过滤器总结
一、servlet过滤器的概念:
servlet过滤器是在java servlet规范2.3中定义的,它能够对servlet容器的请求和响应对象进行检查和修改。
servlet过滤器本身并不产生请求和响应对象,它只能提供过滤作用。servlet过期能够在servlet被调用之前检查request对
象,修改request header和request内容;在servlet被调用之后检查response对象,修改response
header和response内容。
servlet过期负责过滤的web组件可以是servlet、jsp或者html文件。
二、servlet过滤器的特点:
a.servlet过滤器可以检查和修改servletrequest和servletresponse对象
b.servlet过滤器可以被指定和特定的url关联,只有当客户请求访问该url时,才会触发过滤器
c.servlet过滤器可以被串联在一起,形成管道效应,协同修改请求和响应对象
三、servlet过滤器的作用:
a.查询请求并作出相应的行动。
b.阻塞请求-响应对,使其不能进一步传递。
c.修改请求的头部和数据。用户可以提供自定义的请求。
d.修改响应的头部和数据。用户可以通过提供定制的响应版本实现。
e.与外部资源进行交互。
四、servlet过滤器的适用场合:
a.认证过滤
b.登录和审核过滤
c.图像转换过滤
d.数据压缩过滤
e.加密过滤
f.令牌过滤
g.资源访问触发事件过滤
h.xsl/t过滤
i.mime-type过滤
五、servlet过滤器接口的构成:
所有的servlet过滤器类都必须实现javax.servlet.filter接口。这个接口含有3个过滤器类必须实现的方法:
a.init(filterconfig):
这是servlet过滤器的初始化方法,servlet容器创建servlet过滤器实例后将调用这个方法。在这个方法中可以读取web.xml文件中servlet过滤器的初始化参数
b.dofilter(servletrequest,servletresponse,filterchain):
这个方法完成实际的过滤操作,当客户请求访问于过滤器关联的url时,servlet容器将先调用过滤器的dofilter方法。filterchain参数用于访问后续过滤器
b.destroy():
servlet容器在销毁过滤器实例前调用该方法,这个方法中可以释放servlet过滤器占用的资源
六、servlet过滤器的创建步骤:
a.实现javax.servlet.filter接口
b.实现init方法,读取过滤器的初始化函数
c.实现dofilter方法,完成对请求或过滤的响应
d.调用filterchain接口对象的dofilter方法,向后续的过滤器传递请求或响应
e.销毁过滤器
七、servlet过滤器对请求的过滤:
a.servlet容器创建一个过滤器实例
b.过滤器实例调用init方法,读取过滤器的初始化参数
c.过滤器实例调用dofilter方法,根据初始化参数的值判断该请求是否合法
d.如果该请求不合法则阻塞该请求
e.如果该请求合法则调用chain.dofilter方法将该请求向后续传递
八、servlet过滤器对响应的过滤:
a.过滤器截获客户端的请求
b.重新封装servletresponse,在封装后的servletresponse中提供用户自定义的输出流
c.将请求向后续传递
d.web组件产生响应
e.从封装后的servletresponse中获取用户自定义的输出流
f.将响应内容通过用户自定义的输出流写入到缓冲流中
g.在缓冲流中修改响应的内容后清空缓冲流,输出响应内容
九、servlet过滤器的发布:
a.发布servlet过滤器时,必须在web.xml文件中加入<filter>元素和<filter-mapping>元素。
b.<filter>元素用来定义一个过滤器:
属性 含义
filter-name 指定过滤器的名字
filter-class 指定过滤器的类名
init-param 为过滤器实例提供初始化参数,可以有多个
c.<filter-mapping>元素用于将过滤器和url关联:
属性 含义
filter-name 指定过滤器的名字
url-pattern 指定和过滤器关联的url,为"/"表示所有url
十一、servlet过滤器使用的注意事项
a.由于filter、filterconfig、filterchain都是位于javax.servlet包下,并非http包所特有的,所以
其中所用到的请求、响应对象servletrequest、servletresponse在使用前都必须先转换成
httpservletrequest、httpservletresponse再进行下一步操作。
b.在web.xml中配置servlet和servlet过滤器,应该先声明过滤器元素,再声明servlet元素
c.如果要在servlet中观察过滤器生成的日志,应该确保在server.xml的localhost对应的<host>元素中配置如下<logger>元素:
<logger classname = "org.apache.catalina.logger.filelogger"
directory = "logs" prefix = "localhost_log."suffix=".txt"
timestamp = "true"/>
常用的过滤器实例:
- <pre name="code" class="java">//对整站编码的过滤
- public void dofilter(servletrequest request, servletresponse sresponse,filterchain chain) {
- try{
- request.setcharacterencoding("gbk");
- chain.dofilter(request, sresponse);
- }catch(exception e){
- e.printstacktrace();
- }
- }
- //对用户登陆进行验证
- public void dofilter(servletrequest srequest, servletresponse sresponse,filterchain chain) {
- try {
- httpservletrequest request = (httpservletrequest) srequest;
- httpservletresponse response = (httpservletresponse) sresponse;
- httpsession session = request.getsession();
- user user = (user) session.getattribute("user");
- if (user == null) {
- response.sendredirect("/test/index.html");
- } else {
- chain.dofilter(request, response);
- }
- } catch (exception e) {
- e.printstacktrace();
- }
- }
- //对用户权限进行过滤
- public void dofilter(servletrequest srequest, servletresponse sresponse,filterchain chain) {
- try {
- httpservletrequest requst = (httpservletrequest) srequest;
- httpservletresponse response = (httpservletresponse) sresponse;
- httpsession session = requst.getsession();
- user user = (user) session.getattribute("user");
- string ad=user.getisadmin().tostring();
