一、什麼是過濾器
Filter也稱之爲過濾器,它是Servlet技術中最激動人心的技術,WEB開發人員通過Filter技術,對web服務器管理的所有web資源:例如Jsp, Servlet, 靜態圖片文件或靜態 html 文件等進行攔截,從而實現一些特殊的功能。例如實現URL級別的權限訪問控制、過濾敏感詞彙、壓縮響應信息等一些高級功能。
Servlet API中提供了一個Filter接口,開發web應用時,如果編寫的Java類實現了這個接口,則把這個java類稱之爲過濾器Filter。通過Filter技術,開發人員可以實現用戶在訪問某個目標資源之前,對訪問的請求和響應進行攔截。
二、瞭解過濾器
2.1 簡單概念
過濾器就是一個用於在請求之前處理資源的組件
2.2 生命週期
- 隨着服務器啓動而啓動
- 隨着發起請求而過濾
- 隨着服務器的關閉而銷燬
2.3 執行流程
- 瀏覽器發起請求
- 服務器會根據請求,創建request對象和response對象
- 過濾器持有request對象和response對象
- 只有當過濾器放行之後,request對象和response對象纔會傳給Servlet
三、過濾器的開發步驟
- java類實現Filter接口
- 重寫doFilter方法
- 過濾處理
- 過濾處理後,使用FilterChain放行
- 設置需要xml配置或註解配置
package com.mylifes1110.java.filter;
import javax.servlet.*;
import java.io.IOException;
public class FirstFilter implements Filter {
/**
* 過濾器的初始化方法
* 過濾器是隨着服務器的初始化而初始化
*/
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("---Filter初始化---");
}
/**
* 過濾器的處理服務
*/
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
//過濾器處理請求
System.out.println("---Filter處理請求---");
//使用過濾器鏈放行
filterChain.doFilter(servletRequest, servletResponse);
}
/**
* 過濾器的銷燬
* 過濾器的銷燬是隨着服務器的關閉而銷燬
*/
@Override
public void destroy() {
System.out.println("---Filter銷燬---");
}
}
四、過濾器的配置方式
過濾器和Servlet相同有兩種配置方式xml配置和註解配置
注意:由於過濾器的特殊場景應用,比如:使用過濾器來解決中文亂碼問題等等,我們需要xml配置,而註解配置改變不了我們特殊場景的便利
4.1 xml配置
xml配置和Serlvet配置極其相似,感覺就是把Servlet換成了Filter,下面展示了兩個Filter的xml配置
<!--聲明FirstFilter過濾器-->
<filter>
<!--名稱-->
<filter-name>FirstFilter</filter-name>
<!--過濾器類全稱-->
<filter-class>com.mylifes1110.java.filter.FirstFilter</filter-class>
</filter>
<!--映射路徑配置-->
<filter-mapping>
<!--名稱-->
<filter-name>FirstFilter</filter-name>
<!--/*代表過濾所有資源-->
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>FirstFilter1</filter-name>
<filter-class>com.mylifes1110.java.filter.FirstFilter1</filter-class>
</filter>
<filter-mapping>
<filter-name>FirstFilter1</filter-name>
<!--根據路徑只過濾這個Servlet-->
<!-- <url-pattern>/tff</url-pattern>-->
<!--根據Servlet名稱只過濾這個Serlvet-->
<servlet-name>TestFirstFilterServlet</servlet-name>
</filter-mapping>
4.2 註解配置
在自定義的Filter類上使用註解@WebFilter即可
- filterName表示Filter名稱
- value或urlPatterns表示需要過濾的Servlet路徑
- initParams表示初始化參數
package com.mylifes1110.java.filter;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.annotation.WebInitParam;
import java.io.IOException;
import java.util.Enumeration;
/**
* 註解配置
* 注意:value和urlPatterns是相同作用
* IDEA爲了一部分人的編碼習慣加了value
*/
@WebFilter(filterName = "AnnotationFilter", value = "/*",initParams = {
@WebInitParam(name = "username", value = "join"),
@WebInitParam(name = "password", value = "123456")})
public class AnnotationFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
System.out.println("AnnotationFilterAnnotationFilterAnnotationFilterAnnotationFilterAnnotationFilter");
chain.doFilter(req, resp);
}
public void init(FilterConfig config) throws ServletException {
}
}
}
五、IDEA快速創建Filter過濾器
在創建Servlet的時候IDEA爲我們提供了快速創建Servlet的方法,同樣,過濾器的創建也提供了快捷的創建方法
創建結果如下:
六、過濾器鏈與優先級問題
6.1 什麼是過濾器鏈
通常客戶端對服務器請求之後,服務器調用Servlet之前會執行一組過濾器(多個過濾器),那麼這組過濾器就稱爲一條過濾器鏈。
每個過濾器實現某個特定的功能,一個過濾器檢測多個Servlet。(匹配幾個,檢測幾個)。
一組過濾器中的執行順序與的配置順序有關。
