1. Filter:
1). Filter 是什么 ?
①. JavaWEB 的一个重要组件, 可以对发送到 Servlet 的请求进行拦截, 并对响应也进行拦截.
②. Filter 是实现了 Filter 接口的 Java 类.
③. Filter 需要在 web.xml 文件中进行配置和映射.
2). 如何创建一个 Filter, 并把他跑起来
①. 创建一个 Filter 类: 实现 Filter 接口: public class HelloFilter implements Filter
②. 在 web.xml 文件中配置并映射该 Filter. 其中 url-pattern 指定该 Filter 可以拦截哪些资源, 即可以通过哪些 url 访问到该 Filter
<!-- 注册 Filter -->
<filter>
<filter-name>helloFilter</filter-name>
<filter-class>com.atguigu.javaweb.HelloFilter</filter-class>
</filter>
<!-- 映射 Filter -->
<filter-mapping>
<filter-name>helloFilter</filter-name>
<url-pattern>/test.jsp</url-pattern>
</filter-mapping>
3). Filter 相关的 API:
①. Filter 接口:
> public void init(FilterConfig filterConfig): 类似于 Servlet 的 init 方法. 在创建 Filter 对象(Filter 对象在 Servlet 容器加载当前 WEB 应用时即被创建)后,
立即被调用, 且只被调用一次. 该方法用于对当前的 Filter 进行初始化操作. Filter 实例是单例的.
* FilterConfig 类似于 ServletConfig
* 可以在 web.xml 文件中配置当前 Filter 的初始化参数. 配置方式也和 Servlet 类似。
<filter>
<filter-name>helloFilter</filter-name>
<filter-class>com.atguigu.javaweb.HelloFilter</filter-class>
<init-param>
<param-name>name</param-name>
<param-value>root</param-value>
</init-param>
</filter>
> public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain):
真正 Filter 的逻辑代码需要编写在该方法中. 每次拦截都会调用该方法.
* FilterChain: Filter 链. 多个 Filter 可以构成一个 Filter 链.
- doFilter(ServletRequest request, ServletResponse response): 把请求传给 Filter 链的下一个 Filter,
若当前 Filter 是 Filter 链的最后一个 Filter, 将把请求给到目标 Serlvet(或 JSP)
- 多个 Filter 拦截的顺序和 <filter-mapping> 配置的顺序有关, 靠前的先被调用.
> public void destroy(): 释放当前 Filter 所占用的资源的方法. 在 Filter 被销毁之前被调用, 且只被调用一次.
4). <dispatcher> 元素: 指定过滤器所拦截的资源被 Servlet 容器调用的方式,
可以是REQUEST,INCLUDE,FORWARD和ERROR之一,默认REQUEST.
可以设置多个<dispatcher> 子元素用来指定 Filter 对资源的多种调用方式进行拦截
①. REQUEST:当用户直接访问页面时,Web容器将会调用过滤器。如果目标资源是通过RequestDispatcher的include()或forward()方法访问时,那么该过滤器就不会被调用。
通过 GET 或 POST 请求直接访问。
②. FORWARD:如果目标资源是通过RequestDispatcher的forward()方法访问时,那么该过滤器将被调用,除此之外,该过滤器不会被调用。
或 <jsp:forward page="/..." /> 或 通过 page 指令的 errorPage 转发页面. <%@ page errorPage="test.jsp" %>
③. INCLUDE:如果目标资源是通过RequestDispatcher的include()方法访问时,那么该过滤器将被调用。除此之外,该过滤器不会被调用。
或 <jsp:include file="/..." />
④. ERROR:如果目标资源是通过声明式异常处理机制调用时,那么该过滤器将被调用。除此之外,过滤器不会被调用。
在 web.xml 文件中通过 error-page 节点进行声明:
<error-page>
<exception-type>java.lang.ArithmeticException</exception-type>
<location>/test.jsp</location>
</error-page>
<filter-mapping>
<filter-name>secondFilter</filter-name>
<url-pattern>/test.jsp</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
2.代码区
package com.atguigu.javaweb; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; public class HelloFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException { System.out.println("init.."); } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { System.out.println("1. Before HelloFilter's chain.doFilter ..."); //1 //放行 chain.doFilter(request, response); System.out.println("2. After HelloFilter's chain.doFilter ..."); //2 } @Override public void destroy() { System.out.println("destroy..."); } }
package com.atguigu.javaweb; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; public class SecondFilter implements Filter{ @Override public void init(FilterConfig filterConfig) throws ServletException { System.out.println("second init..."); } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { System.out.println("3. Before SecondFilter's chain.doFilter ..."); //3 //放行 chain.doFilter(request, response); System.out.println("4. After SecondFilter's chain.doFilter ..."); //4 } //13254 SA 13542 //13245 八赛 //12345 谢鹏飞 13245 //13245 探索者 15234 //13245 天天向上 13524 @Override public void destroy() { // TODO Auto-generated method stub System.out.println("second destroy"); } }
