源需要緩存的時間
String time = filterConfig.getInitParameter(ext);
if(time!=null){
long t = Long.parseLong(time)*3600*1000;
//設置緩存
response.setDateHeader("expires", System.currentTimeMillis() + t);
}
chain.doFilter(request, response);
}
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
}
public void destroy() {
}
}
web.xml文件中的配置如下:
<!-- 配置緩存過濾器 -->
<filter>
<filter-name>CacheFilter</filter-name>
<filter-class>me.gacl.web.filter.CacheFilter</filter-class>
<!-- 配置要緩存的web資源以及緩存時間,以小時爲單位 -->
<init-param>
<param-name>css</param-name>
<param-value>4</param-value>
</init-param>
<init-param>
<param-name>jpg</param-name>
<param-value>1</param-value>
</init-param>
<init-param>
<param-name>js</param-name>
<param-value>4</param-value>
</init-param>
<init-param>
<param-name>png</param-name>
<param-value>4</param-value>
</init-param>
</filter>
<!-- 配置要緩存的web資源的後綴-->
<filter-mapping>
<filter-name>CacheFilter</filter-name>
<url-pattern>*.jpg</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CacheFilter</filter-name>
<url-pattern>*.css</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CacheFilter</filter-name>
<url-pattern>*.js</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CacheFilter</filter-name>
<url-pattern>*.png</url-pattern>
</filter-mapping>
四、實現用戶自動登陸
思路是這樣的:
1、在用戶登陸成功後,發送一個名稱爲user的cookie給客戶端,cookie的值爲用戶名和md5加密後的密碼。
2、編寫一個AutoLoginFilter,這個filter檢查用戶是否帶有名稱爲user的cookie來,如果有,則調用dao查詢cookie的用戶名和密碼是否和數據庫匹配,匹配則向session中存入user對象(即用戶登陸標記),以實現程序完成自動登陸。
核心代碼如下:
處理用戶登錄的控制器:LoginServlet
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import me.gacl.dao.UserDao;
import me.gacl.domain.User;
import me.gacl.util.WebUtils;
public class LoginServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
UserDao dao = new UserDao();
User user = dao.find(username, password);
if(user==null){
request.setAttribute("message", "用戶名或密碼不對!!");
request.getRequestDispatcher("/message.jsp").forward(request, response);
return;
}
request.getSession().setAttribute("user", user);
//發送自動登陸cookie給客戶端瀏覽器進行存儲
sendAutoLoginCookie(request,response,user);
request.getRequestDispatcher("/index.jsp").forward(request, response);
}
/**
* @Method: sendAutoLoginCookie
* @Description: 發送自動登錄cookie給客戶端瀏覽器
* @Anthor:孤傲蒼狼
*
* @param request
* @param response
* @param user
*/
private void sendAutoLoginCookie(HttpServletRequest request, HttpServletResponse response, User user) {
if (request.getParameter("logintime")!=null) {
int logintime = Integer.parseInt(request.getParameter("logintime"));
//創建cookie,cookie的名字是autologin,值是用戶登錄的用戶名和密碼,用戶名和密碼之間使用.進行分割,密碼經過md5加密處理
Cookie cookie = new Cookie("autologin",user.getUsername() + "." + WebUtils.md5(user.getPassword()));
//設置cookie的有效期
cookie.setMaxAge(logintime);
//設置cookie的有效路徑
cookie.setPath(request.getContextPath());
//將cookie寫入到客戶端瀏覽器
response.addCookie(cookie);
}
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
處理用戶自動登錄的過濾器:AutoLoginFilter
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import me.gacl.dao.UserDao;
import me.gacl.domain.User;
import me.gacl.util.WebUtils;
public class AutoLoginFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
//如果已經登錄了,就直接chain.doFilter(request, response)放行
if(request.getSession().getAttribute("user")!=null){
chain.doFilter(request, response);
return;
}
//1.得到用戶帶過來的authlogin的cookie
String value = null;
Cookie cookies[] = request.getCookies();
for(int i=0;cookies!=null && i<cookies.length;i++){
if(cookies[i].getName().equals("autologin")){
value = cookies[i].getValue();
}
}
//2.得到 cookie中的用戶名和密碼
if(value!=null){
String username = value.split("\\.")[0];
String password = value.split("\\.")[1];
//3.調用dao獲取用戶對應的密碼
UserDao dao = new UserDao();
User user = dao.find(username);
String dbpassword = user.getPassword();
//4.檢查用戶帶過來的md5的密碼和數據庫中的密碼是否匹配,如匹配則自動登陸
if(password.equals(WebUtils.md5(dbpassword))){
request.getSession().setAttribute("user", user);
}
}
chain.doFilter(request, response);
}
public void destroy() {
}
public void init(FilterConfig filterConfig) throws ServletException {
}
}
如果想取消自動登錄,那麼可以在用戶註銷時刪除自動登錄cookie,核心代碼如下:
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class CancelAutoLoginServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//移除存儲在session中的user
request.getSession().removeAttribute("user");
//移除自動登錄的cookie
removeAutoLoginCookie(request,response);
//註銷用戶後跳轉到登錄頁面
request.getRequestDispatcher("/login.jsp").forward(request, response);
}
/**
* @Method: removeAutoLoginCookie
* @Description: 刪除自動登錄cookie,
* JavaWeb中刪除cookie的方式就是新創建一個cookie,新創建的cookie與要刪除的cookie同名,
* 設置新創建的cookie的cookie的有效期設置爲0,有效路徑與要刪除的cookie的有效路徑相同
* @Anthor:孤傲蒼狼
*
* @param request
* @param response
*/
private void removeAutoLoginCookie(HttpServletRequest request, HttpServletResponse response) {
//創建一個名字爲autologin的cookie
Cookie cookie = new Cookie("autologin","");
//將cookie的有效期設置爲0,命令瀏覽器刪除該cookie
cookie.setMaxAge(0);
//設置要刪除的cookie的path
cookie.setPath(request.getContextPath());
response.addCookie(cookie);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}