编码格式过滤器
每写一个servlet都要设置编码格式是很繁琐的。编码格式过滤器可以很好的解决这个问题,只需在过滤器里设置一次就可以了;
1. 在web.xml中配置过滤器拦截全部
2. 在filter里强制转换对象(实现javax.servlet.Filter接口)
3. 设置编码格式
xml配置
<filter>
<filter-name>encode</filter-name>
<filter-class>com.oes.filter.EncodingFilter</filter-class>
<init-param>
<param-name>encode</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encode</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
EcodingFilter
public class EncodingFilter implements Filter {
private String encode = null;
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
// 把request和response对象强制转换为http的请求和响应对象
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
// 设置请求和响应对象的编码格式
httpRequest.setCharacterEncoding(encode);
httpResponse.setCharacterEncoding(encode);
httpResponse.setContentType("text/html;charset=" + encode);
// 把请求和响应对象传递到下一个过滤器或者页面进行响应
chain.doFilter(request, response);
}
@Override
public void init(FilterConfig config) throws ServletException {
this.encode = config.getInitParameter("encode");
}
}
权限过滤器
做好一个网页项目过后,用户可以不通过登录界面直接用地址强行进入其他重要的界面,这是很不安全的。所以可以用权限过滤器来拦截,只有成功登录后才能进行其他的操作;
1. 定义一个不需要过滤的列表
2. 强制转换对象
3. 获取请求路径
4. 判断请求路径是否需要过滤
5. 查询session中是否存有用户名(在登录成功后会把用户名存入session中,如果没有值表示没有成功登录,强强制跳转到登录界面。)
xml配置
<filter>
<filter-name>permission</filter-name>
<filter-class>com.oes.filter.PermissionFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>permission</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
PermissionFilter
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class PermissionFilter implements Filter {
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
// 定义一个不需要进行过滤的列表
String[] noFilters = { "login.jsp", "doLoginServlet" };
// 把request和response对象强制转换为http的请求和响应对象
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
// 获取被过滤的请求路径
String path = httpRequest.getRequestURI();
path = path.substring(path.lastIndexOf("/") + 1);
for (String url : noFilters) {
if (url.equals(path)) {
chain.doFilter(httpRequest, httpResponse);
return;
}
}
// 获取session中存储用户名
Object obj = httpRequest.getSession().getAttribute("username");
if (obj != null) {
chain.doFilter(request, response);
} else {
httpResponse.sendRedirect(httpRequest.getContextPath()
+ "/login.jsp");
}
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}