1.脏话过滤器
2.编码过滤器
loginJSP
<span style="font-size:24px;">//过滤脏话
public class DirtyFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
DirtyRequest dirtyrequest = new DirtyRequest(request);
chain.doFilter(dirtyrequest, response);
}
public void init(FilterConfig arg0) throws ServletException {
}
}
class DirtyRequest extends HttpServletRequestWrapper {
private HttpServletRequest request;
public DirtyRequest(HttpServletRequest request) {
super(request);
this.request = request;
}
private List<String> dirtyWords = Arrays.asList("傻逼", "操蛋", "畜生");
public String getParameter(String name) {
String value = this.request.getParameter(name);
if (value == null) {
return null;
}
for (String dirtyWord : dirtyWords) {
if (value.contains(dirtyWord)) {
value = value.replace(dirtyWord, "****");
}
}
return value;
}
}</span>
2.编码过滤器
<span style="font-size:24px;">//为解决全站的乱码问题
public class CharacterEncodingFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=UTF-8");
MyCharacterEncodingRequest requestWrapper = new MyCharacterEncodingRequest(
request);
chain.doFilter(requestWrapper, response);
}
public void init(FilterConfig filterConfig) throws ServletException {
}
}
/*
* 1.实现与被增强对象相同的接口
* 2、定义一个变量记住被增强对象
* 3、定义一个构造器,接收被增强对象
* 4、覆盖需要增强的方法
* 5、对于不想增强的方法,直接调用被增强对象(目标对象)的方法
*/
// 专门处理get请求参数
class MyCharacterEncodingRequest extends HttpServletRequestWrapper {
private HttpServletRequest request;
public MyCharacterEncodingRequest(HttpServletRequest request) {
super(request);
this.request = request;
}
public String getParameter(String name) {
try {
String value = this.request.getParameter(name);
if (value == null) {
return null;
}
if (!this.request.getMethod().equalsIgnoreCase("get")) {
return value;
}
value = new String(value.getBytes("ISO8859-1"),
this.request.getCharacterEncoding());
return value;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}</span>
3.实现用户自动登陆的过滤器
•在用户登陆成功后,发送一个名称为user的cookie给客户端,cookie的值为用户名和md5加密后的密码。
•编写一个AutoLoginFilter,这个filter检查用户是否带有名称为user的cookie来,如果有,则调用dao查询cookie的用户名和密码是否和数据库匹配,匹配则向session中存入user对象(即用户登陆标记),以实现程序完成自动登陆。
public class AutoLoginFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
//如果用户已经登录,直接放行
if (request.getSession().getAttribute("user") != null) {
chain.doFilter(request, response);
return;
}
//如果用户没有登陆则:
// 1.得到用户带过来的autologin的cookie
String value = null;
Cookie cookies[] = request.getCookies();
for (int i = 0; cookies != null && i < cookies.length; i++) {
if (cookies[i].getName().equals("autologin")) {
value = cookies[i].getValue();
}
}
// 2.得到cookie中的用户名和密码
if (value != null) {
String username = value.split("\\.")[0];
String password = value.split("\\.")[1];
System.out.println(username + "::" + password);
// 3.调用dao获取用户对应的密码
UserDao dao = new UserDao();
User user = dao.find(username);
String dbpassword = user.getPassword();
// 4.检查用户带来的md5的密码和数据库中的密码是否匹配,如果匹配则自动登陆
if (password.equals(WebUtils.md5(dbpassword))) {
request.getSession().setAttribute("user", user);
}
}
chain.doFilter(request, response);
}
public void init(FilterConfig filterConfig) throws ServletException {
}
}
LoginServlet
public class LoginServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
UserDao dao = new UserDao();
User user = dao.find(username, password);
if (user == null) {
request.setAttribute("message", "用户名或者密码不对!!");
request.getRequestDispatcher("/message.jsp").forward(request,
response);
return;
}
request.getSession().setAttribute("user", user);
request.setAttribute("message", "恭喜,登录成功");
// 发送自动登陆的cookie
sendAutoLoginCookie(request, response, user);
request.getRequestDispatcher("/message.jsp").forward(request, response);
}
private void sendAutoLoginCookie(HttpServletRequest request,
HttpServletResponse response, User user) {
int logintime = Integer.parseInt(request.getParameter("logintime"));
Cookie cookie = new Cookie("autologin", user.getUsername() + "."
+ WebUtils.md5(user.getPassword()));
cookie.setMaxAge(logintime);
cookie.setPath("/day18");
response.addCookie(cookie);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
loginJSP
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My JSP</title>
</head>
<body>
<form action="${pageContext.request.contextPath }/servlet/LoginServlet"
method="post">
用户名:<input type="text" name="username"><br /> 密码:<input
type="password" name="password"><br /> 有效期: <input
type="radio" name="logintime" value="3600">1小时 <input
type="radio" name="logintime" value="${10*60 }">10分钟 <input
type="radio" name="logintime" value="${5*60 }">5分钟 <br /> <input
type="submit" value="登陆">
</form>
</body>
</html>
3.WebUtils
<span style="font-size:24px;">import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import sun.misc.BASE64Encoder;
public class WebUtils {
public static String md5(String message) {
try {
MessageDigest md = MessageDigest.getInstance("md5");
byte result[] = md.digest(message.getBytes());
BASE64Encoder encoder = new BASE64Encoder();
return encoder.encode(result);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
}
</span>