當第一個Filter的doFilter方法被調用時,web服務器會創建一個代表Filter鏈的FilterChain對象傳遞給該方法。在doFilter方法中,開發人員如果調用了FilterChain對象的doFilter方法,則web服務器會檢查FilterChain對象中是否還有filter,如果有,則調用第2個filter,如果沒有,則調用目標資源
6.2 過濾器的優先級
在一個web應用中,可以開發編寫多個Filter,這些Filter組合起來稱之爲一個Filter鏈。web服務器根據Filter在web.xml文件中的註冊順序,決定先調用哪個Filter。當第一個Filter的doFilter方法被調用時,web服務器會創建一個代表Filter鏈的FilterChain對象傳遞給該方法。在doFilter方法中,開發人員如果調用了FilterChain對象的doFilter方法,則web服務器會檢查FilterChain對象中是否還有filter,如果有,則調用第2個filter,如果沒有,則調用目標資源
在xml配置中,過濾器的優先級是根據filter-mapping註冊順序,從上往下執行
在註解中,過濾器是按照類名的字典順序執行的。如果不同包的Filter類,先按照包名的字典順序尋找Filter,分包後再按照類名字典順序執行
七、過濾器的初始化參數問題
7.1 xml配置初始化參數及獲取(推薦)
xml配置信息如下:
<filter>
<filter-name>GetFilterConfigFilter</filter-name>
<filter-class>com.mylifes1110.java.filter.GetFilterConfigFilter</filter-class>
<init-param>
<param-name>username</param-name>
<param-value>ziph</param-value>
</init-param>
<init-param>
<param-name>password</param-name>
<param-value>123456</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>GetFilterConfigFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Filter獲取初始化參數代碼如下:
package com.mylifes1110.java.filter;
import javax.servlet.*;
import java.io.IOException;
import java.util.Enumeration;
public class GetFilterConfigFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
/**
* 獲取指定初始化參數
*/
String name = filterConfig.getInitParameter("name");
System.out.println(name);
/**
* 獲取全部初始化參數
*/
Enumeration<String> initParameterNames = filterConfig.getInitParameterNames();
while (initParameterNames.hasMoreElements()) {
//獲取初始化參數名稱
String parameterNames = initParameterNames.nextElement();
//獲取初始化參數值
String parameterValues = filterConfig.getInitParameter(parameterNames);
System.out.println("name : " + parameterNames + "\t" + "value : " + parameterValues);
}
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("GetFilterConfigFilter");
filterChain.doFilter(servletRequest, servletResponse);
}
@Override
public void destroy() {
}
}
7.2 註解配置初始化參數及獲取
註解配置及獲取代碼如下:
package com.mylifes1110.java.filter;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.annotation.WebInitParam;
import java.io.IOException;
import java.util.Enumeration;
/**
* 註解配置
* 注意:value和urlPatterns是相同作用
* IDEA爲了一部分人的編碼習慣加了value
*/
@WebFilter(filterName = "AnnotationFilter", value = "/*",initParams = {
@WebInitParam(name = "username", value = "join"),
@WebInitParam(name = "password", value = "123456")})
public class AnnotationFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
System.out.println("AnnotationFilter");
chain.doFilter(req, resp);
}
public void init(FilterConfig config) throws ServletException {
Enumeration<String> initParameterNames = config.getInitParameterNames();
while (initParameterNames.hasMoreElements()) {
String parameterNames = initParameterNames.nextElement();
String parameterValues = config.getInitParameter(parameterNames);
System.out.println("name : " + parameterNames + "\t" + "value : " + parameterValues);
}
}
}
八、通用Filter解決多個Serlvet亂碼問題
當我們在Servlet中有亂碼問題,需要做解決亂碼問題的處理。如果有100個Servlet,我們需要書寫100次處理操作。我們學了Filter,知道Filter是Servlet中間做過濾的,那就可以去改進Filter通用於解決所有Servlet的亂碼問題!
