Filter是对客户端访问资源的过滤,符合条件放行,不符合条件不放行
一.过滤案例
需要注意:
- 过滤器类需要实现javax.servlet.Filter接口,并重写init(),doFilter(),destroy()方法
- 过滤器的实现可以通过配置web.xml完成.亦可通过注解@WebFilter完成
- 过滤器的执行顺序依赖于web.xml中配置的自然顺序
- doFilter()完成过滤逻辑
- 通过filterChain.doFilter(servletRequest,servletResponse)完成放行
1.通过web.xml配置完成过滤操作,并演示上面的部分注意事项
①测试准备
项目工程:
②代码展示:
***前端页面index.jsp
<%--
Created by IntelliJ IDEA.
User: WHW
Date: 2019/7/31
Time: 10:40
To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>用户登录</title>
</head>
<body>
<fieldset>
<form action="/fr/login" method="post">
用户名:<input type="text" name="name"/><br/>
密 码:<input type="text" name="password"/><br/>
<input type="submit" value="登录">
</form>
</fieldset>
</body>
</html>
***web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
version="4.0">
<!--配置登录过滤器-->
<filter>
<filter-name>lf</filter-name>
<filter-class>com.howie.filter.LoginFilter</filter-class>
<init-param>
<param-name>SelfDefinedParameter</param-name>
<param-value>whatever</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>lf</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--配置身份过滤器-->
<filter>
<filter-name>if</filter-name>
<filter-class>com.howie.filter.IdentityFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>if</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
***UserLogin.java
package com.howie.controller;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* @Author weihuanwen
* @Date 2019/7/31 11:11
* @Version 1.0
*/
@WebServlet(urlPatterns = "/login")
public class UserLogin extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
System.out.println("对用户名和密码进行合法性校验....");
resp.getWriter().write("User login successful!");
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req,resp);
}
}
***IdentityFilter.java
package com.howie.filter;
import javax.servlet.*;
import java.io.IOException;
/**
* @Author weihuanwen
* @Date 2019/7/31 12:54
* @Version 1.0
*/
public class IdentityFilter implements Filter{
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("执行init()过滤器IdentityFilter已创建.....");
System.out.println();
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println(">>>>过滤器IdentityFilter处理中>>>>");
String name = servletRequest.getParameter("name");
if (name == null || "Admin".equals(name)){
//放行
filterChain.doFilter(servletRequest,servletResponse);
}else {
System.out.println("非管理员登录 ::: " + name);
servletResponse.getWriter().write("permission denied!");
}
}
@Override
public void destroy() {
System.out.println("过滤器IdentityFilter执行销毁.....");
}
}
***LoginFilter.java
package com.howie.filter;
import javax.servlet.*;
import java.io.IOException;
import java.util.Enumeration;
/**
* @Author weihuanwen
* @Date 2019/7/31 10:45
* @Version 1.0
*/
public class LoginFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("执行init()过滤器LoginFilter已创建.....");
Enumeration<String> initParamNames = filterConfig.getInitParameterNames();
while (initParamNames.hasMoreElements()){
String paramName = initParamNames.nextElement();
System.out.println("过滤器初始化配置↓↓↓");
System.out.println(paramName +" ::: "+filterConfig.getInitParameter(paramName));
}
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println(">>>>过滤器LoginFilter处理中>>>>");
String name = servletRequest.getParameter("name");
if ("Hacker".equals(name)){
System.out.println("检测到非法用户 ::: "+name);
servletResponse.getWriter().write("Illegal user detected!");
}else {
//放行
filterChain.doFilter(servletRequest,servletResponse);
}
}
@Override
public void destroy() {
System.out.println("过滤器LoginFilter执行销毁.....");
}
}
③测试
1>前端界面展示:
2>项目启动时控制台输出:
执行init()过滤器LoginFilter已创建.....
过滤器初始化配置↓↓↓
SelfDefinedParameter ::: whatever
执行init()过滤器IdentityFilter已创建.....
>>>>过滤器LoginFilter处理中>>>>
>>>>过滤器IdentityFilter处理中>>>>
>>>>过滤器LoginFilter处理中>>>>
>>>>过滤器IdentityFilter处理中>>>>
3>使用用户名:Hacker进行登录(这个案例中并未对密码进行验证)
***控制台输出:
>>>>过滤器LoginFilter处理中>>>>
检测到非法用户 ::: Hacker
4>使用用户名Jhon登录
***控制台输出:
>>>>过滤器LoginFilter处理中>>>>
>>>>过滤器IdentityFilter处理中>>>>
非管理员登录 ::: Jhon
5>使用用户名Admin登录
***控制台输出:
>>>>过滤器LoginFilter处理中>>>>
>>>>过滤器IdentityFilter处理中>>>>
对用户名和密码进行合法性校验....
