过滤器
一、过滤器的概念
可以对web服务器管理的所有web资源:例如Jsp、Servlet、html文件等进行拦截,从而实现一些特殊的功能。
二、过滤器的生命周期
-
创建:在项目启动时就被创建,如果xml或者@WebFilter中有init值,则会调用init()进行初始化。
-
销毁:当服务器正常关闭时,自动销毁该Filter对象。
-
注意:如果使用xml文件配置,调用顺序为代码顺序;如果使用@WebFilter调用顺序为类名的字典顺序。
以下为一个请求在过滤器链中的流程图:
![在这里插入图片描述](https://i-blog.csdnimg.cn/direct/c6664fdc43d1417dba714c97a468fc52.png#pic_center)
三、三种过滤器案例
- CodeFilter(编码格式过滤器):
<filter>
<filter-name>CodeFilter</filter-name>
<filter-class>com.qf.filter.CodeFilter</filter-class>
<init-param>
<param-name>code</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CodeFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
//创建code成员变量
private String code;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
//初始化code,从配置文件中获取
code = filterConfig.getInitParameter("code");
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
//设置请求与响应的编码格式,然后放行
servletRequest.setCharacterEncoding(code);
servletResponse.setContentType("text/html;charset=" + code);
filterChain.doFilter(servletRequest,servletResponse);
}
- LoginFilter(控制访问权限)过滤器
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.qf.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
//将请求和响应转型为HttpServletRequest和HttpServletResponse类型
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
//获取请求路径
String uri = request.getRequestURI();
System.out.println(uri);
//通过条件判断,设置请求路径的访问权限
if(uri.equals("/Day19_war_exploded/") ||
uri.contains("register.jsp") ||
uri.contains("RegisterServlet") ||
uri.contains("welcome.html") ||
uri.contains("login.jsp") ||
uri.contains("CodeServlet") ||
uri.contains("LoginServlet") ){
filterChain.doFilter(request,response);
}else{
//当登录之后,获取session中数据
HttpSession session = request.getSession();
String username = (String) session.getAttribute("username");
String name = (String) session.getAttribute("name");
String role = (String) session.getAttribute("role");
//根据数据信息判断访问权限
if(username==null || name==null || role==null){
response.sendRedirect("login.jsp");
}else{
if(!role.equals("teacher") && uri.contains("GetStuListServlet")){
response.sendRedirect("login.jsp");
}else{
filterChain.doFilter(request,response);
}
}
}
}
- SensitiveWordsFilter(敏感词过滤器)
<filter>
<filter-name>SensitiveWordsFilter</filter-name>
<filter-class>com.qf.filter.SensitiveWordsFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SensitiveWordsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
//创建请求包装类对象(注意:对象中包含了请求对象)
MyHttpServletRequestWrapper myHttpServletRequestWrapper = new MyHttpServletRequestWrapper(request);
filterChain.doFilter(myHttpServletRequestWrapper,response);
}
MyHttpServletRequestWrapper包装类:
public class MyHttpServletRequestWrapper extends HttpServletRequestWrapper {//继承HttpServletRequestWrapper
public MyHttpServletRequestWrapper(HttpServletRequest request) {
super(request);
}
@Override
public String getParameter(String name) {//重写getParameter()
//获取字段值
String value = super.getParameter(name);
//设置敏感词处理方式
value = value.replaceAll("<", "<");
value = value.replaceAll(">", ">");
value = value.replaceAll("傻逼", "**");
return value;
}
}