1. Filter 是什么
①. JavaWEB 的一个重要组件, 可以对发送到 Servlet 的请求进行拦截, 并对响应也进行拦截.
②. Filter 是实现了 Filter 接口的 Java 类.
③. Filter 需要在 web.xml 文件中进行配置和映射.
创建一个 Filter
①. 创建一个 Filter 类: 实现 Filter 接口: public class HelloFilter implements Filter
②. 在 web.xml 文件中配置并映射该 Filter. 其中 url-pattern 指定该 Filter 可以拦截哪些资源, 即可以通过哪些 url 访问到该 Filter
public class HelloFilter implements Filter {
public void init(FilterConfig fConfig) throws ServletException {
System.out.println("init ....");
}
public void destroy() {
System.out.println("destroy .....");
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
System.out.println("doFilter");
chain.doFilter(request, response);
}
}
web.xml配置
<!-- 注册Filter -->
<filter>
<filter-name>helloFilter</filter-name>
<filter-class>com.filter.HelloFilter</filter-class>
</filter>
<!-- 映射Filter -->
<filter-mapping>
<filter-name>helloFilter</filter-name>
<url-pattern>/test.jsp</url-pattern>
</filter-mapping>
服务器启动,控制台打印:init ....
每次访问/test.jsp ,都打印:doFilter
服务器停止, 打印:destroy .....
所以
过滤器的生命周期:(一定要实现javax.servlet包的Filter接口的三个方法init()、doFilter()、destroy(),空实现也行)
(1)、启动服务器时加载过滤器的实例,并调用init()方法来初始化实例;
(2)、每一次请求时都只调用方法doFilter()进行处理;
(3)、停止服务器时调用destroy()方法,销毁实例。
3.Filter 相关的 API
public void init(FilterConfig filterConfig): 类似于 Servlet 的 init 方法. 在创建 Filter 对象(Filter 对象在 Servlet 容器加载当前 WEB 应用时即被创建)后,
立即被调用, 且只被调用一次. 该方法用于对当前的 Filter 进行初始化操作. Filter 实例是单例的.
* FilterConfig 类似于 ServletConfig
* 可以在 web.xml 文件中配置当前 Filter 的初始化参数. 配置方式也和 Servlet 类似。
<filter>
<filter-name>helloFilter</filter-name>
<filter-class>com.filter.HelloFilter</filter-class>
<init-param>
<param-name>name</param-name>
<param-value>root</param-value>
</init-param>
</filter>
public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain):
真正 Filter 的逻辑代码需要编写在该方法中. 每次拦截都会调用该方法.
* FilterChain: Filter 链. 多个 Filter 可以构成一个 Filter 链.
- doFilter(ServletRequest request, ServletResponse response): 把请求传给 Filter 链的下一个 Filter,
若当前 Filter 是 Filter 链的最后一个 Filter, 将把请求给到目标 Serlvet(或 JSP)
- 多个 Filter 拦截的顺序和 <filter-mapping> 配置的顺序有关, 靠前的先被调用.
public class HelloFilter implements Filter {
public void init(FilterConfig fConfig) throws ServletException {
}
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
System.out.println("1.Before HelloFilter's chain.doFilter");
chain.doFilter(request, response);
System.out.println("2.After HelloFilter's chain.doFilter");
}
}
public class SecondFilter implements Filter {
public void init(FilterConfig fConfig) throws ServletException {
}
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
System.out.println("3.Before HelloFilter's chain.doFilter");
chain.doFilter(request, response);
System.out.println("4.After HelloFilter's chain.doFilter");
}
}
<filter>
<filter-name>helloFilter</filter-name>
<filter-class>com.filter.HelloFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>helloFilter</filter-name>
<url-pattern>/test.jsp</url-pattern>
</filter-mapping>
<filter>
<filter-name>secondFilter</filter-name>
<filter-class>com.filter.SecondFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>secondFilter</filter-name>
<url-pattern>/test.jsp</url-pattern>
</filter-mapping>
访问/test.jsp 打印结果 执行顺序:
1.Before HelloFilter's chain.doFilter
3.Before SecondFilter's chain.doFilter
5 .Test JSP
4.After SecondFilter's chain.doFilter
2.After HelloFilter's chain.doFilter
public void destroy(): 释放当前 Filter 所占用的资源的方法. 在 Filter 被销毁之前被调用, 且只被调用一次.
4. <dispatcher> 元素: 指定过滤器所拦截的资源被 Servlet 容器调用的方式,
可以是REQUEST,INCLUDE,FORWARD和ERROR之一,默认REQUEST.