- if (user == null || ad.equals("0")) {
- response.sendredirect("/test/main.jsp");
- } else {
- chain.dofilter(srequest, sresponse);
- }
- } catch (exception e) {
- e.printstacktrace();
- }
- }
- </pre>
java代码
- //对整站编码的过滤
- public void dofilter(servletrequest request, servletresponse sresponse,filterchain chain) {
- try{
- request.setcharacterencoding("gbk");
- chain.dofilter(request, sresponse);
- }catch(exception e){
- e.printstacktrace();
- }
- }
- //对用户登陆进行验证
- public void dofilter(servletrequest srequest, servletresponse sresponse,filterchain chain) {
- try {
- httpservletrequest request = (httpservletrequest) srequest;
- httpservletresponse response = (httpservletresponse) sresponse;
- httpsession session = request.getsession();
- user user = (user) session.getattribute("user");
- if (user == null) {
- response.sendredirect("/test/index.html");
- } else {
- chain.dofilter(request, response);
- }
- } catch (exception e) {
- e.printstacktrace();
- }
- }
- //对用户权限进行过滤
- public void dofilter(servletrequest srequest, servletresponse sresponse,filterchain chain) {
- try {
- httpservletrequest requst = (httpservletrequest) srequest;
- httpservletresponse response = (httpservletresponse) sresponse;
- httpsession session = requst.getsession();
- user user = (user) session.getattribute("user");
- string ad=user.getisadmin().tostring();
- if (user == null || ad.equals("0")) {
- response.sendredirect("/test/main.jsp");
- } else {
- chain.dofilter(srequest, sresponse);
- }
- } catch (exception e) {
- e.printstacktrace();
- }
- }
//对整站编码的过滤 public void dofilter(servletrequest request, servletresponse sresponse,filterchain chain) { try{ request.setcharacterencoding("gbk"); chain.dofilter(request, sresponse); }catch(exception e){ e.printstacktrace(); } } //对用户登陆进行验证 public void dofilter(servletrequest srequest, servletresponse sresponse,filterchain chain) { try { httpservletrequest request = (httpservletrequest) srequest; httpservletresponse response = (httpservletresponse) sresponse; httpsession session = request.getsession(); user user = (user) session.getattribute("user"); if (user == null) { response.sendredirect("/test/index.html"); } else { chain.dofilter(request, response); } } catch (exception e) { e.printstacktrace(); } } //对用户权限进行过滤 public void dofilter(servletrequest srequest, servletresponse sresponse,filterchain chain) { try { httpservletrequest requst = (httpservletrequest) srequest; httpservletresponse response = (httpservletresponse) sresponse; httpsession session = requst.getsession(); user user = (user) session.getattribute("user"); string ad=user.getisadmin().tostring(); if (user == null || ad.equals("0")) { response.sendredirect("/test/main.jsp"); } else { chain.dofilter(srequest, sresponse); } } catch (exception e) { e.printstacktrace(); } }
web.xml中的配置
- <filter></filter>
- <filter-name></filter-name>encodingfilter
- <filter-class></filter-class>filter.encodingfilter
- <filter></filter>
- <filter-name></filter-name>firstfilter
- <filter-class></filter-class>filter.firstfilter
- <filter></filter>
- <filter-name></filter-name>secondfilter
- <filter-class></filter-class>filter.secondfilter
- <filter-mapping></filter-mapping>
- <filter-name></filter-name>encodingfilter
- <url-pattern></url-pattern>/*
- <filter-mapping></filter-mapping>
- <filter-name></filter-name>firstfilter
- <url-pattern></url-pattern>/web/*
- <filter-mapping></filter-mapping>
- <filter-name></filter-name>secondfilter
- <url-pattern></url-pattern>/web/charge.jsp