作用:对web服务器管理的所有web资源:例如Jsp, Servlet, 静态图片文件或静态 html 文件等进行拦截,从而实现一些特殊的功能。例如实现URL级别的权限访问控制、过滤敏感词汇、压缩响应信息等一些高级功能。
使用方法:
一、做类
建一个实现javax.servlet.Filter接口的类
在doFilter()方法中编写过滤逻辑
二、做配置
在web.xml中配置和元素
实例一:
验证页面是否登录,没登录跳转到登录页面。
1.建一个实现javax.servlet.Filter接口的类
2.在doFilter()方法中编写过滤逻辑
importjava.io.IOException;importjava.util.ArrayList;importjava.util.Arrays;import javax.servlet.*;import javax.servlet.http.*;public class StateFilter implementsFilter {private ArrayList list=new ArrayList<>();//建立一个集合,放可以不必验证身份的页面或action
@Overridepublic voiddestroy() {//TODO 自动生成的方法存根
}
@Overridepublic voiddoFilter(ServletRequest request, ServletResponse response, FilterChain chain)throwsIOException, ServletException {
HttpServletRequest req=(HttpServletRequest) request;
HttpServletResponse rep=(HttpServletResponse) response;
HttpSession session=req.getSession();
String path1=req.getRequestURI();//长路径 /Demo0213/login.jsp
String path2=req.getContextPath();//短路径 /Demo0213
String target=path1.substring(path2.length());if(list.contains(target)==false){//要请求的不是登录页,需要验证session
if(session.getAttribute("user")==null){//没有登陆则跳转到登陆界面
rep.sendRedirect("login.jsp");
}else{
chain.doFilter(req, rep);
}
}else{
chain.doFilter(req, rep);
}
}
@Overridepublic void init(FilterConfig cfg) throwsServletException {
String val=cfg.getInitParameter("allowpage"); //web.xml配置中的init-param的value
String[] arr=val.split(",");//用split分开放到数组中
list.addAll(Arrays.asList(arr));//把数组放到集合里
}
}
3.在web.xml中配置和元素
Demo0213_guolvqi
loginfilter
am.StateFilter
allowpage
/login.jsp,/login,/register.jsp,/register
loginfilter
/*
index.html
index.htm
index.jsp
default.html
default.htm
default.jsp
3.运行没有登录的页面,就会跳转到登录页面。
实例二:
过滤敏感词,替换成***
2.在doFilter()方法中编写过滤逻辑,需要用内部类自己定义一request
packagecom.itnba.maya.filter;importjava.io.IOException;importjava.util.ArrayList;importjava.util.Arrays;importjavax.servlet.FilterChain;importjavax.servlet.FilterConfig;importjavax.servlet.ServletException;importjavax.servlet.ServletRequest;importjavax.servlet.ServletResponse;importjavax.servlet.http.HttpServlet;importjavax.servlet.http.HttpServletRequest;importjavax.servlet.http.HttpServletRequestWrapper;importjavax.servlet.http.HttpServletResponse;public class Filter implementsjavax.servlet.Filter {private ArrayList list =new ArrayList<>();
@Overridepublic voiddestroy() {//TODO 自动生成的方法存根
}
@Overridepublic voiddoFilter(ServletRequest request, ServletResponse response, FilterChain chain)throwsIOException, ServletException {
HttpServletRequest req=(HttpServletRequest) request;
HttpServletResponse res=(HttpServletResponse) response;
HttpServletRequest mreq=newMyRequest(req);//向下一个链条放行,不能用原来的request;
chain.doFilter(mreq, res);
}
@Overridepublic void init(FilterConfig arg0) throwsServletException {//把敏感词放到集合里
String val=arg0.getInitParameter("minganci");
String[] ss= val.split(",");
list.addAll(Arrays.asList(ss));
}//内部类,自己定义request
class MyRequest extendsHttpServletRequestWrapper{privateHttpServletRequest request;publicMyRequest(HttpServletRequest request) {super(request);this.request=request;
}
@Override//重写getParameter
publicString getParameter(String name) {//获取提交内容
String txt=this.request.getParameter("txt");//改集合里的敏感词
for(String s:list){
txt=txt.replaceAll(s, "***");
}returntxt;
}
}
}
3.在web.xml中配置和元素
http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"version="3.1">
Filter
com.itnba.maya.filter.Filter
minganci
sb,cnm,tmd
Filter
/*
index.html
index.htm
index.jsp
jsp页面
Insert title heresbdfdsfscnmdfdsfsdtmdfdsfsdfcnmsbtmd
Insert title here敏感词汇都变成了***
参考:http://www.cnblogs.com/hq233/p/6395041.html