Servle過濾器詳解
-
Servlet過濾器的基本原理:
在Servlet作爲過濾器使用時,它可以對客戶的請求進行處理。處理完成後,它會交給下一個過濾器處理,這樣,客戶的請求在過濾鏈裏逐個處理,直到請求發送到目標爲止。例如,實現用戶操作的某個功能,得過濾當前非登錄用戶的操作,還得過濾處理編碼方式,一般是先處理統一編碼方式,這兩項工作可以在由兩個過濾器組成的過濾鏈裏進行處理,過濾鏈顧名思義就是多個過濾器順序執行,執行完過濾編碼方式後執行非登錄過濾。當過濾鏈處理成功後,把提交的數據發送到最終目標;如果過濾器處理不成功,將把視圖派發到指定的錯誤頁面。
-
過濾器生命週期的四個階段:
2、初始化:實例化完成之後,馬上進行初始化工作。Web容器回調init()方法。
3、過濾:請求路徑匹配過濾器的URL映射時。Web容器回調doFilter()方法——主要的工作方法。
4、銷燬: Web容器在卸載Web應用程序前,Web容器回調destroy()方法。
-
Servlet過濾器開發步驟:
2、過濾器的xml配置。
-
Filter接口:
public void init(FilterConfig config) throws ServletException;//初始化
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,ServletException;//過濾
public void destroy();//銷燬
-
FilterConfig接口:
public String getFilterName();//獲取過濾器名
public ServletContext getServletContext();//獲取servlet上下文
public String getInitParameter(String name);//獲取參數值
public Enumeration getInitParameterNames();//獲取參數值組
-
FilterChain接口:
此接口用於調用過濾鏈中的下一個過濾器,如果不調用此方法,之後的過濾器就不會有效。
-
字符集過濾器、Session過濾器、資源過濾器詳細代碼:
SetCharacterEncodingFilter.java:
- package com.tjcyjd.filter;
- import java.io.IOException;
- import javax.servlet.Filter;
- import javax.servlet.FilterChain;
- import javax.servlet.FilterConfig;
- import javax.servlet.ServletException;
- import javax.servlet.ServletRequest;
- import javax.servlet.ServletResponse;
- /**
- * 字符集編碼過濾器
- *
- * @author yjd
- *
- */
- public class SetCharacterEncodingFilter implements Filter {
- public SetCharacterEncodingFilter() {
- System.out.println("回調字符集過濾器的無參構造方法!");
- }
- private String charset; // 編碼方式
- private boolean flag; // 標識是否啓用過濾器
- public void destroy() {
- // 銷燬過濾器
- System.out.println("銷燬字符集過濾器!");
- }
- public void doFilter(ServletRequest request, ServletResponse response,
- FilterChain chain) throws IOException, ServletException {
- if (flag && null != charset) { // 過濾器設爲啓用且字符編碼不爲空
- // 設置編碼方式
- request.setCharacterEncoding(charset);
- response.setCharacterEncoding(charset);
- System.out.println("成功使用了字符集過濾器");
- } else {
- System.out.println("沒有啓用字符集過濾器");
- }
- chain.doFilter(request, response);
- }
- public void init(FilterConfig config) throws ServletException {
- // 初始化過濾器
- this.charset = config.getInitParameter("charset");
- this.flag = "true".equals(config.getInitParameter("flag"));
- System.out.println("設置的字符集編碼方式爲:" + charset + " 是否啓用:" + flag);
- }
- }
- package com.tjcyjd.filter;
- import java.io.IOException;
- import javax.servlet.Filter;
- import javax.servlet.FilterChain;
- import javax.servlet.FilterConfig;
- import javax.servlet.ServletException;
- import javax.servlet.ServletRequest;
- import javax.servlet.ServletResponse;
- /**
- * session過濾器
- *
- * @author yjd
- *
- */
- public class SessionFilter implements Filter {
- public SessionFilter() {
- System.out.println("回調Session過濾器的無參構造方法!");
- }
- private boolean flag; // 標識是否啓用過濾器
- public void destroy() {
- // 銷燬過濾器
- System.out.println("銷燬Session過濾器!");
- }
- public void doFilter(ServletRequest request, ServletResponse response,
- FilterChain chain) throws IOException, ServletException {
- if (flag) { // 過濾器設爲啓用
- System.out.println("成功使用了Session過濾器");
- } else {
- System.out.println("沒有啓用Session過濾器");
- }
- chain.doFilter(request, response);
- }
- public void init(FilterConfig config) throws ServletException {
- // 初始化過濾器
- this.flag = "true".equals(config.getInitParameter("flag"));
- System.out.println("設置Session過濾器是否啓用:" + flag);
- }
- }
ResourceFilter.java:
- package com.tjcyjd.filter;
- import java.io.IOException;
- import javax.servlet.Filter;
- import javax.servlet.FilterChain;
- import javax.servlet.FilterConfig;
