首先,什么是过滤器?
过滤器是处于客户端与服务器资源文件之间的一道过滤网,在访问资源文件之前,通过一系列的过滤器对请求进行修改、判断等,把不符合规则的请求在中途拦截或修改。也可以对响应进行过滤,拦截或修改响应。
我们为什么要用到过滤器?
在项目开发中,经常会用到重复代码的实现,如:请求的每个servlet都要设置编码,每次都要判断用户是否登录了,是否有权限操作。
过滤器相关API:接口Filter——核心
举例:
// "/*"表示拦截所有的请求
@WebFilter(filterName = "hello", urlPatterns = "/*")
public class HelloFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("HelloFilter.init");
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("HelloFilter.doFilter");
// 如果有下一个过滤器,就执行下一个过滤器,如果没有就访问这次请求要访问的后台资源
filterChain.doFilter(servletRequest,servletResponse);
}
@Override
public void destroy() {
System.out.println("HelloFilter.destroy");
}
}
三个方法:
init():初始化,在服务器启动时执行
doFilter():业务逻辑处理
destroy:销毁
注:FilterChain是过滤链
实例应用1——用过滤器处理POST请求编码
@WebFilter(filterName = "encoding", urlPatterns = "/*")
public class EncodingFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("EncodingFilter.init");
}
// ServletRequest request = new HttpServletRequest();
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
System.out.println("EncodingFilter.doFilter");
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
String method = httpServletRequest.getMethod();// get/post
if (method.equalsIgnoreCase("post")) {
httpServletRequest.setCharacterEncoding("utf-8");
}
// 如果是post,解决乱码问题之后,继续往后执行
chain.doFilter(request, response);
}
@Override
public void destroy() {
System.out.println("EncodingFilter.destroy");
}
}
说明:ServletRequest是HttpServletRequest的父类,ServletResponse是HttpServletResponse的父类。getMethod()是HttpServletRequest的方法,可以得到method是get还是post,equalsIgnoreCase()表示忽略大小写匹配。
实例应用2——用过滤器处理用户登录问题
@WebFilter(filterName = "login", urlPatterns = "/*")
public class LoginFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("LoginFilter.init");
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("LoginFilter.doFilter");
HttpServletRequest req = (HttpServletRequest) servletRequest;
HttpServletResponse resp = (HttpServletResponse) servletResponse;
// 这些不需要验证去登录
String servletPath = req.getServletPath();
System.out.println("servletPath:" + servletPath);
String method = req.getParameter("method");
if (servletPath.equals("/login.jsp")
|| (servletPath.equals("/user") && method.equals("login"))
|| servletPath.equals("/fail.jsp")) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
HttpSession session = req.getSession();
User user = (User) session.getAttribute("user");
if (user == null) {
// 没有登录验证
resp.sendRedirect(req.getContextPath()+"/login.jsp");
return;
}
filterChain.doFilter(servletRequest,servletResponse);
}
@Override
public void destroy() {
System.out.println("LoginFilter.destroy");
}
}
login.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>login</title>
</head>
<body>
<table>
<form action="<%=request.getContextPath()%>/user?method=login" method="post">
<tr>
<td>用户名</td>
<td><input type="text" name="name"></td>
</tr>
<tr>
<td>密码</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td><input type="submit" value="登录"></td>
</tr>
</form>
</table>
</body>
</html>
fail.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>fail</title>
</head>
<body>
<table>
<tr>
<td>登录失败!请重新再试</td>
</tr>
<tr>
<td>
<a href="<%=request.getContextPath()%>/login.jsp">重新登录</a>
</td>
</tr>
</table>
</body>
</html>
UserServlet.java
@WebServlet("/user")
public class UserServlet extends HttpServlet {
@Override
protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String method = req.getParameter("method");
if (method == null || method == "") {
method = "login";
}
switch (method) {
case "login":
login(req,resp);
break;
case "logout":
logout(req, resp);
break;
}
}
// 销毁,重新登录
private void logout(HttpServletRequest req, HttpServletResponse resp) throws IOException {
System.out.println("UserServlet.logout");
HttpSession session = req.getSession();
session.invalidate();
resp.sendRedirect(req.getContextPath() + "/login.jsp");
}
// 登录
private void login(HttpServletRequest req, HttpServletResponse resp) throws IOException {
Connection connection = null;
PreparedStatement statement = null;
ResultSet resultSet = null;
String name = req.getParameter("name");
String password = req.getParameter("password");
User user = null;
try {
connection = JDBCUtil.getConnection();
String sql = "select id, age, level from user where name = ? and password = ?";
statement = connection.prepareStatement(sql);
statement.setString(1,name);
statement.setString(2,password);
System.out.println(statement);
resultSet = statement.executeQuery();
if (resultSet.next()) {
int id = resultSet.getInt("id");
int age = resultSet.getInt("age");
int level = resultSet.getInt("level");
user = new User(id,name,password,age,level);
}
} catch (SQLException throwables) {
throwables.printStackTrace();
} finally {
JDBCUtil.close(connection,statement,resultSet);
}
if (user != null) {// 登录成功
HttpSession session = req.getSession();
session.setAttribute("user",user);
resp.sendRedirect(req.getContextPath()+"/");
} else {// 登录错误
resp.sendRedirect(req.getContextPath()+"/fail.jsp");
}
}
}