Filter过滤器
1.什么是Filter过滤器
1.Filter过滤器他是javaweb的三大组件之一,三大组件分别是servlet程序,listener监听器,Filter过滤器
2.Filter过滤器是javaee的规范,也就是接口
3.filter过滤器它的作用,拦截请求,过滤响应
拦截请求的应用场景主要有
1.权限检查
2.日记操作
3.事务管理
……
2.filter的初体验
要求在你的web工程下,有一个ad0min目录,这个admin目录下的所有资源(html页面,jpg图片,jsp文件)必须得是用户登录后才能访问。
思考:更具我们之前学习过的,我们知道,用户登陆之后,都会把用户的信息保存到session域中,所以要检查用户是否登录,可以判断session中是否有用户登陆的信息即可
这种具有局限性
<%
Object user = session.getAttribute("user");
if(user == null){
//如果等于null 那就说明没有登录
request.getRequestDispatcher("/login.jsp").forward(request,response);
return;
}
%>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
version="4.0">
<!--filter标签用于配置一个filter过滤器-->
<filter>
<!--给filter起一个别名-->
<filter-name>AdminFilter</filter-name>
<!--配置filter的全类名-->
<filter-class>com.atguigu.Filter.AdminFilter</filter-class>
</filter>
<!--filter-mapping配置filter过滤器的拦截路径-->
<filter-mapping>
<!--fiter-name表示当前的位置的拦截路径给哪个filter-->
<filter-name>AdminFilter</filter-name>
<!--url-pattern配置拦截路径
/:表示请求地址为http:/ip:port/工程路径/ 映射到ideaWeb目录下
/admin/* 表示请求地址为 http:/ip:port/admin/*
-->
<url-pattern>/admin/*</url-pattern>
</filter-mapping>
</web-app>
AdminFilter.java
package com.atguigu.Filter;
import javax.servlet.*;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.io.IOException;
public class AdminFilter implements Filter {
/***
* doFilter专门用于拦截请求,可以做权限检查
* @param servletRequest
* @param servletResponse
* @param filterChain
* @throws IOException
* @throws ServletException
*/
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
HttpSession session = null;
Object user = session.getAttribute("user");
if(user == null){
//如果等于null 那就说明没有登录
httpServletRequest.getRequestDispatcher("/login.jsp").forward(httpServletRequest,servletResponse);
}else{
//让程序继续向下访问用户的目标资源
filterChain.doFilter(servletRequest,servletResponse);
}
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
Filter.super.init(filterConfig);
}
@Override
public void destroy() {
Filter.super.destroy();
}
}
Filter 过滤器的使用步骤:
1.编写一个类区实现filter接口
2.实现拦截方法doFilter()
3.到web.xml中去配置Filter的拦截路径
完整的登录和过滤
package com.atguigu.Filter;
import javax.servlet.*;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.io.IOException;
public class AdminFilter implements Filter {
/***
* doFilter专门用于拦截请求,可以做权限检查
* @param servletRequest
* @param servletResponse
* @param filterChain
* @throws IOException
* @throws ServletException
*/
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
HttpSession session = httpServletRequest.getSession();
Object user = session.getAttribute("user");
if(user == null){
//如果等于null 那就说明没有登录
httpServletRequest.getRequestDispatcher("/login.jsp").forward(httpServletRequest,servletResponse);
}else{
//让程序继续向下访问用户的目标资源
filterChain.doFilter(servletRequest,servletResponse);
}
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("过滤器启动");
}
@Override
public void destroy() {
Filter.super.destroy();
}
}
package com.atguigu.servlet;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class loginServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String username = req.getParameter("username");
String password = req.getParameter("password");
resp.setContentType("text/html;charset=utf-8");
if("zhaochen".equals(username) && "123456".equals(password)){
req.getSession().setAttribute("user",username);
resp.getWriter().write("登陆成功");
}else{
req.getRequestDispatcher("/login.jsp").forward(req,resp);
}
}
}
3.filter的生命周期
filter的生命周期,包含几个方法
1.构造器方法
2.init初始化方法
第一二步,在web工程启动的时候运行(Filter已经创建)
3.doFilter过滤方法
第3步,每次拦截到请求,就会执行
4.destroy销毁方法
第四步,停止web工程的时候,就会执行(停止web工程,也会销毁filter过滤器)
4.FilterConfig类
FilterConfig类见名知意,它是Filter过滤器的配置文件类,
Tomcat每次创建Filter的时候,也会创建一个filterConfig类,这里包含了filter配置文件的配置信息
filterConfig类的作用是获取 filter过滤器的配置内容,
// 1.获取filter的名称 filter-name的内容
System.out.println("filter-name的值是:"+filterConfig.getFilterName());
// 2.获取在web.xml中配置的init-param 初始化参数
System.out.println("配置的username的值是"+filterConfig.getInitParameter("username"));
System.out.println("配置的url的值是"+filterConfig.getInitParameter("url"));
// 3.获取ServletContext对象
System.out.println(filterConfig.getServletContext().);
}
5.FilterChain过滤器链
filter 过滤器
chain 链,链条
FilterChain 就是过滤器链(多个过滤器如何一起工作)
在多个filter过滤器执行的时候,他们执行的优先顺序是由他们在web.xml中由上到下配置的顺序决定的‘!