package com.atguigu.javaweb; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * 自定义的 HttpFilter, 实现自 Filter 接口 * */ public abstract class HttpFilter implements Filter { /** * 用于保存 FilterConfig 对象. */ private FilterConfig filterConfig; /** * 不建议子类直接覆盖. 若直接覆盖, 将可能会导致 filterConfig 成员变量初始化失败 */ @Override public void init(FilterConfig filterConfig) throws ServletException { this.filterConfig = filterConfig; init(); } /** * 供子类继承的初始化方法. 可以通过 getFilterConfig() 获取 FilterConfig 对象. */ protected void init() {} /** * 直接返回 init(ServletConfig) 的 FilterConfig 对象 */ public FilterConfig getFilterConfig() { return filterConfig; } /** * 原生的 doFilter 方法, 在方法内部把 ServletRequest 和 ServletResponse * 转为了 HttpServletRequest 和 HttpServletResponse, 并调用了 * doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) * * 若编写 Filter 的过滤方法不建议直接继承该方法. 而建议继承 * doFilter(HttpServletRequest request, HttpServletResponse response, * FilterChain filterChain) 方法 */ @Override public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) resp; doFilter(request, response, chain); } /** * 抽象方法, 为 Http 请求定制. 必须实现的方法. * @param request * @param response * @param filterChain * @throws IOException * @throws ServletException */ public abstract void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException; /** * 空的 destroy 方法。 */ @Override public void destroy() {} }
package com.atguigu.javaweb; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; /** * Servlet Filter implementation class UserNameFilter */ public class UserNameFilter implements Filter { /** * Default constructor. */ public UserNameFilter() { // TODO Auto-generated constructor stub } /** * @see Filter#destroy() */ public void destroy() { // TODO Auto-generated method stub } /** * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) */ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { String initUser = filterConfig.getInitParameter("username"); String username = request.getParameter("username"); System.out.println(username); if(!initUser.equals(username)){ request.setAttribute("message", "用户名不正确"); request.getRequestDispatcher("/login.jsp").forward(request, response); return; } chain.doFilter(request, response); } private FilterConfig filterConfig; public void init(FilterConfig fConfig) throws ServletException { this.filterConfig = fConfig; } }
package com.atguigu.javaweb; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; /** * Servlet Filter implementation class PasswordFilter */ public class PasswordFilter implements Filter { /** * Default constructor. */ public PasswordFilter() { // TODO Auto-generated constructor stub } /** * @see Filter#destroy() */ public void destroy() { // TODO Auto-generated method stub } /** * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) */ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { String initPassword = filterConfig.getServletContext().getInitParameter("password"); String password = request.getParameter("password"); System.out.println(password); if(!initPassword.equals(password)){ request.setAttribute("message", "密码不正确"); request.getRequestDispatcher("/login.jsp").forward(request, response); return; } chain.doFilter(request, response); } /** * @see Filter#init(FilterConfig) */ private FilterConfig filterConfig; public void init(FilterConfig fConfig) throws ServletException { this.filterConfig = fConfig; } }
package com.atguigu.javaweb.cache; import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.atguigu.javaweb.HttpFilter; public class NoCacheFilter extends HttpFilter { @Override public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { System.out.println("cacheFilter's doFilter.."); response.setDateHeader("Expires",-1); response.setHeader("Cache-Control","no-cache"); response.setHeader("Pragma","no-cache"); filterChain.doFilter(request, response); } }
package com.atguigu.javaweb.encoding; import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.atguigu.javaweb.HttpFilter; public class EncodingFilter extends HttpFilter{ private String encoding; @Override protected void init() { encoding = getFilterConfig().getServletContext().getInitParameter("encoding"); } @Override public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { System.out.println(encoding); request.setCharacterEncoding(encoding); filterChain.doFilter(request, response); } }
