Java-Web三大件之过滤器Filter
参考文章:https://blog.csdn.net/m0_51545690/article/details/123677340?spm=1001.2014.3001.5502
一丶本质:
Filter 过滤器它是 JavaEE 的规范。也就是接口,是用于特定用途的servlet,作用是拦截请求响应对象
二丶功能:
●访问特定资源时的身份认证
●访问资源的记录跟踪
●访问资源的转换,如格式转换等
三丶过滤器的应用场景:
四丶过滤器API:
五丶过滤器的生命周期:
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import java.io.IOException;
@WebFilter("/*")
public class LifeCycleFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
//这个方法就是初始化方法,在Filter创建时调用
System.out.println("调用了init()方法");
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
//这个方法就是过滤和拦截的方法,当请求和拦截匹配时调用
System.out.println("调用了doFilter()方法");
}
@Override
public void destroy() {
//这个方法就是销毁方法,在Filter销毁前调用
System.out.println("调用了destroy()方法");
}
}
1.构造器方法:
当服务器启动时,我们的服务器(Tomcat)就会读取配置文件,扫描注解,然后来创建我们的Filter。
2.init初始化方法
在 web 工程启动的时候执行(Filter 已经创建)
3.doFilter 过滤方法
只要请求资源的路径和拦截的路径相同,那么过滤器就会对请求进行过滤,这个阶段在服务器运行过程中会一直循环。
4.destroy 销毁
当服务器(Tomcat)关闭时,就会执行(停止 web 工程,也会销毁 Filter 过滤器)
六丶过滤器的使用步骤:
①编写一个类去实现 Filter 接口
②实现过滤方法 doFilter()
③到 web.xml 中去配置 Filter 的拦截路径
1.基本结构:
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import java.io.IOException;
@WebFilter("/*")
public class MyFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("对request进行过滤");
//下面这行代码就是放行
filterChain.doFilter(servletRequest,servletResponse);
System.out.println("对response进行过滤");
}
}
WebFilter(“/*”)表示对所有请求进行过滤,
而在doFilter中的放行代码,也就是filterChain.doFilter(servletRequest,servletResponse);这行代码就是对拦截进行放行
2.配置过滤器拦截路径:
①注解:
@WebFilter(value={"/*"},filterName = "myFilter")
public class MyFilter implements Filter{
//如果我们仅仅需要配置一个拦截路径,那么我们可以直接简写@WebLister("拦截路径"),如@WebFilter("/*")就是拦截所有请求。
场景配置项:
- filterName:该filter的名字
- initParams:初始化参数
- displayName:filter显示名称
- servletNames:指定对哪些servlet进行过滤
- asyncSupported:是否支持异步模式
- urlPatterns:指定拦截路径
- value:指定拦截路径
注意:urlPatterns和value是一样的。urlPatterns和value只能配置一个,不能两个都配置,两个都配置就会报错。
②xml:
和Servlet的配置方式基本一样
<filter>
<filter-name>myFilter</filter-name>
<filter-class>com.clucky.filter.MyFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>myFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
七丶doFilter(req,resp)方法:
八丶FilterConfig
类似于ServletDonfig,在init方法中使用FilterConfig来读取配置的数据库的信息,然后输出。
import javax.servlet.*;
import java.io.IOException;
import java.util.Enumeration;
public class MyFilterConfig implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("-----------获取全部key:value------------");
//得到所有配置参数的名字
Enumeration<String> names = filterConfig.getInitParameterNames();
while (names.hasMoreElements()) {
//得到每一个名字
String name = names.nextElement();
System.out.println(name+" = "+filterConfig.getInitParameter(name));
}
System.out.println("-----------end.....------------");
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
}
@Override
public void destroy() {
}
}
XML配置;
<filter>
<filter-name>myFilterConfig</filter-name>
<filter-class>com.clucky.filter.MyFilterConfig</filter-class>
<init-param>
<param-name>driver</param-name>
<param-value>com.mysql.jdbc.Driver</param-value>
</init-param>
<init-param>
<param-name>url</param-name>
<param-value>jdbc:mysql://localhost:3306/equip_employ_manage?serverTimezone=GMT</param-value>
</init-param>
<init-param>
<param-name>username</param-name>
<param-value>root</param-value>
</init-param>
<init-param>
<param-name>password</param-name>
<param-value>root</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>myFilterConfig</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
九丶FilterChain:
FilterChain就只有一个方法,其实这个方法就是用来对拦截进行放行的,如果有多个拦截器,那么就会继续调用下一个Filter进行拦截。doFilter方法需要传入个参数,一个是ServletRequest,一个是ServletResponse参数,这个直接传入进行。
