一.拦截Http服务器,帮助Http服务器检测当前请求合法性
1.介绍:
1)来自于Servlet规范下接口,在Tomcat中存在于servlet-api.jar包
2)Filter接口实现类由开发人员负责提供,Http服务器不负责提供
3)Filter接口在Http服务器调用资源文件之前,对Http服务器进行拦截
2.具体作用:
1)拦截Http服务器,帮助Http服务器检测当前请求合法性
2)拦截Http服务器,对当前请求进行增强操作
3.Filter接口实现类开发步骤:三步
1)创建一个Java类实现Filter接口
2)重写Filter接口中doFilter方法
3)web.xml将过滤器接口实现类注册到Http服务器
4.Filter拦截地址格式
1) 命令格式:
<filter-mapping>
<filter-name>oneFilter</filter-name>
<url-pattern>拦截地址</url-pattern>
</filter-mapping>
2) 命令作用:
拦截地址通知Tomcat在调用何种资源文件之前需要调用OneFilter过滤进行拦截
3)要求Tomcat在调用某一个具体文件之前,来调用OneFilter拦截
<url-pattern>/img/mm.jpg</url-pattern>
4)要求Tomcat在调用某一个文件夹下所有的资源文件之前,来调用OneFilter拦截
<url-pattern>/img/*</url-pattern>
5)要求Tomcat在调用任意文件夹下某种类型文件之前,来调用OneFilter拦截
<url-pattern>*.jpg</url-pattern>
6)要求Tomcat在调用网站中任意文件时,来调用OneFilter拦截
<url-pattern>/*</url-pattern>
filter:
public class OneFilter implements Filter
{
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException
{
String age = servletRequest.getParameter("age");
if(Integer.valueOf(age)<70)
{
filterChain.doFilter(servletRequest,servletResponse);//放行
}else
{
servletResponse.setContentType("text/html;charset=utf-8");
PrintWriter p = servletResponse.getWriter();
p.print("<font style='color:red;font-size:40px'>拒绝访问</font>");
}
}
@Override
public void destroy() {
}
}
web.xml:
<filter>
<filter-name>OneFilter</filter-name>
<filter-class>filter.OneFilter</filter-class>
</filter>
<!--过滤器拦截何种资源文件-->
<filter-mapping>
<filter-name>OneFilter</filter-name>
<url-pattern>/e.jpg</url-pattern>
</filter-mapping>
二.拦截Http服务器,对当前请求进行增强操作
filter:
public class OneFilter implements Filter
{
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException
{
servletRequest.setCharacterEncoding("utf-8");//增强
filterChain.doFilter(servletRequest,servletResponse);
}
@Override
public void destroy() {
}
}
web.xml
<filter>
<filter-name>OneFilter</filter-name>
<filter-class>filter.OneFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>OneFilter</filter-name>
<url-pattern>/*</url-pattern> <!--通知tomcat调用所有资源文件之前都需要调用OneFilter进行拦截-->
</filter-mapping>
4.Filter拦截地址格式
1) 命令格式:
<filter-mapping>
<filter-name>oneFilter</filter-name>
<url-pattern>拦截地址</url-pattern>
</filter-mapping>
2) 命令作用:
拦截地址通知Tomcat在调用何种资源文件之前需要调用OneFilter过滤进行拦截
3)要求Tomcat在调用某一个具体文件之前,来调用OneFilter拦截
<url-pattern>/img/mm.jpg</url-pattern>
4)要求Tomcat在调用某一个文件夹下所有的资源文件之前,来调用OneFilter拦截
<url-pattern>/img/*</url-pattern>
5)要求Tomcat在调用任意文件夹下某种类型文件之前,来调用OneFilter拦截
<url-pattern>*.jpg</url-pattern>
6)要求Tomcat在调用网站中任意文件时,来调用OneFilter拦截
<url-pattern>/*</url-pattern>
三.防止用户恶意登录
public class OneFilter implements Filter
{
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException
{
HttpServletRequest req = (HttpServletRequest) servletRequest;
HttpSession session = req.getSession(false);
System.out.println(req.getRequestURI());
if(session==null)
{
if(req.getRequestURI().indexOf("login")!=-1 || req.getRequestURI().equals("/myWeb/"))
{
filterChain.doFilter(servletRequest,servletResponse);
return;
}else {
req.getRequestDispatcher("/loginError.html").forward(servletRequest, servletResponse);
return;
}
}else
{
filterChain.doFilter(servletRequest,servletResponse);
}
}
@Override
public void destroy() {
}
}
<filter>
<filter-name>OneFilter</filter-name>
<filter-class>filter.OneFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>OneFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>