过滤器Filter
Filter是一种常用会话拦截技术
入门程序
我们在自己的包下建立一个Filter包,写一个Filter类:
package com.forge.filter;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import java.io.IOException;
//我们规定拦截的网址
@WebFilter(urlPatterns = "/*")
public class DemoFilter implements Filter {
//使用较少,有默认重写
@Override
public void init(FilterConfig filterConfig) throws ServletException {
Filter.super.init(filterConfig);
System.out.println("Filter init");
}
//必须重写的方法
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("Filter doFilter");
}
@Override
public void destroy() {
Filter.super.destroy();
System.out.println("Filter destroy");
}
}
如果我们的项目是用spring boot,我们需要在启动程序中加上@ServletComponentScan
注释
这时我们再次登录我们的网址,发现我们根本登录不进去。
详解doFilter函数
允许放行函数
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
//放行请求和响应
filterChain.doFilter(servletRequest, servletResponse);
System.out.println("Filter doFilter");
}
关于放行后的问题:
Filter路径拦截
可以指定特定路径,也可以特定指定一路径系的所有资源
实现具体功能
package com.example.filter;
import com.alibaba.fastjson.JSONObject;
import com.example.common.Result;
import com.example.utils.JwtUtils;
import jakarta.servlet.*;
import jakarta.servlet.annotation.WebFilter;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import java.io.IOException;
@Slf4j
@WebFilter(urlPatterns = "/*")
public class LoginCheckFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
//获得url
String url=request.getRequestURL().toString();
log.info("网络url:{}",url);
//判断url中是否包含login
if(url.contains("login")){
log.info("登录操作,放行");
filterChain.doFilter(request, response);
return;
}
String jwt=request.getHeader("token");
if(jwt==null||jwt.equals("")){
log.info("jwt为空,返回未登陆的信息");
Result error=Result.error("NOT_LOGIN");
String notLogin=JSONObject.toJSONString(error);
response.getWriter().write(notLogin);
return;
}
try {
JwtUtils.parseToken(jwt);}
catch (Exception e){
e.printStackTrace();
log.info("解析令牌失败,返回未登陆的错误信息");
Result error=Result.error("NOT_LOGIN");
String notLogin=JSONObject.toJSONString(error);
response.getWriter().write(notLogin);
return;
}
log.info("令牌合法放行");
filterChain.doFilter(request, response);
}
}
我们的功能流程是先获取网址,判断是否是登录页面,如果是登录就放行,如果不是登录请求就阻拦。登录者输入登录账号和密码之后生成jwt令牌,如果jwt解析正确就通行。