目录
过滤器
1. @WebFilter("/s01") 配置资源拦截的路径
@WebFilter("/*")拦截所有的请求资源路径
2. doFilter()方法中需要设置放行,否则请求无法到达资源
filterChain.doFilter(servletRequest,servletResponse);
3.如果是过滤器链,则先配置的先执行(首字母在前的先执行);响应时顺序反过来即可
package com.xxx.filter;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import java.io.IOException;
@WebFilter("/s01")//拦截路径是s01的资源
public class Filter01 implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("Filter01 init....");
}
/**
*
* 过滤方法
* @param servletRequest
* @param servletResponse
* @param filterChain
* @throws IOException
* @throws ServletException
*/
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
//doFilter()放行方法前是做请求拦截的
System.out.println("Filter01 正在拦截....");
//放行资源
filterChain.doFilter(servletRequest,servletResponse);
//doFilter()放行方法后是做响应拦截的
System.out.println("Filter01 处理响应...");
}
@Override
public void destroy() {
System.out.println("Filter01 destroy....");
}
}
请求乱码处理
请求方式 | Tomcat8以上版本 | Tomcat7及以下版本 |
---|---|---|
GET请求 | 不会乱码 | 会乱码 new String(req.getParameter("参数名").getBytes("ISO-8859-1"),"UTF-8"); |
POST请求 | 会乱码,通过设置服务器解析编码格式,req.setCharacterEncoding("UTF-8"); | 会乱码,通过设置服务器解析编码格式,req.setCharacterEncoding("UTF-8"); |
package com.xxx.filter;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
@WebFilter("/*")
public class AEncodingFilter implements Filter {
public AEncodingFilter() {
}
public void destroy() {
}
public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain chain)
throws IOException, ServletException{
//基于HTTP
HttpServletRequest request = (HttpServletRequest) arg0;
HttpServletResponse response = (HttpServletResponse) arg1;
//处理请求乱码乱码(处理POST请求)
request.setCharacterEncoding("UTF-8");
//处理GET请求且服务器版本在Tomcat8以下的
String method = request.getMethod();
//如果是GET请求
if ("GET".equalsIgnoreCase(method)) {
//服务器版本在Tomcat8以下的Apache Tomcat/8.0.45
String serverInfo = request.getServletContext().getServerInfo();
//得到具体的版本号
String versionstr = serverInfo.substring(serverInfo.indexOf("/") + 1,
serverInfo.indexOf("."));
//判断服务器版本是否小于8
if (Integer.parseInt(versionstr) < 8) {
/*得到自定义内部类(Mywapper继承了HttpServletRequestWrapper对象,
而HttpServletRequestWrapper对象实现了HttpServletRequest接口,
所以Mywapper的本质也是request对象)*/
HttpServletRequest myRequest = new MyWapper(request);
//放行资源
chain.doFilter(myRequest, response);
return;
}
}
//放行资源
chain.doFilter(request, response);
}
public void init(FilterConfig filterConfig) throws ServletException {
}
/**
* 定义内部类,继承HttpServletRequestWrapper包装类对象,重写getParameter()方法
*/
class MyWapper extends HttpServletRequestWrapper {
//定义成员变量,提升构造器中的request对象的范围
private HttpServletRequest request;
public MyWapper(HttpServletRequest request) {
super(request);
this.request= request;
}
/**
重写getParameter(方法
*/
@Override
public String getParameter(String name) {
String value = request.getParameter(name);
if (value != null && !"".equals(value.trim())){
try {
//将默认ISO-8859-1编码的字符转换成UTF-8
value = new String(value.getBytes("ISO-8859-1"), "UTF-8");
}catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
}
return value;
}
}
}
非法访问拦截
拦截的资源:
拦截所有的资源 /*
需要放行的资源:
1.指定页面,放行(无需登录即可访问的页面 例如:登录页面、注册页面等)
2.静态资源,放行(image、js、css文件等)
3.指定操作,放行(无需登录即可执行的操作 例如:登录操作、注册操作)
4.登录状态,放行(判断session中的用户信息是否为空)
其他请求需要被拦截跳转到登录页面
package com.xxx.filter;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebFilter("/*")
public class LoginAccessFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
//基于HTTP请求
HttpServletRequest request=(HttpServletRequest)servletRequest;
HttpServletResponse response=(HttpServletResponse)servletResponse;
//获取请求的路径
String url=request.getRequestURI();
System.out.println(url);
//1.指定页面,放行(无需登录即可访问的页面 例如:登录页面、注册页面等)
if(url.contains("/login.jsp")){
filterChain.doFilter(request,response);
return;
}
//2.静态资源,放行(image、js、css文件等)
if(url.contains("/js")){
filterChain.doFilter(request,response);
return;
}
//3.指定操作,放行(无需登录即可执行的操作 例如:登录操作、注册操作)
if(url.contains("/login")){
filterChain.doFilter(request,response);
return;
}
//4.登录状态,放行(判断session中的用户信息是否为空)
String uname= (String) request.getSession().getAttribute("user");
if (uname != null) {
filterChain.doFilter(request,response);
return;
}
//当用户没登录时,拦截请求跳转到登录页面
response.sendRedirect("login.jsp");
}
@Override
public void destroy() {
}
}