Filter 什么是过滤器
1、Filter过滤器是JavaWeb三大组件之一。三大组件分别是Servlet程序、Listener监听器、Filter过滤器
2、Filter过滤器是JavaEE的规范。也就是接口
3、Filter过滤器作用:拦截请求,过滤响应
-
拦截常见的应用场景:
1、权限坚持
2、日记操作
3、事务管理。。。 -
简单实现
创建一个web工程,启动后admin/下可以任意访问
通过jsp实现
再访问/admin/a.jsp 会跳转到登录页面
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<h1>这是a.jsp</h1>
<%
System.out.println("a.jsp执行了。。。。。");
Object user = session.getAttribute("user");
//如果等于null 说明还没有登录
if(user==null){
request.getRequestDispatcher("/login.jsp").forward(request,response);
return;
}
%>
</body>
</html>
通过web.xml配置文件实现
<!-- filter标签用于配置一个filter过滤器-->
<filter>
<!-- 给filter起一个别名-->
<filter-name>AdminFilter</filter-name>
<!--配置filter的全类名-->
<filter-class>com.spring.filter.AdminFilter</filter-class>
</filter>
<!-- filter-mapping配置过滤器的拦截路径-->
<filter-mapping>
<!--filter-name标识当前的拦截器给那个filter使用-->
<filter-name>AdminFilter</filter-name>
<!-- 配置拦截路径-->
<url-pattern>/admin/*</url-pattern>
</filter-mapping>
public class AdminFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
//专门用于拦截请求
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
//获取session
HttpServletRequest httpServletRequest = (HttpServletRequest)servletRequest;
HttpSession session = httpServletRequest.getSession();
Object user = session.getAttribute("user");
//如果等于null 说明还没有登录
if(user==null){
servletRequest.getRequestDispatcher("/login.jsp").forward(servletRequest,servletResponse);
return;
}else{
//让程序往下执行
filterChain.doFilter(servletRequest,servletResponse);
}
}
@Override
public void destroy() {
}
}
再次访问admin/下的页面 不会走a.jspfilter拦截器
Filter的使用步骤:
1、编写一个类去实现Filter接口
2、实现过滤方法doFileter()
3、到web.xml中去配置Filter的拦截路径
- 完善一个完整的登录过程
新增一个登录表单
<form action="http://localhost:8080/springfilte/LoginServlet">
用户名:<input type="text" name="username"><br>
密码:<input type="password" name="password"><br>
<input type="submit" value="提交">
</form>
新增一个servlet
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>com.spring.servlet.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/LoginServlet</url-pattern>
</servlet-mapping>
继承servlet
public class LoginServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String username =req.getParameter("username");
String password = req.getParameter("password");
if("admin".equals(username)&&"123456".equals(password)){
req.setAttribute("message","登录成功");
req.getRequestDispatcher("/index.jsp").forward(req,resp);
}else{
req.getRequestDispatcher("/login.jsp").forward(req,resp);
}
}
}
-
Filter的生命周期
1、构造器方法
2、init初始方法
3、doFilter过滤方法
4、destroy销毁 -
FilterConfig类介绍
<init-param>
<param-name>username</param-name>
<param-value>root</param-value>
</init-param>
<init-param>
<param-name>jdbc</param-name>
<param-value>localhost:1521</param-value>
</init-param>
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("Filter 名称"+filterConfig.getFilterName());
System.out.println("Filter 参数"+filterConfig.getInitParameter("username")+filterConfig.getInitParameter("jdbc"));
System.out.println("Filter Contenxt"+filterConfig.getServletContext());
}
-
FilterChain.doFilter()方法的作用
1、执行下一个Filter过滤器(如果有Filter)
2、执行目标资源(没有Filter)有多个Filter过滤器时的执行顺序
由在web.xml里从上到下的配置顺序来执行
File的拦截路径
精确匹配
<url-pattern>/a.jsp</url-pattern>
目录匹配
<url-pattern>/admin/*</url-pattern>
后缀名匹配
<url-pattern>*.html</url-pattern>
配置某些页面不拦截
public class AdminFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
//专门用于拦截请求
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
//获取session
HttpServletRequest httpServletRequest = (HttpServletRequest)servletRequest;
HttpSession session = httpServletRequest.getSession();
//全路径
StringBuffer url = ((HttpServletRequest) servletRequest).getRequestURL();
//请求路径
String uri = ((HttpServletRequest) servletRequest).getRequestURI();
Object user = session.getAttribute("user");
if("/springmvc/welcome.jsp".equals(uri)){
//让程序往下执行
filterChain.doFilter(servletRequest,servletResponse);
}else{
//如果等于null 说明还没有登录
if(user==null){
servletRequest.getRequestDispatcher("/login.jsp").forward(servletRequest,servletResponse);
}else{
//让程序往下执行
filterChain.doFilter(servletRequest,servletResponse);
}
}
}
@Override
public void destroy() {
}
}
springmvc 拦截器,不拦截jsp文件
spring mvc的拦截器只拦截controller不拦截jsp文件,如果不拦截jsp文件也会给系统带安全性问题。解决方法1、将希望被拦截的jsp文件放入到WEB-INF文件夹下,这样用户是直接不能访问WEB-INF文件下的jsp文件的。spring mvc的理念也是通过controller里的@RequestMapping来请求相关jsp页面,而非用户直接访问jsp页面。2、还有一种解决方案:jsp如果不放在WEB-INF文件下,spring mvc是无法拦截的,这种请情况下需要用最原始的servlet的Filter接口,具体可以参照