思路分析:
- xml配置Filter過濾器URL爲/*(過濾所有Serlvet)
- xml配置初始化參數名爲encoding,參數值爲utf-8
- 在Filter中聲明一個字符串對象encoding,以便接收初始化參數值(utf-8)
- 在init方法中獲取設置好的初始化參數值config.getInitParameter(“encoding”);
- 在doFilter方法中,利用encoding解決亂碼問題,並放行
xml配置信息如下:
<!--EncodingFilter-->
<filter>
<filter-name>EncodingFilter</filter-name>
<filter-class>com.mylifes1110.java.filter.EncodingFilter</filter-class>
<!--爲過濾器配置編碼字符集默認初始化參數-->
<init-param>
<param-name>encoding</param-name>
<param-value>utf-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>EncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
編碼通用Filter代碼如下:
package com.mylifes1110.java.filter;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import java.io.IOException;
public class EncodingFilter implements Filter {
private String encoding = null;
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
/**
* 在放行之前處理響應和請求中文亂碼問題
*/
resp.setContentType("text/html;charset=utf-8");
req.setCharacterEncoding(encoding);
chain.doFilter(req, resp);
}
public void init(FilterConfig config) throws ServletException {
/**
* 獲取xml中設置好的編碼參數
*/
encoding = config.getInitParameter("encoding");
}
}
九、自動登錄綜合案例
實現步驟: 登錄賬號後,根據自己勾選的自動登錄選項框來判斷是否開啓自動登錄功能。我們需要判斷是否訪問了登錄資源。如果是,執行放行;如果不是,判斷該賬號是否在登陸狀態。如果是在登陸狀態,直接放行;沒有在登陸狀態,需要從Cookie中取出存儲的用戶信息(賬號、密碼),進行登陸操作。如果登錄成功,直接放行;如果登錄失敗(中途修改過密碼),就利用請求轉發或者重定向跳轉到登錄頁面
login.html登錄頁面
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>登錄頁面</title>
</head>
<body>
<form action="/firstfilter/login" method="post">
賬號:<input type="text" name="username"><br>
密碼:<input type="password" name="password"><br>
自動登錄 <input type="checkbox" name="autoLogin" value="autoLogin"><br>
<button type="submit">登錄</button>
</form>
</body>
</html>
LoginServlet登錄處理
package com.mylifes1110.java.demo.servlet;
import com.mylifes1110.java.demo.entity.User;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* 登錄處理
*/
@WebServlet(name = "LoginServlet", value = "/login")
public class LoginServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
/**
* 1.獲取請求參數賬號和密碼
* 2.對帳號和密碼進行校驗(成功,則判斷是否獲取的到自動登錄參數,是的話講賬號、密碼存儲在Cookie中)
* 3.封裝成對象存儲在Session中
* 4.轉發至展示頁面
*/
String username = request.getParameter("username");
String password = request.getParameter("password");
if ("ziph".equals(username) && "123456".equals(password)) {
String autoLogin = request.getParameter("autoLogin");
if ("autoLogin".equals(autoLogin)) {
Cookie cookie = new Cookie("autoLogin", username + "-" + password);
cookie.setMaxAge(60 * 60 * 24 * 7);
response.addCookie(cookie);
}
User user = new User();
user.setUsername(username);
user.setPassword(password);
request.getSession().setAttribute("user", user);
request.getRequestDispatcher("/show").forward(request, response);
} else {
/**
* 登錄失敗轉發至登錄頁面
*/
request.getRequestDispatcher("/login.html").forward(request, response);
}
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request, response);
}
}
