what is Servlet Filters?
Servelt filter is a small amount of code that execute before or after serving up a web resource.
比如Filter1是log,Filter2是transaction,Filter3是secure。
为什么要用filter?
将这些与业务逻辑无关的公共代码分离。可以将这些Filter理解为plug,即插即用。
public class myFitler1 implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse
servletResponse, FilterChain filterChain) throws IOException, ServletException {
//dosth before into servlet
filterChain.doFilter(servletRequest,servletResponse);//serlvet可以理解为处理请求
// dosth after into servlet
}
filter chain:通过filterChain.doFilter(servletRequest,servletResponse)
,我们就可以逐层的过滤,最终到servlet;servlet执行结束后,逐层的返回,最终到客户端。
和递归过程很像,只是多了servlet对请求处理。
这里举个完整的例子:通过filter校验用户名和密码是否未空,若为空,则页面显示错误信息;若不为空,则让filter chain + servlet处理。
①项目文件结构:
②代码
//文件名:login.jsp
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My JSP 'login.jsp' starting page</title>
</head>
<body>
<form action="login" method="post" >
username:<input type="text" name="username" ><br>
password:<input type="password" name="pwd" ><br>
<input type="submit" value="sign in"/>
</form>
</body>
</html>
public class myFitler1 implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse
servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("执行filter---before----");
String username = servletRequest.getParameter("username");
String pwd = servletRequest.getParameter("pwd");
//若用户名、密码为空,则页面显示错误信息,并不交给servlet处理,直接返回客户端
if(username.equals("")||pwd.equals(""))
{
PrintWriter pw=servletResponse.getWriter();
pw.write("username or pwd is null");
}else{
//继续filter chain处理
filterChain.doFilter(servletRequest,servletResponse);
}
System.out.println("执行filter---after----");
}
}
public class HelloWorld extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
System.out.println("执行servlet--before---");
PrintWriter pw=resp.getWriter();
pw.write("sign success");
System.out.println("执行servlet--after---");
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
this.doGet(request, response);
}
}
<servlet>
<servlet-name>HelloWorld</servlet-name>
<servlet-class>HelloWorld</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>HelloWorld</servlet-name>
<url-pattern>/login</url-pattern>
</servlet-mapping>
<filter>
<filter-name>my-Fitler1</filter-name>
<filter-class>myFitler1</filter-class>
</filter>
<filter-mapping>
<filter-name>my-Fitler1</filter-name>
<url-pattern>/login</url-pattern>
//这里的filter只对/login进行过滤,所以请求login.jsp页面并不会拦截。
</filter-mapping>
③执行结果展示:
若用户名或密码为空,则打印:
执行filter---before----
执行filter---after----
若用户名和密码不为空,则打印:
执行filter---before----
执行servlet--before---
执行servlet--after---
执行filter---after----
注:这只是举个简单例子,实际用户名、密码空或格式等可以通过客户端的javascript等都可以校验,不必发给服务器。