- import javax.servlet.ServletException;
- import javax.servlet.ServletRequest;
- import javax.servlet.ServletResponse;
- /**
- * Resource過濾器
- *
- * @author yjd
- *
- */
- public class ResourceFilter implements Filter {
- public ResourceFilter() {
- System.out.println("回調Resource過濾器的無參構造方法!");
- }
- private boolean flag; // 標識是否啓用過濾器
- public void destroy() {
- // 銷燬過濾器
- System.out.println("銷燬Resource過濾器!");
- }
- public void doFilter(ServletRequest request, ServletResponse response,
- FilterChain chain) throws IOException, ServletException {
- if (flag) { // 過濾器設爲啓用
- System.out.println("成功使用了Resource過濾器");
- } else {
- System.out.println("沒有啓用Resource過濾器");
- }
- chain.doFilter(request, response);
- }
- public void init(FilterConfig config) throws ServletException {
- // 初始化過濾器
- this.flag = "true".equals(config.getInitParameter("flag"));
- System.out.println("設置Resource過濾器是否啓用:" + flag);
- }
- }
- package com.tjcyjd.controller;
- import java.io.IOException;
- import java.io.PrintWriter;
- import javax.servlet.ServletException;
- import javax.servlet.http.HttpServlet;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- public class FilterTest extends HttpServlet {
- private static final long serialVersionUID = -4431292272342933498L;
- public void doPost(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- response.setContentType("text/html");
- PrintWriter out = response.getWriter();
- out.println("你看行不行??");
- out.flush();
- out.close();
- }
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- doPost(request, response);
- }
- }
配置文件web.xml:
- <?xml version="1.0" encoding="UTF-8"?>
- <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
- http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
- <!-- 配置字符集過濾器-->
- <filter>
- <filter-name>myCharsetFilter</filter-name>
- <filter-class>com.tjcyjd.filter.SetCharacterEncodingFilter</filter-class>
- <init-param>
- <param-name>charset</param-name>
- <param-value>UTF-8</param-value>
- </init-param>
- <init-param>
- <param-name>flag</param-name>
- <param-value>true</param-value>
- </init-param>
- </filter>
- <!-- 配置session過濾器-->
- <filter>
- <filter-name>mySessionFilter</filter-name>
- <filter-class>com.tjcyjd.filter.SessionFilter</filter-class>
- <init-param>
- <param-name>flag</param-name>
- <param-value>true</param-value>
- </init-param>
- </filter>
- <!-- 配置resource過濾器-->
- <filter>
- <filter-name>myResourceFilter</filter-name>
- <filter-class>com.tjcyjd.filter.ResourceFilter</filter-class>
- <init-param>
- <param-name>flag</param-name>
- <param-value>true</param-value>
- </init-param>
- </filter>
- <!-- 過濾器映射文件-->
- <filter-mapping>
- <filter-name>myCharsetFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <filter-mapping>
- <filter-name>mySessionFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <filter-mapping>
- <filter-name>myResourceFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <welcome-file-list>
- <welcome-file>index.jsp</welcome-file>
- </welcome-file-list>
- <!-- 配置servlet-->
- <servlet>
- <servlet-name>filterTest</servlet-name>
- <servlet-class>com.tjcyjd.controller.FilterTest</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>filterTest</servlet-name>
- <url-pattern>/test</url-pattern>
- </servlet-mapping>
- </web-app>
部署項目啓動後,控制檯打印的信息:
- 回調Session過濾器的無參構造方法!
- 設置Session過濾器是否啓用:true
- 回調Resource過濾器的無參構造方法!
- 設置Resource過濾器是否啓用:true
- 回調字符集過濾器的無參構造方法!
- 設置的字符集編碼方式爲:UTF-8 是否啓用:true
- 成功使用了字符集過濾器
- 成功使用了Session過濾器
- 成功使用了Resource過濾器
停止服務器控制檯信息如下:
- 銷燬Session過濾器!
