servlet过滤器 实例
Java Servlet Filter is used to intercept the client request and do some pre-processing. It can also intercept the response and do post-processing before sending to the client in web application. This is the fourth article in the series of Web Applications Tutorial, you might want to check out earlier articles too.
Java Servlet过滤器用于拦截客户端请求并进行一些预处理。 它还可以截取响应并进行后处理,然后再发送到Web应用程序中的客户端。 这是Web应用程序教程系列中的第四篇文章,您可能也想看看之前的文章。
- Java Web Application Java Web应用程序
- Java Servlet Tutorial Java Servlet教程
- Servlet Session Management Servlet会话管理
Servlet过滤器 (Servlet Filter)
In this article, we will lean about the Servlet Filter in Java. We will look into various usage of servlet filter, how can we create a filter and learn its usage with a simple web application.
在本文中,我们将学习Java中的Servlet过滤器。 我们将研究servlet过滤器的各种用法,如何创建过滤器并通过简单的Web应用程序学习其用法。
- Why do we have Servlet Filter? 为什么会有Servlet筛选器?
- Servlet Filter interface Servlet过滤器接口
- Servlet WebFilter annotation Servlet WebFilter批注
- Servlet Filter configuration in web.xml web.xml中的Servlet过滤器配置
- Servlet Filter Example for Logging and session validation 用于日志记录和会话验证的Servlet筛选器示例
为什么会有Servlet筛选器? (Why do we have Servlet Filter?)
In the last article, we learned how we can manage session in web application and if we want to make sure that a resource is accessible only when the user session is valid, we can achieve this using servlet session attributes. The approach is simple but if we have a lot of servlets and jsps, then it will become hard to maintain because of redundant code. If we want to change the attribute name in the future, we will have to change all the places where we have session authentication.
That’s why we have a servlet filter. Servlet Filters are pluggable java components that we can use to intercept and process requests before they are sent to servlets and response after servlet code is finished and before container sends the response back to the client.
Some common tasks that we can do with servlet filters are:
- Logging request parameters to log files.
- Authentication and autherization of request for resources.
- Formatting of request body or header before sending it to servlet.
- Compressing the response data sent to the client.
- Alter response by adding some cookies, header information etc.
As I mentioned earlier, servlet filters are pluggable and configured in deployment descriptor (web.xml) file. Servlets and filters both are unaware of each other and we can add or remove a servlet filter just by editing web.xml.
We can have multiple filters for a single resource and we can create a chain of filters for a single resource in web.xml. We can create a Servlet Filter by implementing
javax.servlet.Filter
interface.在上一篇文章中,我们了解了如何在Web应用程序中管理会话,并且如果要确保仅在用户会话有效时才可访问资源,则可以使用Servlet会话属性来实现此目的。 这种方法很简单,但是如果我们有很多servlet和jsps,那么由于冗余代码,它将变得难以维护。 如果将来要更改属性名称,则必须更改所有具有会话身份验证的位置。
这就是为什么我们有一个servlet过滤器。 Servlet过滤器是可插入的 Java组件,我们可以使用它们来拦截和处理请求, 然后再将请求发送到Servlet,并在 Servlet代码完成之后以及容器将响应发送回客户端之前进行响应。
我们可以使用servlet过滤器执行的一些常见任务是:
- 记录请求参数以记录文件。
- 对资源请求的身份验证和授权。
- 在将请求正文或标头发送到servlet之前进行格式化。
- 压缩发送给客户端的响应数据。
- 通过添加一些cookie,标头信息等来更改响应。
如前所述, servlet过滤器是可插入的,并在部署描述符(web.xml)文件中进行配置。 Servlet和过滤器彼此都不知道,我们可以仅通过编辑web.xml来添加或删除Servlet过滤器。
我们可以为单个资源使用多个过滤器,并且可以在web.xml中为单个资源创建过滤器链。 我们可以通过实现
javax.servlet.Filter
接口来创建Servlet过滤器。Servlet过滤器接口