多个filter过滤器执行的特点:
1.所有filter和目标资源都默认执行在同一个线程中
2.以上多个fliter共同执行的时候,他们使用同一个request对象
源代码:
filter1…java
package com.atguigu.Filter;
import javax.servlet.*;
import java.io.IOException;
public class Filter1 implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("Filter1 前置代码");
System.out.println("Filter1的获取参数:"+servletRequest.getParameter("username"));
servletRequest.setAttribute("key1","value1");
System.out.println("Filter1获取的域对象内容:"+servletRequest.getAttribute("key1"));
System.out.println("Filter1的线程名字:"+Thread.currentThread().getName());
filterChain.doFilter(servletRequest,servletResponse);
System.out.println("Filter1 后置代码");
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("111");
}
@Override
public void destroy() {
Filter.super.destroy();
}
}
filter2.java
package com.atguigu.Filter;
import javax.servlet.*;
import java.io.IOException;
public class Filter2 implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("Filter2 前置代码");
System.out.println("Filter2获取的域对象内容:"+servletRequest.getAttribute("key1"));
System.out.println("Filter2的获取参数:"+servletRequest.getParameter("username"));
System.out.println("Filter2的线程名字:"+Thread.currentThread().getName());
filterChain.doFilter(servletRequest,servletResponse);
System.out.println("Filter2 后置代码");
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("22222");
}
@Override
public void destroy() {
Filter.super.destroy();
}
}
target.jsp
<%--
Created by IntelliJ IDEA.
User: 26523
Date: 2021/9/23
Time: 21:27
To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<%
System.out.println("Filter2获取的域对象内容:"+request.getAttribute("key1"));
System.out.println("jsp的获取参数:"+request.getParameter("username"));
System.out.println("jso的线程名字:"+Thread.currentThread().getName());
System.out.println("target.jsp中的界面被执行了");
%>
</body>
</html>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
version="4.0">
<!--filter标签用于配置一个filter过滤器-->
<filter>
<!--给filter起一个别名-->
<filter-name>adminFilter</filter-name>
<!--配置filter的全类名-->
<filter-class>com.atguigu.Filter.AdminFilter</filter-class>
<init-param>
<param-name>username</param-name>
<param-value>zhaochen</param-value>
</init-param>
<init-param>
<param-name>url</param-name>
<param-value>localhost</param-value>
</init-param>
</filter>
<!--filter-mapping配置filter过滤器的拦截路径-->
<filter-mapping>
<!--fiter-name表示当前的位置的拦截路径给哪个filter-->
<filter-name>adminFilter</filter-name>
<!--url-pattern配置拦截路径
/:表示请求地址为http:/ip:port/工程路径/ 映射到ideaWeb目录下
/admin/* 表示请求地址为 http:/ip:port/admin/*
-->
<url-pattern>/admin/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>loginServlet</servlet-name>
<servlet-class>com.atguigu.servlet.loginServlet</servlet-class>
<init-param>
<param-name>username</param-name>
<param-value>zhaochen</param-value>
</init-param>
<init-param>
<param-name>url</param-name>
<param-value>localhost</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>loginServlet</servlet-name>
<url-pattern>/loginServlet</url-pattern>
</servlet-mapping>
<filter>
<filter-name>filter1</filter-name>
<filter-class>com.atguigu.Filter.Filter1</filter-class>
</filter>
<filter-mapping>
<filter-name>filter1</filter-name>
<url-pattern>/target.jsp</url-pattern>
</filter-mapping>
<filter>
<filter-name>filter2</filter-name>
<filter-class>com.atguigu.Filter.Filter2</filter-class>
</filter>
<filter-mapping>
<filter-name>filter2</filter-name>
<url-pattern>/target.jsp</url-pattern>
</filter-mapping>
</web-app>
6.Filter的拦截路径
精确匹配
<url-pattern>/target.jsp</url-pattern>
以上匹配的路径,表示请求的地址必须为 :http://ip:port/工程名/tatget.jsp
目录匹配
<url-pattern>/admin/*</url-pattern>
以上匹配的路径表示,请求的地址必须为,http://ip:port/工程名/admin/*
后缀名匹配
<url-pattern>*.html</url-pattern>
以上的路径表示必须以html结尾才会拦截到
<url-pattern>*.do</url-pattern>
以上的路径表示必须以do字符串结尾才会拦截到
<url-pattern>*.action</url-pattern>
以上的路径表示必须以action字符串结尾才会拦截到
filter过滤器它只关心请求的地址是否匹配,不关心请求的资源是否存在