0. 区别
过滤器属于servlet规范当中定义的组件,而拦截器 属于spring框架定义的组件。
1. 过滤器
过滤器:实现Filter接口
1.1 过滤器的作用
常用来做项目中的一些共性的需求
如:记录日志、过滤敏感词、权限检查
过滤器会以极低的耦合度来处理这样的需求
共性的需求:几乎每个请求都要做的事情
1.2 使用步骤
写一个类,实现Filter接口
在web.xml中配置此Filter
package web;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginFilter implements Filter {
public void destroy() {
}
public void doFilter(
ServletRequest req,
ServletResponse res,
FilterChain chain)
throws IOException, ServletException {
//tomcat调用此方法并传入参数,
//传入的是Http开头的参数。
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
//有三个请求不需要过滤,将它们排除掉。
String[] paths = new String[]{
"/toLogin.do",
"/login.do",
"/createImg.do"
};
String currPath = request.getServletPath();
for(String p:paths){
if(p.equals(currPath)){
chain.doFilter(request, response);
return;
}
}
//尝试从session中获取账号
//登录成功时可以获取到账号,
//否则获取不到账号。
HttpSession session = request.getSession();
String adminCode = (String) session.getAttribute("adminCode");
//根据账号判断是否已登录
if(adminCode == null){
//没登录,重定向到toLogin.do,因为不知道是什么请求,所以用绝对
response.sendRedirect("/netctoss/toLogin.do");
} else {
//已登录,让请求继续执行
chain.doFilter(request, response);
}
}
<span style="white-space:pre"> </span>//加载时执行,也没必要执行
public void init(FilterConfig arg0) throws ServletException {
}
}
另一个项目中的登陆过滤器
package cn.tedu.note.util;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class AccessFilter implements Filter{
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
//获取请求的路径
String path = request.getRequestURI();
String reg = ".*edit\\.html$";
if(path.matches(reg)){
checkLogin(request,response,chain);
return;
}
reg=".*\\.do";
String account = ".*account.*\\.do";
if(path.matches(reg) && !path.matches(account)){
checkdo(request,response,chain);
}
chain.doFilter(request, response);
}
private void checkdo(HttpServletRequest request, HttpServletResponse response,FilterChain chain) throws IOException, ServletException {
//
String name = "token";
String value = null;
value = getCookie(request, name, value);
if(value==null){
String json = "{\"state\":1, "
+ "\"message\":\"必须登录\"}";
response.setContentType("application/json;charset=utf-8");
response.getWriter().println(json);
return;//如果写了if,没写else,就要写return;
}
chain.doFilter(request, response);
}
private void checkLogin(HttpServletRequest request, HttpServletResponse response,FilterChain chain) throws IOException, ServletException {
//读取cookie 检查是否登录
String name = "token";
String value = null;
value = getCookie(request, name, value);
if(value==null){//没有cookie没有登录,重定向到登录页面
String path= "log_in.html";
response.sendRedirect(path);
return;
}
//有cookie就通过
chain.doFilter(request, response);
}
private String getCookie(HttpServletRequest request, String name, String value) {
Cookie[] cookies = request.getCookies();
for(Cookie cookie:cookies){
if(cookie.getName().equals(name)){
value = cookie.getValue();
}
}
return value;
}
public void init(FilterConfig arg0) throws ServletException {
}
}
web.xml文件中配置过滤器
<!-- 登录检查的过滤器 -->
<filter>
<filter-name>login</filter-name>
<filter-class>web.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>login</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
2. 拦截器
2.1 什么是拦截器?
前端控制器在调用处理器之前,如果发现有拦截器存在, 则会先调用拦截器,然后再调用处理器。
注:过滤器属于servlet规范当中定义的组件,而拦截器 属于spring框架定义的组件。
2.2 如何写一个拦截器?
step1. 写一个Java类,实现HandlerInterceptor接口。
step2. 将拦截处理逻辑写在相应的接口方法里面:
preHandle方法:前端控制器先调用拦截器的preHandle方法, 如果该方法返回值为true,则拦截器继续向后调用;如果 该方法返回值为false,则拦截器不再向后调用,请求处理 完成。
postHandle方法:处理器方法已经执行完成,正准备将 ModelAndView对象返回给前端控制器之前执行。可以在 该方法里面,修改ModelAndView对象。
afterCompletion方法:最后执行的方法,要注意,如果 preHandle方法返回值为false,该方法不会执行。
step3. 配置拦截器。
package com.tarena.netctoss.interceptors;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
public class SessionInterceptor implements HandlerInterceptor {
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler)
throws Exception {
System.out.println("preHandle()");
HttpSession session = request.getSession();
Object admin = session.getAttribute("admin");
if(admin == null){
//没有登录,跳转到登录页面
response.sendRedirect("toLogin.do");
return false;
}
//已经登录过,则继续向下执行
return true;
}
public void postHandle(HttpServletRequest request,
HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
}
public void afterCompletion(HttpServletRequest request,
HttpServletResponse response, Object handler, Exception ex)
throws Exception {
}
}