package com.atguigu.javaweb.login; import java.io.IOException; import java.util.Arrays; import java.util.List; import javax.servlet.FilterChain; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.atguigu.javaweb.HttpFilter; public class LoginFilter extends HttpFilter{ //1. 从 web.xml 文件中获取 sessionKey, redirectUrl, uncheckedUrls private String sessionKey; private String redirectUrl; private String unchekcedUrls; @Override protected void init() { ServletContext servletContext = getFilterConfig().getServletContext(); sessionKey = servletContext.getInitParameter("userSessionKey"); redirectUrl = servletContext.getInitParameter("rediretPage"); ///login/a.jsp,/login/list.jsp,/login/login.jsp,/login/doLogin.jsp unchekcedUrls = servletContext.getInitParameter("uncheckedUrls"); } @Override public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { //1. 获取请求的 servletPath // /login/b.jsp String servletPath = request.getServletPath(); //2. 检查 1 获取的 servletPath 是否为不需要检查的 URL 中的一个, 若是, 则直接放行. 方法结束 List<String> urls = Arrays.asList(unchekcedUrls.split(",")); if(urls.contains(servletPath)){ filterChain.doFilter(request, response); return; } //3. 从 session 中获取 sessionKey 对应的值, 若值不存在, 则重定向到 redirectUrl Object user = request.getSession().getAttribute(sessionKey); if(user == null){ response.sendRedirect(request.getContextPath() + redirectUrl); return; } //4. 若存在, 则放行, 允许访问. filterChain.doFilter(request, response); } }
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<a href="b.html">TO BBB PAGE</a>
<br><br>
<img alt="" src="Desert.jpg">
</body>
</html>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<a href="a.html">TO AAA PAGE</a>
<br><br>
</body>
</html>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <form action="b.jsp" method="post"> name: <input type="text" name="name"/> <input type="submit" value="Submit"/> </form> </body> </html>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <%-- //编写一个 EncodingFilter //1. 读取 web.xml 文件中配置的当前 WEB 应用的初始化参数 encoding //2. 指定请求的字符编码为 1 读取到的编码 //3. 调用 chain.doFilter() 方法 "放行" 请求 request.setCharacterEncoding("UTF-8"); --%> Hello: ${param.name } </body> </html>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<h4>AAA PAGE</h4>
<a href="list.jsp">Return...</a>
</body>
</html>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <%-- //检验用户是否登录. 若没有登录, 则直接重定向到 login.jsp Object user = session.getAttribute("user"); if(user == null){ response.sendRedirect("login.jsp"); } --%> <h4>BBB PAGE</h4> <a href="list.jsp">Return...</a> </body> </html>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <%-- //检验用户是否登录. 若没有登录, 则直接重定向到 login.jsp Object user = session.getAttribute("user"); if(user == null){ response.sendRedirect("login.jsp"); } --%> <h4>CCC PAGE</h4> <a href="list.jsp">Return...</a> </body> </html>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <% //1. 获取用户的登录信息 String username = request.getParameter("username"); //2. 若登录信息完整, 则把登录信息放到 HttpSession if(username != null && !username.trim().equals("")){ session.setAttribute(application.getInitParameter("userSessionKey"), username); //3. 重定向到 list.jsp response.sendRedirect("list.jsp"); }else{ response.sendRedirect("login.jsp"); } %> </body> </html>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<a href="a.jsp">AAA</a>
<br><br>
<a href="b.jsp">BBB</a>
<br><br>
<a href="c.jsp">CCC</a>
<br><br>
<a href="d.jsp">DDD</a>
<br><br>
<a href="e.jsp">EEE</a>
</body>
</html>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <form action="doLogin.jsp" method="post"> username: <input type="text" name="username"/> <input type="submit" value="Submit"/> </form> </body> </html>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <font color="red">${message }</font> <br><br> <form action="hello.jsp" method="post"> username: <input type="text" name="username" value="${param.username }"/> password: <input type="password" name="password"/> <input type="submit" value="Submit"/> </form> </body> </html>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> Hello: ${param.username } </body> </html>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<a href="dispatcher.jsp">To Test Page</a>
</body>
</html>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <%-- <jsp:forward page="/test.jsp"></jsp:forward> <jsp:include page="/test.jsp"></jsp:include> --%> <% int i = 10 / 0; %> </body> </html>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <h4>Test Page</h4> <% System.out.println("5. Test JSP"); //5 %> </body> </html>