1. 过滤器 Fillter
1)Servlet过滤器是在Java Servlet规范2.3中定义的,它能够对Servlet容器的请求和响应对象进行检查和修改
2)Servlet过滤器本身并不生成请求和响应对象,它只提供过滤器作用。
3)Servlet过滤器能过在Servlet被调用之前检查Request对象,修改Request Heather和Request内容
4)在Servlet被调用之后检查Response对象,修改Response Header和Response内容。Servlet过滤器负责过滤的Web组件可以是Servlet,JSP或HTML文件
2.Servlet过滤器的过滤过程
3.所有的Servlet过滤器类都必须实现javax.servlet.Filter接口。这个过滤器含有3个过滤器类必须实现的方法:
init()
deFilter()
destory()
4.过滤器链式请求过程(FilterChain)
5. 过滤器实践1
1)创建访问时,检查用户是否登录过滤器
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
package com.example.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* Servlet Filter implementation class LoginFilter
*/
@WebFilter("/LoginFilter")
public class LoginFilter implements Filter {
/**
* Default constructor.
*/
public LoginFilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
System.out.println("filter ondestory");
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
System.out.println("doFilter");
HttpServletRequest r = (HttpServletRequest)request;
String requestURI = r.getRequestURI();
if (requestURI.endsWith("login.jsp") || requestURI.endsWith("MyLoginServlet")) {
chain.doFilter(request, response);
return;
}
HttpSession session = r.getSession();
if(null == session.getAttribute("user")){
((HttpServletResponse)response).sendRedirect("login.jsp");
return;
}else{
chain.doFilter(request, response);
}
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
// TODO Auto-generated method stub
System.out.println("filter init");
}
}
|
如果没有登录,则重定向到login.jsp
2) 在web .xml 中配置filter
1
2
3
4
5
6
7
8
|
<
filter
>
<
filter-name
>PrivFilter</
filter-name
>
<
filter-class
>com.example.filter.LoginFilter</
filter-class
>
</
filter
>
<
filter-mapping
>
<
filter-name
>PrivFilter</
filter-name
>
<
url-pattern
>/*</
url-pattern
>
</
filter-mapping
>
|
3) login.jsp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!
DOCTYPE
html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<
html
>
<
head
>
<
meta
http-equiv="Content-Type" content="text/html; charset=UTF-8">
<
title
>Insert title here</
title
>
<% String basePath= request.getContextPath() + "/test"; %>
<
base
href='<%=basePath %>'>
</
head
>
<
body
>
<
form
action="MyLoginServlet" method="post">
username <
input
type="text" name="username"><
br
>
password <
input
type="password" name="password"><
br
>
权限: <
select
name="authority">
<
option
value="1">common user</
option
>
<
option
value="2">admin</
option
>
</
select
>
<
br
>
<
input
type="submit" value="submit" >
</
form
>
</
body
>
</
html
>
|
4)index.jsp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@ page import="com.example.bean.User" %>
<!
DOCTYPE
html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<
html
>
<
head
>
<
meta
http-equiv="Content-Type" content="text/html; charset=UTF-8">
<
title
>Insert title here</
title
>
</
head
>
<
body
>
<
a
href="MyQueryServlet">Query</
a
>
<% if(((User)session.getAttribute("user")).getAuthority().equals("2")){ %>
<
a
href="MyUpdateServlet">Update</
a
>
<% } %>
</
body
>
</
html
>
|
5)创建Servlet, 如MyLoginServlet.java,另外两个Servlet: MyQueryServlet和MyUpdateServlet比较简单,只做简单打印信息。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
package com.example.servlet;
import java.io.IOException;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.example.bean.User;
/**
* Servlet implementation class MyLoginServlet
*/
@WebServlet("/MyLoginServlet")
public class MyLoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public MyLoginServlet() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request, response);
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
User user = new User();
HttpSession session = request.getSession();
String username = request.getParameter("username");
String password = request.getParameter("password");
String authority = request.getParameter("authority");
System.out.println("username:" +username + " authority:" + authority);
if ("1".equals(authority)) {
if ("zhangsan".equals(username) && "123".equals(password)) {
setSession(session, username, password, authority);
request.getRequestDispatcher("filter/index.jsp?username="
+username +"&authority="+authority).forward(request, response);
}else{
failLogin(user,response);
}
}else if ("2".equals(authority)) {
if ("lisi".equals(username) && "456".equals(password)) {
setSession(session, username, password, authority);
request.getRequestDispatcher("filter/index.jsp?username="
+username +"&authority="+authority).forward(request, response);
}else{
failLogin(user,response);
}
}
//登录失败
else{
failLogin(user,response);
}
}
void failLogin(User user, HttpServletResponse response){
/*RequestDispatcher rd = request.getRequestDispatcher("sessionlogin.jsp");
try {
rd.forward(request, response);
} catch (ServletException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}*/
try {
response.sendRedirect("filter/login.jsp?username="
+user.getUsername() +"&authority="+user.getAuthority());
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
private void setSession(HttpSession session, String username, String password, String authority) {
User user = new User();
user.setUsername(username);
user.setPassword(password);
user.setAuthority(authority);
session.setAttribute("user", user);
}
}
|
本文转自Work Hard Work Smart博客园博客,原文链接:http://www.cnblogs.com/linlf03/p/7705970.html,如需转载请自行联系原作者