FIlter过滤器
过滤器实际上就是对web资源进行拦截,做一些处理后再交给下一个过滤器或servlet处理,通常都是用来拦截request进行处理的,也可以对返回的response进行拦截处理
原理图:
应用场景
- 自动登录
- 统一设置编码格式
- 访问权限控制
- 敏感词汇过滤
统一设置编码
第一步,先导入依赖
<!--servlet依赖-->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>4.0.1</version>
<scope>provided</scope>
</dependency>
<!--jsp依赖-->
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>javax.servlet.jsp-api</artifactId>
<version>2.3.3</version>
</dependency>
<!--JSTL表达式的依赖-->
<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
<artifactId>jstl-api</artifactId>
<version>1.2</version>
</dependency>
<!--standard标签库的依赖-->
<dependency>
<groupId>taglibs</groupId>
<artifactId>standard</artifactId>
<version>1.1.2</version>
</dependency>
第二步,建立servlet类
public class ShowServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
resp.getWriter().write("这是一段中文");
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
第三步,建立Filter类
注意:这里的Filter接口是javax.servlet下的,而且必须重写三个方法
public class CharacterEncodingFilter implements Filter {
//初始化
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("Filter过滤器正在启动...");
}
//Chain:链
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
request.setCharacterEncoding("utf-8");
response.setCharacterEncoding("utf-8");
response.setContentType("text/html;charset=utf-8");
/**
* 这里的chain是让request继续走下去交给下一个过滤器或servlet
* 如果不写,程序到这里就会被拦截
*/
chain.doFilter(request, response);
}
//销毁
@Override
public void destroy() {
System.out.println("Filter过滤器正在销毁...");
}
}
第四步,去web.xml里配置
当请求servlet目录下的资源时候,全部设置统一中文编码utf-8
<servlet>
<servlet-name>ShowServlet</servlet-name>
<servlet-class>com.hs_vae.servlet.ShowServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ShowServlet</servlet-name>
<url-pattern>/servlet/show</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ShowServlet</servlet-name>
<url-pattern>/show</url-pattern>
</servlet-mapping>
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>com.hs_vae.filter.CharacterEncodingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/servlet/*</url-pattern>
</filter-mapping>
第五步,配置Tomcat并启动测试
访问servlet目录下的资源,是正常的一段中文,已经被过滤
访问其他目录下资源,这时候产生乱码
权限拦截
案例需求:一个登录页面,用户登录之后才能进入主页,用户注销后就不能进入主页了
首先建立一个登陆页面login.jsp,里面设置表单,存放登录信息(用户名和密码)
<h1>登录页面</h1>
<form action="/servlet/login" method="post">
用户名:<input type="text" name="username"><br>
密码:<input type="password" name="password"><br>
<input type="submit" name="登录">
</form>
错误页面error.jsp
<h1>权限不够,用户名或密码错误</h1>
<p><a href="/login.jsp">返回登录页面</a></p>
登录成功后跳转到主页success.jsp(admin目录下)
<h1>主页</h1>
<h1>登录成功!</h1>
<p><a href="/servlet/logout">注销</a></p>
事先在util目录建立一个常量类,用来命名Session中的key
public class Constant {
public final static String USER_SESSION = "USER_SESSION";
}
登陆的servlet,用户登录成功之后,向Session中放入用户的数据,登录失败跳转的error页面
public class LoginServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
//获取前端请求的参数
String username = req.getParameter("username");
String password = req.getParameter("password");
//判断用户名和密码是否正确
if (username.equals("admin")&&password.equals("123456")){
//登录成功
req.getSession().setAttribute(Constant.USER_SESSION,req.getSession().getId());
//重定向到主页
resp.sendRedirect("/admin/success.jsp");
System.out.println("登录成功");
}else {
//登录失败
resp.sendRedirect("/error.jsp");
}
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
注销的servlet
public class LogoutServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
Object user_session = req.getSession().getAttribute(Constant.USER_SESSION);
if (user_session!=null){
//注销之后如果Session不为空,就将它清除掉
req.getSession().removeAttribute(Constant.USER_SESSION);
resp.sendRedirect("/login.jsp");
}else {
//如果为空
resp.sendRedirect("/login.jsp");
}
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
进入主页的时候要判断用户是否已经登录,如果没有登陆直接在网址上输入主页地址,会存在权限安全问题
解决:用过滤器事先权限拦截
public class LoginFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
//要将ServletRequest转为HttpServletRequest才能获得Session
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
//获取session
Object user_session = httpServletRequest.getSession().getAttribute(Constant.USER_SESSION);
if (user_session==null){
//如果session为空,则重定向到错误页面
httpServletResponse.sendRedirect("/error.jsp");
}
chain.doFilter(request, response);
}
@Override
public void destroy() {
}
}
web.xml里面注册servlet
<!-- 登录servlet-->
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>com.hs_vae.servlet.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/servlet/login</url-pattern>
</servlet-mapping>
<!-- 注销servlet-->
<servlet>
<servlet-name>LogoutServlet</servlet-name>
<servlet-class>com.hs_vae.servlet.LogoutServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LogoutServlet</servlet-name>
<url-pattern>/servlet/logout</url-pattern>
</servlet-mapping>
<!-- 权限拦截Filter-->
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.hs_vae.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/admin/*</url-pattern>
</filter-mapping>
启动Tomcat测试
只有登陆了才能进入到主页,不能直接访问主页