Java過濾器的應用
過濾器的應用:
1、安全登陸
2、自動登陸
3、敏感詞過濾
<!-- 在此省略登錄-->
1、安全登陸
配置一個Filter
用的是類實現 implements Filter
主要覆蓋方法
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain Chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp=(HttpServletResponse)response;
if(req.getSession().getAttribute("name") == null){
//踢到登錄頁面
resp.sendRedirect(req.getContextPath()+"/jsps/login.jsp");
}else{
//放行到要去的地方
Chain.doFilter(request, response);
}
}
web.xml中的配置信息手動添加:
<filter>
<filter-name>loginFilter</filter-name>
<filter-class>cn.hncu.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<!-- 要攔截的-->
<url-pattern>/buy/*</url-pattern>
<url-pattern>/jsps/buy/*</url-pattern>
<url-pattern>/jsps/safe/*</url-pattern>
</filter-mapping>
2、自動登陸
login.jsp:選擇是否自動登錄
<h2>自動登錄</h2>
<c:if test="${ !empty error }">
${error} <br/>
<c:remove var="error" scope="session"/>
</c:if>
<c:if test="${ !empty sessionScope.name }">
歡迎${name }
<a href="#">頁面1</a>
<a href="#">頁面2</a>
<a href="<c:url value='/CanceAutoLoginServlet'/>">取消自動登錄</a>
</c:if>
<c:if test="${empty sessionScope.name }">
<form action="<c:url value='/LoginServlet' />" method="post">
用戶名:<input type="text" name="name"><br>
密碼:<input
type="password" name="pwd"><br>
自動登錄: <input type="radio" name="time" value="0">
不自動登錄 <input type="radio" name="time" value="1"> 一天
<input type="radio" name="time" value="7" checked="checked"> 一週<br>
<input type="submit" value="登錄">
</form>
</c:if>
主要的過濾器: AutoLogin implements Filter
@Override
public void doFilter(ServletRequest request,
ServletResponse response, FilterChain Chain)
throws IOException, ServletException {
HttpServletRequest req =(HttpServletRequest)request ;
HttpServletResponse resp=(HttpServletResponse)response;
//拿Cookie
if(req.getSession().getAttribute("name")==null){//表示沒有登錄,嘗試幫助進行自動登錄
//從cookie中讀取,之前寫入的autoLogin
Cookie cs[]=req.getCookies();
if(cs!=null){
for(Cookie c:cs){
if(c.getName().equals("autoLogin")){
System.out.println("找到自動登陸的cookie");
String val = c.getValue();
String vals[]= val.split("@#");
vals[0] =URLDecoder.decode(vals[0],"utf-8");//name
vals[1] =URLDecoder.decode(vals[1],"utf-8");//pwd
if (vals[0] != null && vals[0].startsWith("hncu") && vals[1] != null
&& vals[1].length() > 3) {
req.getSession().setAttribute("name", vals[0]);
break;
}
}
}
}
}
Chain.doFilter(request, response);
}
取消自動登錄:
刪除cookie
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//刪除autologin 的cookie
//名字一樣,路徑一樣
Cookie coo = new Cookie("autoLogin","");
coo.setPath(request.getContextPath());
//生存時間爲0,即是刪除
coo.setMaxAge(0);
response.addCookie(coo);
//session的東西還在,要關掉瀏覽器
response.sendRedirect(request.getContextPath()+ "/index.jsp");
}
黑名單技術:BlackistLogin implements Filter
private HashSet<String> blackSet = new HashSet<String>();
@Override
public void init(FilterConfig paramFilterConfig) throws ServletException {
// 按理從數據庫讀取黑名單
blackSet.add("黑名單IP");//127.0.0.1
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain Chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
// 拿ip
String ip = req.getRemoteAddr();
if (blackSet.contains(ip)) {
resp.setContentType("text/html;charset=utf-8");
resp.getWriter().println("你已經被列入黑名單");
} else {
Chain.doFilter(request, response);
}
}
3、敏感詞過濾
先寫個對話框:
<h2>敏感詞過濾</h2>
<form action="<c:url value='/NoteServlet' />" method="post">
姓名:<input type="text" name="name"><br>
留言:<textarea name="note" cols="20" rows="10" >
</textarea>
<br>
<input type="submit" value="提交">
</form>
<a href="jsps/addWord.jsp">添加敏感詞庫</a>
寫過濾器:WordFilter implements Filter
@Override
public void doFilter(ServletRequest request,
ServletResponse response, FilterChain Chain)
throws IOException, ServletException {
HttpServletRequest req=(HttpServletRequest)request;
MyRequest request2= new MyRequest(req);
Chain.doFilter(request2, response);
}
//內部類
class MyRequest extends HttpServletRequestWrapper{
//構造
public MyRequest(HttpServletRequest request) {
super(request);
}
//alt+shift +s +v 攔截哪個改哪個
@Override
public String getParameter(String name) {
//調用父類的,或者自己寫一個再調父類
String val = super.getParameter(name);
System.out.println("原來的信息:"+val);
List<String> list= WordUtils.getWords();
//遍歷所有的敏感詞
for(String w : list){
val=val.replaceAll(w, "**");
}
return val;
}
寫敏感詞庫:
public class WordUtils {
//單例的敏感詞庫(內存中)
private static List<String> list = new ArrayList<String>();
static{
//按理應該去數據庫表格中,獲取敏感詞
list.add("習大大");
list.add("罵人的話");
}
public static List<String> getWords(){
return list;
}
public static void reBuild(List<String> list ){
WordUtils.list=list;
//存數據庫
}
public static void add(String word){
list.add(word);
}