后台开发学习——Servlet过滤器
1、过滤器(Filter)
(1)Servlet过滤器本身不产生请求和响应对象,能够对Servlet容器的请求和响应对象进行检查和修改。
(2)在调用前检查request对象,修改request header和request内容;在调用后检查response对象,修改response header和response内容,提供过滤作用。
(3)Servlet过滤器负责过滤的Web组件可以是Servlet、JSP或HTML文件。
2、javax.servlet.Filter(接口):
①void init(FilterConfig filterConfig):这是Servlet过滤器的初始化方法,Servlet容器创建Servlet过滤器实例后将调用这个方法。在这个方法中可以读取web.xml文件中Servlet过滤器的初始化参数
②void doFilter(ServletRequest request, ServletResponse response, FilterChain chain):这个方法完成实际的过滤操作。当客户请求访问与过滤器关联的URL时,Servlet容器将先调用过滤器的doFilter方法。FilterChain参数用于访问后续过滤器,过滤器的链式请求处理过程。
③void destroy():Servlet容器在销毁过滤器实例前调用该方法,在这个方法中可以释放Servlet过滤器占用的资源
3、过滤器访问实例:
(1)登录页面login.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + path;
%>
<!DOCTYPE html>
<html>
<head>
<base href="<%= basePath %>">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>登录页面</title>
</head>
<body>
<%
String userName = request.getParameter("username");
String authority = request.getParameter("authority");
%>
<form method="post" action="remoa2/LoginServlet">
用户名:<input type="text" name="username" value="<%= userName == null ? "" : userName %>" /><br />
密码:<input type="password" name="password" /><br />
权限:
<select name="authority">
<option value="1" <%= "1".equals(authority) ? "selected='selected'" : ""%>>普通用户</option>
<option value="2" <%= "2".equals(authority) ? "selected='selected'" : ""%>>管理员</option>
</select>
<br />
<input type="submit" value="提交" />
</form>
</body>
</html>
(2)登录成功后的索引页面index.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8" import="com.deng.user.User"
pageEncoding="UTF-8"%>
<%
String path = request.getContentType();
String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + path;
%>
<!DOCTYPE html>
<html>
<head>
<base <%= basePath %> >
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>开始页面</title>
</head>
<body>
<%
User user = (User)session.getAttribute("user");
String name = user.getUsername();
String authority = user.getAuthority();
String authorityName = null;
String authorityInstruction = null;
if(authority.equals("1")){
authorityName = "普通用户";
authorityInstruction = "查询的权力";
}else{
authorityName = "管理员用户";
authorityInstruction = "查询和更新的权力";
}
%>
<%= name %> ,您是<%= authorityName %>,有<%= authorityInstruction %><br />
<a href="QueryServlet">点击查询</a><br />
<%
if(((User)session.getAttribute("user")).getAuthority().equals("2")){ %>
<a href="UpdateServlet">点击更新</a>
<% } %>
</body>
</html>
(3)用户类,有三个属性,①用户名,②用户密码,③用户权限等级
package com.deng.user;
public class User {
private String username;
private String password;
private String authority;
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getAuthority() {
return authority;
}
public void setAuthority(String authority) {
this.authority = authority;
}
}
(4)控制程序业务的LoginServlet.java类,判定是否登录成功,因没有连接数据库,所以默认了一个普通用户remoa,密码为123456,以及一个管理员用户root,密码为888888。登录成功,则进入index.jsp页面;否则,继续在login.jsp页面。
package com.deng.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.deng.user.User;
@WebServlet("/LoginServlet")
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
User user = new User();
HttpSession session = request.getSession();
String username = request.getParameter("username");
String password = request.getParameter("password");
String authority = request.getParameter("authority");
//普通用户登录
if("1".equals(authority)){
if("remoa".equals(username) && "123456".equals(password)){
user.setUsername(username);
user.setPassword(password);
user.setAuthority(authority);
session.setAttribute("user", user);
request.getRequestDispatcher("filter/index.jsp").forward(request, response);
}
else{
response.sendRedirect("filter/login.jsp?username=" + username + "&authority=" + authority);
}
}
//管理员用户登录
else if("2".equals(authority)){
if("root".equals(username) && "888888".equals(password)){
user.setUsername(username);
user.setPassword(password);
user.setAuthority(authority);
session.setAttribute("user", user);
request.getRequestDispatcher("filter/index.jsp").forward(request, response);
}
else{
response.sendRedirect("filter/login.jsp?username=" + username + "&authority=" + authority);
}
}
//登录失败
else{
response.sendRedirect("filter/login.jsp?username=" + username + "&authority=" + authority);
}
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}
}
(5)查询事务的QueryServlet.java类
package com.deng.servlet;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@WebServlet("/QueryServlet")
public class QueryServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
System.out.println("QueryServlet");
PrintWriter out = response.getWriter();
out.println("This is the QueryServlet.");
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}
}
(6)有更新功能事务的管理员用户才拥有的UpdateServlet.java类
package com.deng.servlet;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@WebServlet("/UpdateServlet")
public class UpdateServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
System.out.println("UpdateServlet");
PrintWriter out = response.getWriter();
out.println("This is the update servlet.");
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}
}
(7)设置一个过滤器,使没有登录的用户不能随意访问,以及使拥有不同权限的用户也只能访问它所能访问到的内容。
package com.deng.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.deng.user.User;
@WebFilter(filterName="LoginInFilter",urlPatterns="/*")
public class LoginInFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest r = (HttpServletRequest)request;
String requestURL = r.getRequestURI();
System.out.println(requestURL);
if(requestURL.endsWith("login.jsp") || requestURL.endsWith("LoginServlet")){
chain.doFilter(request, response);
return;
}
HttpSession session = r.getSession();
if(requestURL.endsWith("UpdateServlet") && ((User)session.getAttribute("user")).getAuthority().equals("1")){
((HttpServletRequest)request).getRequestDispatcher("filter/index.jsp").forward(request, response);
return;
}else if(null == session.getAttribute("user")){
((HttpServletResponse)response).sendRedirect("filter/login.jsp");
return;
}else{
chain.doFilter(request, response);
}
}
public void init(FilterConfig fConfig) throws ServletException {
System.out.println("Init invoked");
}
}
运行结果:
①初始页面:
②输入一个peter用户(并没有任何权限),提交后进行判断,判断不存在因此会返回登录界面
③输入管理员用户“root”,密码“888888”,并分别点击查询以及更新的链接。
④输入普通用户“remoa”,密码“123456”,点击查询功能可以实现,若强行在地址栏输入“http://localhost:8080/remoa2/UpdateServlet”则由于没有权限查看此页面返回到“index.jsp”页面。