1、简介
应用场景
- 自动登录;
- 统一设置编码格式;
- 访问权限控制;
- 敏感字符过滤等。
2、编写过滤器
- test
public class FilterTest01 implements Filter {
//初始化:web服务器启动的时候就会初始化,随时等待过滤对象出现
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("初始化");
}
/*
FilterChain:链;
1.过滤中的所有代码,在过滤特定请求的时候都会执行;
2.必须要让过滤器继续通行
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
request.setCharacterEncoding("utf-8");
response.setCharacterEncoding("utf-8");
response.setContentType("text/html;charset=utf-8");
System.out.println("执行FilterTest01前");
filterChain.doFilter(request,response);//让我们的请求继续走,如果不写,程序就会被拦截停止在这里
System.out.println("执行FilterTest01后");
}
//销毁:web服务器关闭的时候,过滤器才会销毁
public void destroy() {
System.out.println("销毁");
}
}
<filter>
<filter-name>Demo01</filter-name>
<filter-class>com.beyond.filter.FilterTest01</filter-class>
</filter>
<filter-mapping>
<filter-name>Demo01</filter-name>
<!--只要是 /servlet的任何请求都会经过这个过滤器-->
<url-pattern>/servlet/*</url-pattern>
</filter-mapping>
2.判断用户账号、权限登录(用户登陆之后才能进入主页,用户注销后就不能进入主页了)
//登陆验证
public class LoginTest01 extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
//获取前端请求的参数
String username = req.getParameter("username");
if(username.equals("admin")){//登陆成功
req.getSession().setAttribute("USER_SESSION",req.getSession().getId());
resp.sendRedirect("sys/success.jsp");
}else {
resp.sendRedirect("error/500.jsp");
}
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
=================================================
//登陆成功后,注销,过滤
public class LoginFilter implements Filter {
public void init(FilterConfig filterConfig) throws ServletException {
}
public void doFilter(ServletRequest sreq, ServletResponse sresp, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) sreq;
HttpServletResponse response = (HttpServletResponse) sresp;
if(request.getSession().getAttribute("USER_SESSION")==null){
response.sendRedirect("error/500.jsp");
}
filterChain.doFilter(request,response);
}
public void destroy() {
}
}
=================================================
//登陆失败
public class LogoutTest01 extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
Object user_session = req.getSession().getAttribute("USER_SESSION");
if(user_session!=null){
req.getSession().removeAttribute("USER_SESSION");
resp.sendRedirect("login.jsp");
}else {
resp.sendRedirect("login.jsp");
}
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
<h2>登录</h2>
<form action="login" method="post">
<input type="text" name="username">
<input type="submit">
</form>
=================================================
<h1>主页</h1>
<p><a href="/jsp_01/logout">注销</a></p>
=================================================
<h1>自定义500的错误页面</h1>
<h3>账号错误,没有权限</h3>
<a href="../login.jsp">返回登陆页面</a>
=================================================
<servlet>
<servlet-name>LoginTest01</servlet-name>
<servlet-class>com.beyond.filter.LoginTest01</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginTest01</servlet-name>
<url-pattern>/login</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>LogoutTest01</servlet-name>
<servlet-class>com.beyond.filter.LogoutTest01</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LogoutTest01</servlet-name>
<url-pattern>/logout</url-pattern>
</servlet-mapping>
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.beyond.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/sys/*</url-pattern>
</filter-mapping>