1. 过滤器 Fillter
1)Servlet过滤器是在Java Servlet规范2.3中定义的,它能够对Servlet容器的请求和响应对象进行检查和修改
2)Servlet过滤器本身并不生成请求和响应对象,它只提供过滤器作用。
3)Servlet过滤器能过在Servlet被调用之前检查Request对象,修改Request Heather和Request内容
4)在Servlet被调用之后检查Response对象,修改Response Header和Response内容。Servlet过滤器负责过滤的Web组件可以是Servlet,JSP或HTML文件
2.Servlet过滤器的过滤过程
3.所有的Servlet过滤器类都必须实现javax.servlet.Filter接口。这个过滤器含有3个过滤器类必须实现的方法:
init()
deFilter()
destory()
4.过滤器链式请求过程(FilterChain)
5. 过滤器实践1
1)创建访问时,检查用户是否登录过滤器
package com.example.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; /** * Servlet Filter implementation class LoginFilter */ @WebFilter("/LoginFilter") public class LoginFilter implements Filter { /** * Default constructor. */ public LoginFilter() { // TODO Auto-generated constructor stub } /** * @see Filter#destroy() */ public void destroy() { // TODO Auto-generated method stub System.out.println("filter ondestory"); } /** * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) */ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { System.out.println("doFilter"); HttpServletRequest r = (HttpServletRequest)request; String requestURI = r.getRequestURI(); if (requestURI.endsWith("login.jsp") || requestURI.endsWith("MyLoginServlet")) { chain.doFilter(request, response); return; } HttpSession session = r.getSession(); if(null == session.getAttribute("user")){ ((HttpServletResponse)response).sendRedirect("login.jsp"); return; }else{ chain.doFilter(request, response); } } /** * @see Filter#init(FilterConfig) */ public void init(FilterConfig fConfig) throws ServletException { // TODO Auto-generated method stub System.out.println("filter init"); } }
如果没有登录,则重定向到login.jsp
2) 在web .xml 中配置filter
<filter> <filter-name>PrivFilter</filter-name> <filter-class>com.example.filter.LoginFilter</filter-class> </filter> <filter-mapping> <filter-name>PrivFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
3) login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> <% String basePath= request.getContextPath() + "/test"; %> <base href='<%=basePath %>'> </head> <body> <form action="MyLoginServlet" method="post"> username <input type="text" name="username"><br> password <input type="password" name="password"><br> 权限: <select name="authority"> <option value="1">common user</option> <option value="2">admin</option> </select> <br> <input type="submit" value="submit" > </form> </body> </html>
4)index.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <%@ page import="com.example.bean.User" %> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <a href="MyQueryServlet">Query</a> <% if(((User)session.getAttribute("user")).getAuthority().equals("2")){ %> <a href="MyUpdateServlet">Update</a> <% } %> </body> </html>
5)创建Servlet, 如MyLoginServlet.java,另外两个Servlet: MyQueryServlet和MyUpdateServlet比较简单,只做简单打印信息。
package com.example.servlet; import java.io.IOException; import javax.servlet.RequestDispatcher; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import com.example.bean.User; /** * Servlet implementation class MyLoginServlet */ @WebServlet("/MyLoginServlet") public class MyLoginServlet extends HttpServlet { private static final long serialVersionUID = 1L; /** * @see HttpServlet#HttpServlet() */ public MyLoginServlet() { super(); // TODO Auto-generated constructor stub } /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request, response); } /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { User user = new User(); HttpSession session = request.getSession(); String username = request.getParameter("username"); String password = request.getParameter("password"); String authority = request.getParameter("authority"); System.out.println("username:" +username + " authority:" + authority); if ("1".equals(authority)) { if ("zhangsan".equals(username) && "123".equals(password)) { setSession(session, username, password, authority); request.getRequestDispatcher("filter/index.jsp?username=" +username +"&authority="+authority).forward(request, response); }else{ failLogin(user,response); } }else if ("2".equals(authority)) { if ("lisi".equals(username) && "456".equals(password)) { setSession(session, username, password, authority); request.getRequestDispatcher("filter/index.jsp?username=" +username +"&authority="+authority).forward(request, response); }else{ failLogin(user,response); } } //登录失败 else{ failLogin(user,response); } } void failLogin(User user, HttpServletResponse response){ /*RequestDispatcher rd = request.getRequestDispatcher("sessionlogin.jsp"); try { rd.forward(request, response); } catch (ServletException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); }*/ try { response.sendRedirect("filter/login.jsp?username=" +user.getUsername() +"&authority="+user.getAuthority()); } catch (IOException e) { // TODO Auto-generated catch block e.printStackTrace(); } } private void setSession(HttpSession session, String username, String password, String authority) { User user = new User(); user.setUsername(username); user.setPassword(password); user.setAuthority(authority); session.setAttribute("user", user); } }