2.通过注解配置过滤器
需要注意:
过滤器类上需要使用@WebFilter.EP:@WebFilter(filterName = "lfba",urlPatterns = "/*")
过滤器的执行顺序不在依靠web.xml中的配置顺序了,而是依靠过滤器文件名称的自然顺序执行的
①测试准备
在上一个工程基础上继续完善项目工程:
②代码展示
***web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
version="4.0">
<!--测试注解开发过滤器时,需要将下面的配置注释-->
<!--配置登录过滤器-->
<!--<filter>-->
<!--<filter-name>lf</filter-name>-->
<!--<filter-class>com.howie.filter.LoginFilter</filter-class>-->
<!--<init-param>-->
<!--<param-name>SelfDefinedParameter</param-name>-->
<!--<param-value>whatever</param-value>-->
<!--</init-param>-->
<!--</filter>-->
<!--<filter-mapping>-->
<!--<filter-name>lf</filter-name>-->
<!--<url-pattern>/*</url-pattern>-->
<!--</filter-mapping>-->
<!--配置身份过滤器-->
<!--<filter>-->
<!--<filter-name>if</filter-name>-->
<!--<filter-class>com.howie.filter.IdentityFilter</filter-class>-->
<!--</filter>-->
<!--<filter-mapping>-->
<!--<filter-name>if</filter-name>-->
<!--<url-pattern>/*</url-pattern>-->
<!--</filter-mapping>-->
</web-app>
***index.jsp
无变化
***UserLogin.java
无变化
***ALoginFilterByAnnotation.java
package com.howie.filter_annotation;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import java.io.IOException;
import java.util.Enumeration;
/**
* @Author weihuanwen
* @Date 2019/7/31 10:45
* @Version 1.0
*/
@WebFilter(filterName = "lfba",urlPatterns = "/*")
public class ALoginFilterByAnnotation implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("执行init()过滤器LoginFilterByAnnotation已创建.....");
Enumeration<String> initParamNames = filterConfig.getInitParameterNames();
while (initParamNames.hasMoreElements()){
String paramName = initParamNames.nextElement();
System.out.println("过滤器初始化配置↓↓↓");
System.out.println(paramName +" ::: "+filterConfig.getInitParameter(paramName));
}
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println(">>>>过滤器LoginFilterByAnnotation处理中>>>>");
String name = servletRequest.getParameter("name");
if ("Hacker".equals(name)){
System.out.println("检测到非法用户 ::: "+name);
servletResponse.getWriter().write("Illegal user detected!");
}else {
//放行
filterChain.doFilter(servletRequest,servletResponse);
}
}
@Override
public void destroy() {
System.out.println("过滤器LoginFilterByAnnotation执行销毁.....");
}
}
***BIdentityFilterByAnnotation.java
package com.howie.filter_annotation;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import java.io.IOException;
/**
* @Author weihuanwen
* @Date 2019/7/31 12:54
* @Version 1.0
*/
@WebFilter(filterName = "ifba",urlPatterns = "/*")
public class BIdentityFilterByAnnotation implements Filter{
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("执行init()过滤器IdentityFilterByAnnotation已创建.....");
System.out.println();
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println(">>>>过滤器IdentityFilterByAnnotation处理中>>>>");
String name = servletRequest.getParameter("name");
if (name == null || "Admin".equals(name)){
//放行
filterChain.doFilter(servletRequest,servletResponse);
}else {
System.out.println("非管理员登录 ::: " + name);
servletResponse.getWriter().write("permission denied!");
}
}
@Override
public void destroy() {
System.out.println("过滤器IdentityFilterByAnnotation执行销毁.....");
}
}
③测试
1>前端界面展示:
2>项目启动时控制台输出:
执行init()过滤器LoginFilterByAnnotation已创建.....
执行init()过滤器IdentityFilterByAnnotation已创建.....
>>>>过滤器LoginFilterByAnnotation处理中>>>>
>>>>过滤器IdentityFilterByAnnotation处理中>>>>
>>>>过滤器LoginFilterByAnnotation处理中>>>>
>>>>过滤器IdentityFilterByAnnotation处理中>>>>
3>使用用户名Hacker登录
控制台输出:
>>>>过滤器LoginFilterByAnnotation处理中>>>>
检测到非法用户 ::: Hacker
这里就不再演示其他情况了,主要是想说明下过滤器的执行顺序是根据类文件名的自然顺序执行的!
二.过滤器处理全站请求中文乱码
1.测试准备
项目工程:
2.代码展示:
***TextProcessorServlet.java
package com.howie.unreadable_chinese_code;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* @Author weihuanwen
* @Date 2019/7/31 11:11
* @Version 1.0
*/
@WebServlet(urlPatterns = "/tps")
public class TextProcessorServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String message = req.getParameter("message");
System.out.println("接收到前端消息 ::: "+message);
resp.getWriter().write("消息接收成功!");
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req,resp);
}
}
***index.jsp
<%--
Created by IntelliJ IDEA.
User: WHW
Date: 2019/7/31
Time: 10:40
To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>用户登录</title>
</head>
<body>
<fieldset>
用户登录测试:
<form action="${pageContext.request.contextPath}/login" method="post">
用户名:<input type="text" name="name"/><br/>
密 码:<input type="text" name="password"/><br/>
<input type="submit" value="登录">
</form>
</fieldset>
<fieldset>
全站中文处理测试:
<form action="${pageContext.request.contextPath}/tps" method="post">
消息:<input type="text" name="message"/><br/>
<input type="submit" value="推送">
</form>
</fieldset>
</body>
</html>
3.测试
①前端界面:
②推送文本消息"你是谁"
③前端结果展示
④控制台输出
接收到前端消息 ::: ??????è°?
4.加入全站中文编码处理过滤器
***DealUnreadableCodeFilter.java
package com.howie.unreadable_chinese_code;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import java.io.IOException;
/**
* @Author weihuanwen
* @Date 2019/7/31 19:09
* @Version 1.0
*/
@WebFilter(filterName = "ducf",urlPatterns = "/*")
public class DealUnreadableCodeFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("全站中文编码处理器初始化......");
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("开始处理编码....");
servletRequest.setCharacterEncoding("utf-8");
servletResponse.setContentType("text/html;charset=UTF-8");
System.out.println("编码处理结束....");
//放行
filterChain.doFilter(servletRequest,servletResponse);
}
@Override
public void destroy() {
System.out.println("执行销毁全站中文编码处理器......");
}
}
5.继续测试
①前端推送消息"你是谁"
②前端结果展示
③控制台输出
接收到前端消息 ::: 你是谁