AutoLoginFilter實現自動登錄的過濾器
package com.mylifes1110.java.demo.filter;
import com.mylifes1110.java.demo.entity.User;
import com.mylifes1110.java.demo.utils.CookieUtils;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
/**
* 實現自動登錄的過濾器
*/
@WebFilter(filterName = "AutoLoginFilter", value = "/*")
public class AutoLoginFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
HttpServletRequest request = (HttpServletRequest) req;
//獲取請求路徑
String requestURI = request.getRequestURI();
//判斷請求路徑是否與登錄資源相關
if (requestURI.contains("login")) {
//請求是與登錄相關資源
chain.doFilter(request, resp);
} else {
/**
* 請求的不是與登錄的相關資源
*/
User user = (User) request.getSession().getAttribute("user");
/**
* 判斷登錄狀態
*/
if (user == null) {
Cookie cookie = CookieUtils.getCookie(request.getCookies(), "autoLogin");
//cookie爲空(被清理的緩存)
if (cookie == null) {
//cookie被清理了,自動登錄失敗,請求轉發至登錄頁面
request.getRequestDispatcher("/login.html").forward(request, resp);
} else {
//有cookie進行自動登錄操作
//獲取賬號信息,拼接好的字符串ziph-123456b,並進行拆分
String cookieValue = cookie.getValue();
String[] split = cookieValue.split("-");
String username = split[0];
String password = split[1];
if ("ziph".equals(username) && "123456".equals(password)) {
//自動登錄成功,修改登陸狀態,直接放行
user = new User();
user.setUsername(username);
user.setPassword(password);
request.getSession().setAttribute("user", user);
chain.doFilter(request, resp);
} else {
//自動登陸失敗(修改了密碼),轉發至登錄頁面
request.getRequestDispatcher("/login.html").forward(request, resp);
}
}
} else {
//在登錄狀態直接放行
chain.doFilter(request, resp);
}
}
}
public void init(FilterConfig config) throws ServletException {
}
}
CookieUtils獲取Cookies數組校驗工具類
package com.mylifes1110.java.demo.utils;
import javax.servlet.http.Cookie;
public class CookieUtils {
public static Cookie getCookie(Cookie[] cookies, String cookieName) {
if (cookies != null && cookies.length != 0) {
for (Cookie cookie : cookies) {
if (cookieName.equals(cookie.getName())) {
return cookie;
}
}
}
return null;
}
}
ShowServlet展示登錄結果
package com.mylifes1110.java.demo.servlet;
import com.mylifes1110.java.demo.entity.User;
import com.sun.org.apache.xpath.internal.operations.String;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.nio.Buffer;
/**
* 展示登錄結果
*/
@WebServlet(name = "ShowServlet", value = "/show")
public class ShowServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=utf-8");
request.setCharacterEncoding("utf-8");
User user = (User) request.getSession().getAttribute("user");
StringBuffer buffer = new StringBuffer();
if (user == null) {
buffer.append("對不起,您還沒有登錄!<br><a href='/firstfilter/login.html'>請登錄</a>");
} else {
buffer.append(user.getUsername() + " 主人,您回來啦!");
}
response.getWriter().println(buffer.toString());
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request, response);
}
}
十、過濾敏感詞彙案例(過濾髒詞)
使用Filter過濾髒詞,原理是利用動態代碼模式爲getParaemeter方法增強過濾髒詞的功能在Filter過濾器中過濾後,Servlet獲取過濾後的參數!
