过滤器和监听器(Filter & Listener)
filter
简介
类似水过滤器(过滤水中杂质),Java Web的过滤器用来过滤请求,判断一个请求是否合法,并进行处理,也可以对请求中的数据进行预处理(如处理中文数据的编码)
应用
1、后台页面访问过滤
2、中文参数处理(字符集编码处理)
3、过滤敏感词汇
过滤器的工作示意图
创建过滤器
filter的本质是一个Java类,继承自Filter
代码示例:
package filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import model.User;
/**
* Servlet Filter implementation class AdminFilter
*/
@WebFilter("/AdminFilter")
public class AdminFilter implements Filter {
/**
* @see Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
// place your code here
//判断访问者是不是管理员,权限过滤
HttpServletRequest httpReq = (HttpServletRequest)request;
HttpServletResponse httpResp = (HttpServletResponse)response;
Object o=httpReq.getSession().getAttribute("user");
if(o==null) {
httpResp.sendRedirect(httpReq.getContextPath()+"/index.jsp");
}else {
User u= (User)o;
if(u.isAdmin()) {
chain.doFilter(request, response);
}else {
httpResp.sendRedirect(httpReq.getContextPath()+"/index.jsp");
}
}
// pass the request along the filter chain
//chain.doFilter(request, response);
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
// TODO Auto-generated method stub
}
}
- 这是一个权限过滤器,用于判断用户是不是管理员,对其访问的页面进行控制。
- 其中doFilter方法中的chain.doFilter(request, response); 会将请求转到下一层过滤器或 servlet。
配置方式
1、注解方式
@WebFilter(这里写入过滤路径)
2、xml方式
<filter>
<filter-name>EncodeFilter</filter-name>
<filter-class>filter.EncodeFilter</filter-class>
<init-param>
<param-name>Encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>EncodeFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
其中
<init-param></init-param>
可以给过滤器添加初始化参数
过滤器的dispatcher
- 配置到servletmapping里面
- 用于过滤REQUEST INCLUDE FORWARD ERROR这四类请求
listener
简介
- 用来监听request session和 application(HttpServletRequest HttpSession ServletContext)
- 监听这些对象的创建、替换和移除(setAttribute /removeAttribute)
应用
1、统计在线人数
2、web应用启动起来的时候做一些初始化的工作
3、单点登录
配置方式
1、注解
@WebListener
2、xml
<listener>
<listener-class></listener-class>
</listener>
代码示例(单点登录)
package listener;
import javax.servlet.annotation.WebListener;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionAttributeListener;
import javax.servlet.http.HttpSessionBindingEvent;
import model.User;
import util.SessionManager;
/**
* Application Lifecycle Listener implementation class SessionAttributeListener
*
*/
@WebListener
public class SessionAttributeListener implements HttpSessionAttributeListener {
/**
* Default constructor.
*/
public SessionAttributeListener() {
// TODO Auto-generated constructor stub
System.out.println("SessionAttributeListener");
}
/**
* @see HttpSessionAttributeListener#attributeAdded(HttpSessionBindingEvent)
*/
public void attributeAdded(HttpSessionBindingEvent arg0) {
// TODO Auto-generated method stub
System.out.println("attributeAdded");
if(arg0.getName().equals("user")) {
User u = (User)arg0.getValue();
//判断是否已经登录
if(SessionManager.sessionMap.containsKey(u.getUsername())) {
//获得另外一个客户端的session
HttpSession session = SessionManager.sessionMap.get(u.getUsername());
//删除该登录信息
session.removeAttribute("user");
SessionManager.sessionMap.remove(u.getUsername());
}
SessionManager.sessionMap.put(u.getUsername(), arg0.getSession());
}
}
/**
* @see HttpSessionAttributeListener#attributeRemoved(HttpSessionBindingEvent)
*/
public void attributeRemoved(HttpSessionBindingEvent arg0) {
// TODO Auto-generated method stub
System.out.println("attributeRemoved");
}
/**
* @see HttpSessionAttributeListener#attributeReplaced(HttpSessionBindingEvent)
*/
public void attributeReplaced(HttpSessionBindingEvent arg0) {
// TODO Auto-generated method stub
}
}