可以设置多个<dispatcher> 子元素用来指定 Filter 对资源的多种调用方式进行拦截
①. REQUEST:当用户直接访问页面时,Web容器将会调用过滤器。
如果目标资源是通过RequestDispatcher的include()或forward()方法访问时,那么该过滤器就不会被调用。
通过 GET 或 POST 请求直接访问。
request.getRequestDispatcher("/test.jsp").forward(request, response);
<jsp:forward page="/test.jsp"></jsp:forward>
<jsp:include page="/test.jsp"></jsp:include>
上面方式访问/test.jsp Filter 不会拦截
②. FORWARD:如果目标资源是通过RequestDispatcher的forward()方法访问时,那么该过滤器将被调用,除此之外,该过滤器不会被调用。
或 <jsp:forward page="/..." /> 或 通过 page 指令的 errorPage 转发页面. <%@ page errorPage="test.jsp" %>
<filter-mapping>
<filter-name>secondFilter</filter-name>
<url-pattern>/test.jsp</url-pattern>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
②. INCLUDE:如果目标资源是通过RequestDispatcher的include()方法访问时,那么该过滤器将被调用。除此之外,该过滤器不会被调用。
或 <jsp:include file="/..." />
<filter-mapping>
<filter-name>secondFilter</filter-name>
<url-pattern>/test.jsp</url-pattern>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
④. ERROR:如果目标资源是通过声明式异常处理机制调用时,那么该过滤器将被调用。除此之外,过滤器不会被调用。
在 web.xml 文件中通过 error-page 节点进行声明:
<error-page>
<exception-type>java.lang.ArithmeticException</exception-type>
<location>/test.jsp</location>
</error-page>
<filter-mapping>
<filter-name>secondFilter</filter-name>
<url-pattern>/test.jsp</url-pattern>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
四种方式都拦截可以配置
<filter-mapping>
<filter-name>secondFilter</filter-name>
<url-pattern>/test.jsp</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
5.Fitler应用
编码过滤
public class EncodingFilter implements Filter {
private String encoding;
public void init(FilterConfig fConfig) throws ServletException {
encoding = fConfig.getServletContext().getInitParameter("encoding");
}
public void destroy() {
// TODO Auto-generated method stub
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
System.out.println(encoding);
request.setCharacterEncoding(encoding);//統一編碼
chain.doFilter(request, response);
}
}
<context-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</context-param>
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>com.filter.EncodingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/encoding/*</url-pattern>
</filter-mapping>
<%--
//编写一个 EncodingFilter
//1. 读取 web.xml 文件中配置的当前 WEB 应用的初始化参数 encoding
//2. 指定请求的字符编码为 1 读取到的编码
//3. 调用 chain.doFilter() 方法 "放行" 请求
request.setCharacterEncoding("UTF-8");
--%>
Hello: ${param.name }
过滤器的应用--- 登录拦截
public class LoginFilter implements Filter{
//1.从web.xml 文件中获取userSessionKey,rediretPage,uncheckedUrls
private String sessionKey;
private String redirectUrl;
private String uncheckedUrls;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
ServletContext servletContext = filterConfig.getServletContext();
sessionKey = servletContext.getInitParameter("userSessionKey");
redirectUrl = servletContext.getInitParameter("rediretPage");
uncheckedUrls = servletContext.getInitParameter("uncheckedUrls");
}
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain filterChain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
//1.获取请求的 servletPath
String servletPath = request.getServletPath();
//2.检查 1 获取的servletPath 不需要检查URL中的其中一个,若是,放行,方法结束
List<String> urls = Arrays.asList(uncheckedUrls.split(","));
if(urls.contains(servletPath)){
filterChain.doFilter(req, resp);
return;
}
//3. 从 session 中获取 sessionKey 对应的值, 若值不存在, 则重定向到 redirectUrl
Object user = request.getSession().getAttribute(sessionKey);
if(user==null){
response.sendRedirect(request.getContextPath()+redirectUrl);
return;
}
//4.若存在,放行
filterChain.doFilter(req, resp);
}
}
<!-- 用户信息放入到 session 中的键的名字 -->
<context-param>
<param-name>userSessionKey</param-name>
<param-value>USERSESSIONKEY</param-value>
</context-param>
<!-- 若未登录, 需重定向的页面 -->
<context-param>
<param-name>rediretPage</param-name>
<param-value>/login/login.jsp</param-value>
</context-param>
<!-- 不需要拦截(或检查)的 URL 列表 -->
<context-param>
<param-name>uncheckedUrls</param-name>
<param-value>/login/a.jsp,/login/list.jsp,/login/login.jsp,/login/doLogin.jsp,/login/b.jsp</param-value>
</context-param>
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/login/*</url-pattern>
</filter-mapping>
设置没有缓存的过滤器
public class NoCacheFilter extends HttpFilter {
@Override
public void doFilter(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain)
throws IOException, ServletException {
System.out.println("cacheFilter's doFilter..");
response.setDateHeader("Expires",-1);
response.setHeader("Cache-Control","no-cache");
response.setHeader("Pragma","no-cache");
filterChain.doFilter(request, response);
}
}