在很多系统中都使用过拦截器,拦截器大多用在登陆和日志处理方面,那么现在就以登陆为例子,简单介绍下拦
截器。
一、功能:
它使用户可以改变一个request和修改一个response.Filter 不是一个servlet,它不能产生一个response,它能
够在一个request到达servlet之前预处理request,也可以在response离开servlet时处理response.换种说法,
filter其实是一个“servletchaining“(servlet 链)
二、组成:
配置文件
三个方法:
1、void init(Filter Config Config)用于完成filter的初始化
2、woid destory用于filter销毁之前,完成某些资源的回收
3.void doFilter(ServletRequest request, ServletResponse response,FilterChain chaim);实现过滤功能,该
方法就是每个请求及响应增加的额外处理。)
filter链:
执行filter的顺序,一个项目中可以执行多个filter,并且每个filter有不同的执行顺序,这些具体顺序的执行在配
置文件中进行配置。
在Web.xml中配置filter
<!-- 定义Filter -->
<filter>
<!-- Filter 的名字 -->
<filter-name>security</filter-name>
<!-- Filter 的实现类 -->
<filter-class> test.filter.SecurityFilter</filter-class>
</filter>
<!-- 定义Filter 拦截地址 -->
<filter-mapping>
<!-- Filter 的名字 -->
<filter-name> security </filter-name>
<!-- Filter 负责拦截的URL -->
<url-pattern>/security/*</url-pattern>
</filter-mapping>
小例子:
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.voiinnov.puhuilicai.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/ssl/*</url-pattern>
<!-- <url-pattern>*</url-pattern> -->
</filter-mapping>
Filter实现类;
这里以登陆为例,
package com.voiinnov.puhuilicai.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.springframework.context.ApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
import com.voiinnov.puhuilicai.common.Constants;
import com.voiinnov.puhuilicai.entity.CustUser;
/**
*
* @Description: 登录filter
* @author jingjiwu
* @date 2014年8月25日 下午6:57:25
*/
public class LoginFilter implements Filter {
private NotAuthUrl notAuthUrl = null;
public LoginFilter(){
}
public void init(FilterConfig filterConfig) throws ServletException {
ApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(filterConfig.getServletContext());
notAuthUrl = (NotAuthUrl) ctx.getBean("notAuthUrl");
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
HttpSession session = req.getSession(true);
String preUrl = (String)session.getAttribute("preUrl");
String logUrl = (String)session.getAttribute("logUrl");
CustUser user = (CustUser) session.getAttribute(Constants.USER);
String type = req.getHeader("X-Requested-With");
String url = ((HttpServletRequest)request).getRequestURI();
if(user==null && url.contains("/ssl/") && !isNotloginUrl(url)){
if(StringUtils.isNotBlank(type) && type.equalsIgnoreCase("XMLHttpRequest")){
res.setHeader("sessionstatus", "timeout");
res.sendError(518, "session timeout.");
}else{
String purl = req.getRequestURL().toString();
if (!purl.contains("login")) {
preUrl=purl;
if (null!=req.getQueryString()) {
preUrl= preUrl+"?"+req.getQueryString();
}
}
session.setAttribute("preUrl", preUrl);
session.setAttribute("logUrl", logUrl);
logUrl = "http://"+req.getHeader("Host")+req.getContextPath()+"/index.htm?isFilter=yes";
res.sendRedirect(logUrl);
return;
}
}else{
if(null!=user){
Long loginTime = (Long) session.getServletContext().getAttribute(user.getUserName());
if(loginTime!=null){
if(user.getLoginTime()<loginTime){
session.removeAttribute("user");
System.out.println("session remove");
String login = req.getContextPath() + "/index.htm";
res.sendRedirect(login);
return;
}
}
if(StringUtils.isNotBlank(preUrl)){
session.removeAttribute("logUrl");
session.removeAttribute("preUrl");
if(user.getCustType()==1 && preUrl.indexOf("ssl/account/toCenter")>1){
preUrl = preUrl.replaceAll("ssl/account/toCenter", "ssl/account/toEntCenter");
}
res.sendRedirect(preUrl);
return;
}
}
/*if(null != user ){
if(StringUtils.isNotBlank(preUrl)){
session.removeAttribute("logUrl");
session.removeAttribute("preUrl");
if(user.getCustType()==1 && preUrl.indexOf("ssl/account/center")>1){
preUrl = preUrl.replaceAll("ssl/account/center", "ssl/account/entcenter");
}
res.sendRedirect(preUrl);
}
}*/
/*if(null != user && StringUtils.isNotBlank(preUrl)){
session.removeAttribute("logUrl");
session.removeAttribute("preUrl");
if(user.getCustType()==1 && preUrl.indexOf("ssl/account/center")>1){
preUrl = preUrl.replaceAll("ssl/account/center", "ssl/account/entcenter");
}
res.sendRedirect(preUrl);
}*/
}
chain.doFilter(request, response);
}
/**
* 不登录即可访问的页面
* @param url
* @return
*/
private boolean isNotloginUrl(String url){
for(String not:notAuthUrl.getNotAuth()){
if(url.contains(not))
return true;
}
return false;
}
public void destroy() {
}
}
拦截器基本就分为这几部分,想要更多的了解,就需要自己去实践喽~