filter的作用:
在action相应之前就把页面的请求过滤一遍
filter相当于客户端和服务器端之间的一扇门,就像保安一样。作用:比如说设置字符集和权限控制等等。
2. 细节;
* . 只能对post请求起作用
* .可以使用多种匹配模式:
*.jsp (*.后面带后缀名) /servlet/* (某个路径下的所有请求) /* (匹配所有)
* 注意:当客户端发出请求到服务器端才会被拦截(假如从servlet转发到另一个jsp页面,这个时候不会被拦截)
JavaEE中的Filter是用了责任链模式来实现的,请求值先到达Filter,根据Filter在web.xml的配置顺序一个个按顺序地处理,处理完以后,再按反顺序来处理响应信息,有点像是一个栈(先处理请求的Filter,后处理响应)。
下面上代码
init()
@Override
public void init(FilterConfig config) throws ServletException
{
ignores = config.getInitParameter("ignore").split("\\s*,\\s*");
portalUri = config.getInitParameter("portal").split("\\s*,\\s*");
portalRedirect = config.getInitParameter("redirect");
if (portalRedirect == null || portalRedirect.trim().length() == 0)
{
portalRedirect = "/selfcare/login.jsp";
}
}
dofilter()
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
FilterChain filterChain) throws IOException, ServletException
{
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
TUserBO loginedUser = null;
boolean portal = false;
String uri = request.getRequestURI();
if (uri.endsWith(".action") || uri.endsWith(".jsp"))
{
int lastIndex = uri.lastIndexOf("/");
String fname = uri.substring(lastIndex + 1);
HttpSession session = request.getSession();
if (!ArrayUtils.contains(ignores, uri.substring(lastIndex + 1)))
{
loginedUser = (TUserBO) session.getAttribute(ConstDef.SESSION_KEY_USER);
//无session时,取cookie
if(loginedUser==null){
this.checkeCookie(request);
loginedUser = (TUserBO) session.getAttribute(ConstDef.SESSION_KEY_USER);
}
portal = this.isPortalUri(uri);
if (loginedUser == null)
{
// 管理平台无seesion
if (!portal)
{
// 异步的http请求
if (request.getHeader("x-requested-with") != null
&& request.getHeader("x-requested-with").equalsIgnoreCase("XMLHttpRequest"))
{
PrintWriter printWriter = response.getWriter();
printWriter.print("{\"sessionState\":0}");
printWriter.flush();
printWriter.close();
} else
{
response.sendRedirect(request.getContextPath() + "/logout1.jsp");
}
return;
}
// portal无session
else
{
if(uri!=null&&uri.indexOf("SkyFormPortal")>0) {
response.sendRedirect(request.getContextPath() + portalRedirect);
} else {
PrintWriter printWriter = response.getWriter();
printWriter.print("{\"sessionState\":0}");
printWriter.flush();
printWriter.close();
}
return;
}
}
// 管理平台用户url有效性判断,前台用户无需
else if (!portal&&null!=loginedUser.getAllActionURL()&&!loginedUser.getAllActionURL().isEmpty())
{
if (loginedUser.getAllActionURL().contains(uri.replace("/SkyFormOpt/", "../")))
{
if (!validateURI(uri, loginedUser))
return;
}
}
} else if (fname != null && fname.equals("logout.action"))
{
if (loginedUser != null)
{
session.removeAttribute(ConstDef.SESSION_KEY_USER);
}
session.invalidate();
/**
* 修改说明:跟踪代码发现,这段代码会使请求略过filterChain.doFilter(request,
* response),同时也略过了struts.xml中对logout.actiond的定义,所以注释
*/
// response.sendRedirect(request.getContextPath() +
// "/loginInit.action");
// return;
}
}
filterChain.doFilter(request, response);
return;
}
@Override
public void destroy()
{
}
filter配置文件
在web.xml中注册
参考:http://blog.csdn.net/hu_xinxin/article/details/9265501