- 銷燬Resource過濾器!
- 銷燬字符集過濾器!
從上面看出,init()和destroy()方法是和過濾器映射逆序執行的,估計類似棧吧,先把所有的過濾器放到棧裏,先進後出,這樣的理解不知道對不對。
-
五個常用過濾器(轉):
此接口用於調用過濾鏈中的下一個過濾器,如果不調用此方法,之後的過濾器就不會有效。
1、使用瀏覽器不緩存頁面的過濾器:
ForceNoCacheFilter.java
- package filter;
- import javax.servlet.*;
- import javax.servlet.http.HttpServletResponse;
- import java.io.IOException;
- /**
- * 用於的使 Browser 不緩存頁面的過濾器
- */
- public class ForceNoCacheFilter implements Filter {
- public void doFilter(ServletRequest request, ServletResponse response,
- FilterChain filterChain) throws IOException, ServletException {
- ((HttpServletResponse) response).setHeader("Cache-Control", "no-cache");
- ((HttpServletResponse) response).setHeader("Pragma", "no-cache");
- ((HttpServletResponse) response).setDateHeader("Expires", -1);
- filterChain.doFilter(request, response);
- }
- public void destroy() {
- }
- public void init(FilterConfig filterConfig) throws ServletException {
- }
- }
2、檢查用戶是否登錄的過濾器:
CheckLoginFilter.java
- package filter;
- import java.io.IOException;
- import java.util.ArrayList;
- import java.util.List;
- import java.util.StringTokenizer;
- import javax.servlet.Filter;
- import javax.servlet.FilterChain;
- import javax.servlet.FilterConfig;
- import javax.servlet.ServletException;
- import javax.servlet.ServletRequest;
- import javax.servlet.ServletResponse;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import javax.servlet.http.HttpSession;
- /**
- * 用於檢測用戶是否登陸的過濾器,如果未登錄,則重定向到指的登錄頁面
- *
- *
- * 配置參數
- *
- *
- * checkSessionKey 需檢查的在 Session 中保存的關鍵字
- *
- * redirectURL 如果用戶未登錄,則重定向到指定的頁面,URL不包括 ContextPath
- *
- * notCheckURLList 不做檢查的URL列表,以分號分開,並且 URL 中不包括 ContextPath
- *
- */
- public class CheckLoginFilter implements Filter {
- protected FilterConfig filterConfig = null;
- private String redirectURL = null;
- private List notCheckURLList = new ArrayList();
- private String sessionKey = null;
- public void doFilter(ServletRequest servletRequest,
- ServletResponse servletResponse, FilterChain filterChain)
- throws IOException, ServletException {
- HttpServletRequest request = (HttpServletRequest) servletRequest;
- HttpServletResponse response = (HttpServletResponse) servletResponse;
- HttpSession session = request.getSession();
- if (sessionKey == null) {
- filterChain.doFilter(request, response);
- return;
- }
- if ((!checkRequestURIIntNotFilterList(request))
- && session.getAttribute(sessionKey) == null) {
- response.sendRedirect(request.getContextPath() + redirectURL);
- return;
- }
- filterChain.doFilter(servletRequest, servletResponse);
- }
- public void destroy() {
- notCheckURLList.clear();
- }
- private boolean checkRequestURIIntNotFilterList(HttpServletRequest request) {
- String uri = request.getServletPath()
- + (request.getPathInfo() == null ? "" : request.getPathInfo());
- return notCheckURLList.contains(uri);
- }
- public void init(FilterConfig filterConfig) throws ServletException {
- this.filterConfig = filterConfig;
- redirectURL = filterConfig.getInitParameter("redirectURL");
- sessionKey = filterConfig.getInitParameter("checkSessionKey");
- String notCheckURLListStr = filterConfig
- .getInitParameter("notCheckURLList");
- if (notCheckURLListStr != null) {
- StringTokenizer st = new StringTokenizer(notCheckURLListStr, ";");
- notCheckURLList.clear();
- while (st.hasMoreTokens()) {
- notCheckURLList.add(st.nextToken());
- }
- }
- }
- }
3、字符集編碼過濾器:
CharacterEncodingFilter.java
- package filter;
- import javax.servlet.*;
- import java.io.IOException;
- /**
- * 用於設置 HTTP 請求字符編碼的過濾器,通過過濾器參數encoding指明使用何種字符編碼,用於處理Html Form請求參數的中文問題
- */
- public class CharacterEncodingFilter implements Filter {
- protected FilterConfig filterConfig = null;
- protected String encoding = "";
