1、过滤器概念
过滤器(Filter)是处于客户端和服务器目标资源之间的过滤技术
2、过滤器作用
- 在Servlet执行之前执行,客户端发送请求时,会经过Filter,再到达目标Servlet中,响应时,会根据执行流程反向执行Filter
- 可以解决多个Servlet共性代码的冗余问题
3、编写过滤器
- Servlet API中提供了一个Filter接口,开发人员编写一个Java类实现了这个接口即可,这个Java类称之为过滤器(Filter)
3.1 实现过程
- 编写java类实现Filter接口
- 在doFilter接口里编写过滤逻辑
- 设置拦截路径
package filter;
import javax.servlet.*;
import java.io.IOException;
/**
* @Author wzy
* @Date 0029 2020-12-29 17:01
* @Version 1.0
*/
public class DemoFilter02 implements Filter {
public DemoFilter02(){
System.out.println("DemoFilter2的构造方法");
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("DemoFilter2的初始化方法");
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("DemoFilter2过滤方法开始");
filterChain.doFilter(servletRequest,servletResponse);
System.out.println("DemoFilter2过滤方法结束");
}
@Override
public void destroy() {
System.out.println("DemoFilter2的销毁方法");
}
}
4、案例应用
解决登陆漏洞
package filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* @Author wzy
* @Date 0029 2020-12-29 17:43
* @Version 1.0
*/
public class LoginFilter extends DefaultFilter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
//判断用户是否登录,如果没有登录,则重定向到登录页面(login.jsp)页面
//由于servletRequest没有getSession方法,若是不进行强制转换,则无法获取session
//注意:HttpServletRequest继承于ServletRequest,故而可以进行强转换
HttpServletRequest request = (HttpServletRequest) servletRequest;
//HttpServletResponse 原因和同上HttpServletRequest一样
HttpServletResponse response = (HttpServletResponse)servletResponse;
//用户若是通过登录页面进行登录,页面的登陆方法则会在session保存其ID,故而若是session里的id不为空,则视为从login.jsp页面登陆
Integer id = (Integer) request.getSession().getAttribute("id"); //获取session里的id的值
String uri=request.getRequestURI();
//获取action的值是为了用于从index.jsp进入login.jsp时,验证码处的请求放行
String action = request.getParameter("action");
if (action==null){
action="";
}
if (id==null && !uri.contains("login.jsp") && !uri.contains("index.jsp")&& !uri.contains("register.jsp")
&& !uri.contains("CheckServlet") && !action.equals("login") && !action.equals("register")){
response.sendRedirect("login.jsp");
return;
}
//请求放行
filterChain.doFilter(request,response);
}
}