1、過濾器介紹:
在Servlet規範2.3中定義了過濾器,它能夠對Servlet容器的請求和響應對象進行檢查和修改。
Servlet過濾器本身並不生成請求和響應對象,只是提供過濾功能。
Servlet過濾器能夠在Servlet被調用之前檢查Request對象,並修改Request Header和Request內容;
在Servlet被調用之後檢查Response對象,修改Response Header和Response的內容。
Servlet過濾器可以過濾的Web組件包括Servlet,JSP和HTML等文件。
Filter類似於IO中的過濾流,實現也類似於Servlet。
2、Filter接口:
所有的Servlet過濾器都必須實現javax.servlet.Filter接口,並實現該接口中的三個方法:
1.init(FilterConfig filterConfig)Servlet過濾器的初始化方法,Servlet容器創建Servlet過濾器實例後將調用該方法。該方法將讀取web.xml文件中Servlet過濾器的初始化參數。
2.doFilter(ServletRequest request, ServletResponse response, FilterChain chain)該方法完成實際的過濾操作,當客戶端請求方法與過濾器設置匹配的URL時,Servlet容器將先調用過濾器的doFilter方法。FilterChain用戶訪問後續過濾器。這裏的ServletRequest和ServletResponse一般需要轉換成具體的Servlet實現對於的對象,如:HttpServletRequest和HttpServletResponse。
3.destroy()Servlet容器在銷燬過濾器實例前調用該方法,在該方法中釋放Servlet過濾器佔用的資源。
public interface Filter
A filter is an object that performs filtering tasks on either the request to a resource (a servlet or static content), or on the response from a resource, or both.
Filters perform filtering in the doFilter method. Every Filter has access to a FilterConfig object from which it can obtain its initialization parameters, a reference to the ServletContext which it can use, for example, to load resources needed for filtering tasks.
Filters are configured in the deployment descriptor of a web application
Examples that have been identified for this design are
1) Authentication Filters
2) Logging and Auditing Filters
3) Image conversion Filters
4) Data compression Filters
5) Encryption Filters
6) Tokenizing Filters
7) Filters that trigger resource access events
8) XSL/T filters
9) Mime-type chain Filter
public interface FilterChain
A FilterChain is an object provided by the servlet container to the developer giving a view into the invocation chain of a filtered request for a resource. Filters use the FilterChain to invoke the next filter in the chain, or if the calling filter is the last filter in the chain, to invoke the resource at the end of the chain.
2.1、FilterConfig的使用:
Filter的init方法中提供了一個FilterConfig對象,提供相關的操作:
如獲取Filter中配置的初始化參數:
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.itzhai.login.LoginFilter</filter-class>
<init-param>
<param-name>username</param-name>
<param-value>arthinking</param-value>
</init-param>
</filter>
在init方法中獲取:
@Override
public void init(FilterConfig filterConfig) throws ServletException {
//獲取Filter初始化參數
String username = filterConfig.getInitParameter("username");
}
2.2、在Filter中訪問application:
ServletContext context = filterConfig.getServletContext();
也可以在doFilter方法中根據轉換好的request獲取:
HttpServletRequest req = (HttpServletRequest)request;
ServletContext context = req.getSession().getServletContext();
3、一個簡單過濾器的實現:
編寫Filter過濾器:
public class LoginFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("init LoginFilter");
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
//把ServletRequest和ServletResponse轉換成真正的類型
HttpServletRequest req = (HttpServletRequest)request;
HttpSession session = req.getSession();
//由於web.xml中設置Filter過濾全部請求,可以排除不需要過濾的url
String requestURI = req.getRequestURI();
if(requestURI.endsWith("login.jsp")){
chain.doFilter(request, response);
return;
}
//判斷用戶是否登錄,進行頁面的處理
if(null == session.getAttribute("user")){
//未登錄用戶,重定向到登錄頁面
((HttpServletResponse)response).sendRedirect("login.jsp");
return;
} else {
//已登錄用戶,允許訪問
chain.doFilter(request, response);
}
}
@Override
public void destroy() {
System.out.println("destroy!!!");
}
}
在web.xml中配置Filter:
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.itzhai.login.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
注意:一般Filter配置在所有的Servlet之前。
4、過濾敏感詞彙的Filter簡單實現:
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
//轉換成實例的請求和響應對象
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse resp = (HttpServletResponse)response;
//獲取評論並屏蔽關鍵字
String comment = req.getParameter("comment");
comment = comment.replace("A", "***");
//重新設置參數
req.setAttribute("comment", comment);
//繼續執行
chain.doFilter(request, response);
}
5、Filter的執行順序
Filter的執行順序與在web.xml配置文件中的配置順序一致,一般把Filter配置在所有的Servlet之前。