Tomcat在调用过滤器时,默认就会传入Request和Response,这个参数封装了请求和响应,我们直接使用就行。ServletResquest和ServletResponse可以直接强转成HttpServletRequest和HttpServletResponse,然后使用相应的方法。
应用实例:
第一个过滤器:
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import java.io.IOException;
@WebFilter("/*")
public class Filter01 implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("调用过滤器01对请求进行过滤~~~~");
//放行,如果还有过滤器,那么就执行下一个过滤器
filterChain.doFilter(servletRequest,servletResponse);
System.out.println("调用过滤器01对响应进行过滤~~~~");
}
@Override
public void destroy() {
}
}
第二个过滤器:
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import java.io.IOException;
@WebFilter("/*")
public class Filter02 implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("调用过滤器02对请求进行过滤~~~~");
//放行,如果还有过滤器,那么就执行下一个过滤器
filterChain.doFilter(servletRequest,servletResponse);
System.out.println("调用过滤器02对响应进行过滤~~~~");
}
@Override
public void destroy() {
}
}
Filter01先进行过滤,然后交给Filter02,然后访问资源,然后Filter02对响应进行过滤,然后Filter01对响应进行过滤
十丶多个Filter的执行顺序:
- 如果我们是在web.xml中配置的过滤器,那么过滤器的执行顺序就是< filter-mapping>在web配置的顺序,配置在上面那么就会先执行。
- 如果我们是使用@WebFilter进行配置的,那么执行顺序就是字符比较顺序来执行,例如有2个过滤器,一个是AFilter,一个是BFilter,那么AFilter就会先执行。
- 如果注解和xml混用,那么在web.xml中配置的会先执行。
十一丶应用实例:实现敏感词汇过滤
jsp:
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>评论</title>
</head>
<body>
<h1>输入评论内容</h1>
<form action="${pageContext.request.contextPath}/comment" method="post">
<textarea name="message" cols="30" rows="10"></textarea>
<input type="submit" value="提交">
</form>
<p >${requestScope.get("name")}<span style="color: red">${requestScope.get("comment")}</span></p>
</body>
</html>
filter:
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.annotation.WebInitParam;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
@WebFilter(servletNames = {"comment"},initParams = {@WebInitParam(name = "sensitiveWord", value = "zz")})
public class CommentFilter implements Filter {
private List<String> sensitiveWords = new ArrayList<>();
@Override
public void init(FilterConfig filterConfig) throws ServletException {
//得到敏感词汇
String word = filterConfig.getInitParameter("sensitiveWord");
//加入集合
sensitiveWords.add(word);
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
//设置编码
servletRequest.setCharacterEncoding("utf-8");
servletResponse.setContentType("text/html;charset=utf-8");
//得到评论
String message = servletRequest.getParameter("message");
for (String sensitiveWord : sensitiveWords) {
//对所有敏感词汇进行过滤
if (message.contains(sensitiveWord)){
//替换敏感词汇
message = message.replace(sensitiveWord, "**");
}
}
//存入request域
servletRequest.setAttribute("comment",message);
//放行
filterChain.doFilter(servletRequest,servletResponse);
}
@Override
public void destroy() {
}
}
servlet:
import javax.servlet.*;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.*;
import java.io.IOException;
import java.util.HashSet;
@WebServlet(name = "comment",value = "/comment")
public class CommentServlet extends HttpServlet {
//记录评论敏感词汇的ip
private HashSet<String> hashSet = new HashSet<>();
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String message = request.getParameter("message");
String comment = (String) request.getAttribute("comment");
if (message.equals(comment)){
System.out.println("没有敏感词汇.....");
//设置名字
request.setAttribute("name","good boy:");
}else {
//有敏感词汇,记录IP
String localAddr = request.getLocalAddr();
System.out.println(localAddr);
hashSet.add(localAddr);
//设置名字
request.setAttribute("name","bad boy:");
}
//转发到comment.jsp页面
request.getRequestDispatcher("/comment.jsp").forward(request,response);
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
this.doGet(request, response);
}
}