- public void doFilter(ServletRequest servletRequest,
- ServletResponse servletResponse, FilterChain filterChain)
- throws IOException, ServletException {
- if (encoding != null)
- servletRequest.setCharacterEncoding(encoding);
- filterChain.doFilter(servletRequest, servletResponse);
- }
- public void destroy() {
- filterConfig = null;
- encoding = null;
- }
- public void init(FilterConfig filterConfig) throws ServletException {
- this.filterConfig = filterConfig;
- this.encoding = filterConfig.getInitParameter("encoding");
- }
- }
4、資源保護過濾器:
SecurityFilter.java
- package filter;
- import javax.servlet.Filter;
- import javax.servlet.FilterConfig;
- import javax.servlet.ServletRequest;
- import javax.servlet.ServletResponse;
- import javax.servlet.FilterChain;
- import javax.servlet.ServletException;
- import javax.servlet.http.HttpServletRequest;
- import java.io.IOException;
- import java.util.Iterator;
- import java.util.Set;
- import java.util.HashSet; //
- /**
- * 資源保護過濾器
- */
- public class SecurityFilter implements Filter {
- // the login page uri
- private static final String LOGIN_PAGE_URI = "login.jsf";
- // a set of restricted resources
- private Set restrictedResources;
- public void init(FilterConfig filterConfig) throws ServletException {
- this.restrictedResources = new HashSet();
- this.restrictedResources.add("/createProduct.jsp");
- this.restrictedResources.add("/editProduct.jsp");
- this.restrictedResources.add("/productList.jsp");
- }
- public void doFilter(ServletRequest req, ServletResponse res,
- FilterChain chain) throws IOException, ServletException {
- String contextPath = ((HttpServletRequest) req).getContextPath();
- String requestUri = ((HttpServletRequest) req).getRequestURI();
- if (this.contains(requestUri, contextPath)
- && !this.authorize((HttpServletRequest) req)) {
- ((HttpServletRequest) req).getRequestDispatcher(LOGIN_PAGE_URI)
- .forward(req, res);
- } else {
- chain.doFilter(req, res);
- }
- }
- public void destroy() {
- }
- private boolean contains(String value, String contextPath) {
- Iterator ite = this.restrictedResources.iterator();
- while (ite.hasNext()) {
- String restrictedResource = (String) ite.next();
- if ((contextPath + restrictedResource).equalsIgnoreCase(value)) {
- return true;
- }
- }
- return false;
- }
- private boolean authorize(HttpServletRequest req) {
- // 處理用戶登錄
- /*
- * UserBean user =
- * (UserBean)req.getSession().getAttribute(BeanNames.USER_BEAN);
- *
- * if (user != null && user.getLoggedIn()) { //user logged in return
- * true; } else { return false; }
- */
- return true;
- }
- }
5、限制用戶瀏覽權限:
RightFilter.java
- package filter;
- import java.io.IOException;
- import javax.servlet.Filter;
- import javax.servlet.FilterChain;
- import javax.servlet.FilterConfig;
- import javax.servlet.ServletException;
- import javax.servlet.ServletRequest;
- import javax.servlet.ServletResponse;
- import javax.servlet.http.HttpServletRequest;
- public class RightFilter implements Filter {
- public void destroy() {
- }
- public void doFilter(ServletRequest sreq, ServletResponse sres,
- FilterChain arg2) throws IOException, ServletException {
- // 獲取uri地址
- HttpServletRequest request = (HttpServletRequest) sreq;
- String uri = request.getRequestURI();
- String ctx = request.getContextPath();
- uri = uri.substring(ctx.length());
- // 判斷admin級別網頁的瀏覽權限
- if (uri.startsWith("/admin")) {
- if (request.getSession().getAttribute("admin") == null) {
- request.setAttribute("message", "您沒有這個權限");
- request.getRequestDispatcher("/login.jsp").forward(sreq, sres);
- return;
- }
- }
- // 判斷manage級別網頁的瀏覽權限
- if (uri.startsWith("/manage")) {
- // 這裏省去
- }
- }
- // 下面還可以添加其他的用戶權限,省去。
- public void init(FilterConfig arg0) throws ServletException {
- }
- }