Servlet过滤器简介
过滤器通过Web部署描述符(web.xml)中XML标签来声明,这样就可以允许添加和删除过滤器而无需改动如何应用代码或JSP页面。 它能够对Servlet容器的请求和响应对象进行检查和修改,预防非法或 不合理的 请求和响应,即:
- 在客户端的请求访问后端资源之前,拦截这些请求。
- 在服务器的响应发送回客户端之前,处理这些响应。
Java中的Filter 并不是一个标准的Servlet ,它不能处理用户请求,也不能对客户端生成响应。 主要用于对HttpServletRequest 进行预处理,也可以对HttpServletResponse 进行后处理,是个典型的处理链。
根据规范建议的各种类型的过滤器:
- 身份验证过滤器(Authentication Filters)。
- 数据压缩过滤器(Data compression Filters)。
- 加密过滤器(Encryption Filters)。
- 触发资源访问事件过滤器。
- 图像转换过滤器(Image Conversion Filters)。
- 日志记录和审核过滤器(Logging and Auditing Filters)。
- MIME-TYPE 链过滤器(MIME-TYPE Chain Filters)。
- 标记化过滤器(Tokenizing Filters)。
- XSL/T 过滤器(XSL/T Filters),转换 XML 内容。
Servlet 过滤器方法
一个执行过滤器的java类必须实现 javax.servlet.Filter 接口。javax.servlet.Filter 接口包含有三个方法:
public void init(FilterConfig filterConfig) 初始化方法,web容器调用过滤器首先执行的方法。 |
public void doFilter (ServletRequest, ServletResponse, FilterChain) 该方法由 Web 容器调用,指示一个过滤器被放入服务。 |
public void destroy() 容器在销毁过滤器实例前,doFilter()中所有活动都被该实例终止后,调用该方法 |
实例代码:
下面实现一个登录过滤器
login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>登录页面</title>
<style>
#form-groud{
padding: 5px;
}
label{
display:inline-block;
padding: 5px;
width: 5em;
text-align: center;
}
input{
padding: 5px;
}
#submit{
display:inline-block;
width: 10em;
margin: 0 5em;
}
</style>
</head>
<body>
<%
//String loginerror = session.getAttribute("loginerror");
if(session.getAttribute("loginerror") == "0"){
out.println("<script type='text/javascript'>alert('登录失败!!!');</script>");
session.removeAttribute("loginerror");
} else if(session.getAttribute("loginerror") == "1"){
out.println("<script type='text/javascript'>alert('您还没有登录!!!');</script>");
}
%>
<form action="login" method="post">
<div id="form-groud">
<label for="userName">用户名:</label>
<input type="text" name="userName" id="userName"/>
</div>
<div id="form-groud">
<label for="password">密码:</label>
<input type="password" name="password" id="password"/>
</div>
<div id="form-groud">
<input type="submit" name="submit" value="登录" id="submit"/>
</div>
</form>
</body>
</html>
login.java
package cn.iborder.admin;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import cn.iborder.util.Dbutil;
import cn.iborder.util.MD5Util;
/**
* Servlet implementation class Login
*/
@WebServlet("/login")
public class Login extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public Login() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
request.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=UTF-8");
String dbUrl = "jdbc:mysql://localhost:3306/test";
String dbUser = "root";
String dbPassword = "root";
String userName = request.getParameter("userName");
String password = null;
try {
password = MD5Util.md5Encode(request.getParameter("password"));
} catch (Exception e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
System.out.println("username : "+userName);
System.out.println("password : "+password);
System.out.println("=======================");
Connection connection = new Dbutil(dbUrl, dbUser, dbPassword).getConn();
PreparedStatement statement=null;
ResultSet rs=null;
HttpSession session = request.getSession();
try {
String sql = "select * from user where username=? and password=?";
statement = connection.prepareStatement(sql);
statement.setString(1, userName);
statement.setString(2, password);
rs = statement.executeQuery();
if(!rs.next()){
System.out.println("登录失败");
System.out.println("=======================");
session.setAttribute("loginerror", "0");
response.sendRedirect("login.jsp");
} else{
System.out.println("登录成功");
rs.beforeFirst();
while (rs.next()) {
System.out.println(rs.getString("username"));
System.out.println(rs.getString("password"));
}
System.out.println("=======================");
session.setAttribute("username", userName);
response.sendRedirect("main.jsp");
}
} catch (SQLException e) {
// TODO Auto-generated catch block
System.out.println("创建Statement对象失败");
System.out.println(e.getMessage());
//System.out.println(e.getSQLState());
System.out.println("=======================");
} catch (NullPointerException e) {
// TODO: handle exception
System.out.println("空指针异常");
System.out.println(e.getMessage());
System.out.println("=======================");
}finally {
try {
if (rs != null) {
rs.close();
}
if (statement != null) {
statement.close();
}
if (connection != null) {
connection.close();
}
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}
}
main.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>用户管理</title>
<style type="text/css">
input {
padding: 5px;
}
</style>
</head>
<body>
<p>欢迎回来 <%=session.getAttribute("username") %></p>
<div>
<form action="logout" method="post">
<input type="submit" name="logout" id="logout" value="退出登录"/>
</form>
</div>
</body>
</html>
logout.java
package cn.iborder.admin;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* Servlet implementation class Logout
*/
@WebServlet("/logout")
public class Logout extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public Logout() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
request.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=UTF-8");
HttpSession session = request.getSession();
PrintWriter out = response.getWriter();
session.removeAttribute("username");
out.println("退出登录成功。。。<br/>");
out.println("即将跳转到登录界面。。。<br/>");
out.println("<script type='text/javascript'>setTimeout(window.location.href = '/prj8-3/login.jsp', 15000);</script>");
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}
}
loginfilter.java
package cn.iborder.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* Servlet Filter implementation class loginfilter
*/
@WebFilter(filterName="loginfilter",urlPatterns="/main.jsp")
public class loginfilter implements Filter {
/**
* Default constructor.
*/
public loginfilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
// place your code here
System.out.println("-----------------filter-----------------");
HttpServletRequest newRequest = (HttpServletRequest) request;
HttpServletResponse newResponse = (HttpServletResponse) response;
HttpSession session = newRequest.getSession();
System.out.println(session.getAttribute("username"));
if(session.getAttribute("username") != null){
chain.doFilter(request, response);
} else {
session.setAttribute("loginerror", "1");
newResponse.sendRedirect("login.jsp");
}
// pass the request along the filter chain
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
// TODO Auto-generated method stub
}
}