xml配置文件配置信息
<filter>
<filter-name>EncodingFilter</filter-name>
<filter-class>com.mylifes1110.java.filtersensitivedemo.filter.EncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>utf-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>EncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>SensitiveWordsFilter</filter-name>
<filter-class>com.mylifes1110.java.filtersensitivedemo.filter.SensitiveWordsFilter</filter-class>
<init-param>
<param-name>word1</param-name>
<param-value>笨蛋</param-value>
</init-param>
<init-param>
<param-name>word2</param-name>
<param-value>扯淡</param-value>
</init-param>
<init-param>
<param-name>word3</param-name>
<param-value>王八蛋</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>SensitiveWordsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
message.html發送消息的主頁面
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>消息頁</title>
</head>
<body>
<form action="/firstfilter/message" method="post">
內容:<input type="text" name="message"><br>
<button type="submit">發送</button><br>
</form>
</body>
</html>
MessageServlet服務器響應過濾後的信息
package com.mylifes1110.java.filtersensitivedemo.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* 髒詞:扯淡、笨蛋、王八蛋
*/
@WebServlet(name = "MessageServlet", value = "/message")
public class MessageServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
/**
* 普通的getParameter不具備處理髒詞的特性
* 我們需要使用getParameter方法獲取處理後的參數(使用過濾器處理髒詞之後的參數)
*/
String message = request.getParameter("message");
response.getWriter().println(message);
//控制檯查看過濾後的情況
System.out.println(message);
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request, response);
}
}
EncodingFilter解決中文亂碼問題的Filter
package com.mylifes1110.java.filtersensitivedemo.filter;
import javax.servlet.*;
import java.io.IOException;
public class EncodingFilter implements Filter {
private String encoding = null;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
encoding = filterConfig.getInitParameter("encoding");
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
servletRequest.setCharacterEncoding(encoding);
servletResponse.setContentType("text/html;charset=utf-8");
filterChain.doFilter(servletRequest, servletResponse);
}
@Override
public void destroy() {
}
}
過濾髒詞的Filter(動態代理增強)
package com.mylifes1110.java.filtersensitivedemo.filter;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
/**
* 髒詞:扯淡、笨蛋、王八蛋
*/
public class SensitiveWordsFilter implements Filter {
//存放髒詞的集合
List<String> sensitiveWords = new ArrayList<>();
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
HttpServletRequest request = (HttpServletRequest) req;
//增強getParameter方法(增加過濾功能)
HttpServletRequest requestProxy = (HttpServletRequest) Proxy.newProxyInstance(
request.getClass().getClassLoader(),
request.getClass().getInterfaces(),
new InvocationHandler() {
@Override
public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
Object returnValues = null;
String methodName = method.getName();
if ("getParameter".equals(methodName)) {
String returnValues1 = (String) method.invoke(request, args);
//開始處理髒詞
for (String sensitiveWord : sensitiveWords) {
if (returnValues1.contains(sensitiveWord)) {
/**
* getParameter方法返回值中有髒詞
* 可以根據髒詞長度返回*號個數
*/
StringBuffer buffer = new StringBuffer();
for (int i = 0; i < sensitiveWord.length(); i++) {
buffer.append("*");
}
returnValues1 = returnValues1.replace(sensitiveWord, buffer);
}
}
return returnValues1;
}
else {
returnValues = method.invoke(request, args);
}
return returnValues;
}
});
/**
* 放行增強的request對象——requestProxy
*/
chain.doFilter(requestProxy, resp);
}
public void init(FilterConfig config) throws ServletException {
/**
* 獲取所有初始化參數(髒詞)
*/
Enumeration<String> initParameterNames = config.getInitParameterNames();
while (initParameterNames.hasMoreElements()) {
String sensitiveWord = config.getInitParameter(initParameterNames.nextElement());
//把所有髒詞加入集合中
sensitiveWords.add(sensitiveWord);
}
}
}
持續更新下一章《Java Web之監聽器》