Filter,过滤器,顾名思义,即是对数据等的过滤,预处理过程。为什么要引入过滤器呢?在平常访问网站的时候,有时候发一些敏感的信息,发出后显示时 就会将敏感信息用*等字符替代,这就是用过滤器对信息进行了处理。这只是一个简单的例子,当然,过滤器那么强大,它的功能也不可能局限于此,它不仅能预处 理数据,只要是发送过来的请求它都是可以预处理的,同时,它还可以对服务器返回的响应进行预处理,这样,大大减轻了服务器的压力。例如,实现URL级别的 权限访问控制、过滤敏感词汇、压缩响应信息等一些高级功能。下面来详细介绍一下过滤器。
一、定义
学习一个东西,我们首先要理解它的定义。
1.概念
过滤作用,对从客户端向服务器端发送的请求进行过滤,也可以对服务器端返回的响应进行处理。它使用户可以改变一个request和修改一个 response.。Filter 不是一个servlet,它不能产生一个response,但是它能够在一个request到达servlet之前预处理request,也可以在 response离开servlet时处理response。换句话说,filter其实是客户端与servlet中间的一个传递者,并且它可以对要传递 的东西进行修改。
注意:过滤器是用来拦截请求和响应的,不能产生响应,而servlet是用来处理请求并产生响应的。
过滤器的目的:
- 在客户端请求访问后端资源前,拦截这些请求,做处理。
- 在服务器处理信息,响应发送回客户端之前,处理这些响应。
2.适用场合
实现URL级别的权限访问控制,过滤敏感词汇,压缩响应信息等。
3.过滤器的类型:
名称 | 英文名称 |
---|---|
份验证过滤器 | (Authentication Filters) |
数据压缩过滤器 | (Data compression Filters) |
加密过滤器 | (Encryption Filters) |
触发资源访问事件过滤器 | |
图像转换过滤器 | (Image Conversion Filters) |
日志记录和审核过滤器 | (Logging and Auditing Filters) |
MIME-TYPE 链过滤器 | (MIME-TYPE Chain Filters) |
标记化过滤器 | (Tokenizing Filters) |
XSL/T 过滤器 | (XSL/T Filters),转换 XML 内容 |
4.过滤器如何实现拦截
- 当客户端发生请求后,在HttpServletRequest 到达Servlet 之前,过滤器拦截客户的HttpServletRequest 。
- 根据需要检查HttpServletRequest ,也可以修改HttpServletRequest 头和数据。
- 在过滤器中调用doFilter方法,对请求放行。请求到达Servlet后,对请求进行处理并产生HttpServletResponse发送给客户端。
- 在HttpServletResponse 到达客户端之前,过滤器拦截HttpServletResponse 。
- 根据需要检查HttpServletResponse ,可以修改HttpServletResponse 头和数据。
- 最后,HttpServletResponse到达客户端。
5.Filter接口
Servlet API提供了一个Filter接口,编写的过滤器必须实现该接口。
6.Filter的生命周期
(1)Filter接口中有三个重要的方法。
- init()方法:初始化参数,在创建Filter时自动调用。当我们需要设置初始化参数的时候,可以写到该方法中。
- doFilter()方法:拦截到要执行的请求时,doFilter就会执行。这里面写我们对请求和响应的预处理。
- destroy()方法:在销毁Filter时自动调用。
(2)Filter的生命周期
Filter的创建和销毁由web服务器控制。
- 服务器启动的时候,web服务器创建Filter的实例对象,并调用其init方法,完成对象的初始化功能。filter对象只会创建一次,init方法也只会执行一次。
- 拦截到请求时,执行doFilter方法。可以执行多次。
- 服务器关闭时,web服务器销毁Filter的实例对象。
7.Filter对象——FilterConfig
用 户在配置filter时,可以使用<init-param>为filter配置一些初始化参数,当web容器实例化Filter对象,调用其 init方法时,会把封装了filter初始化参数的filterConfig对象传递进来。因此开发人员在编写filter时,通过 filterConfig对象的方法,就可获得:
- String getFilterName():得到filter的名称。
- String getInitParameter(String name): 返回在部署描述中指定名称的初始化参数的值。如果不存在返回null.
- Enumeration getInitParameterNames():返回过滤器的所有初始化参数的名字的枚举集合。
- public ServletContext getServletContext():返回Servlet上下文对象的引用。
8.过滤器链——FilterChain
一组过滤器对某些web资源进行拦截,那么这组过滤器就称为过滤器链。过滤器的执行顺序和<filter-mapping>有关(谁在前先执行谁)。
二、开发步骤
了解了过滤器的相关概念,接下来进行实例开发。
1.编写步骤
- 编写java类实现Filter接口,并实现其doFilter方法。
- 在 web.xml 文件中使用<filter>和<filter-mapping>元素对编写的filter类进行注册,并设置它所能拦截的资源。
2.示例
(1)简单的Filter示例
- 编写FilterDemo1类
package com.oracle.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
public class FilterDemo1 implements Filter{
/*
* 对Filter的整个生命周期了解的一个案例
* 注意事项:
* 1.实现Filter接口时导入的是javax.servlet.Filter包
* 2.方法均有web服务器自动调用,不需我们手动调用
* 3.init方法中一般写初始化参数,这里先不用,后面的例子再使用。
* 4.destroy方法一般不需要写任何代码
* 5.重写doFilter方法,可以写我们对拦截的请求和响应的处理动作。
* 6.写完该类后配置filter,在web.xml中配置。
* @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
*/
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
System.out.println("FilterDemo1的init方法被调用");
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
System.out.println("我是FilterDemo1,客户端向Servlet发送的请求被我拦截到了");
chain.doFilter(request, response);
System.out.println("我是FilterDemo1,Servlet向客户端发送的响应被我拦截到了");
}
@Override
public void destroy() {
// TODO Auto-generated method stub
System.out.println("FilterDemo1的destroy方法被调用");
}
}
- 配置filter,在web.xml文件中加入下面这段代码
<filter>
<filter-name>filterDemo1</filter-name>
<filter-class>com.oracle.filter.FilterDemo1</filter-class>
</filter>
<filter-mapping>
<filter-name>filterDemo1</filter-name>
<url-pattern>/*</url-pattern>
<!-- /*是对所有的文件进行拦截 -->
</filter-mapping>
- 控制台结果
- 分 析:从上面结果可以看出,在服务器启动时,就调用了init方法,当访问页面时,该过滤器拦截到请求执行doFilter方法,在该方法中,使用 doFilter方法,当返回响应后,继续执行剩下的代码,执行完成后将响应传给客户端。当关闭服务器时,服务器就调用了destroy方法。
(2)Filter链示例
- 编写FilterDemo1类
package com.oracle.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; public class FilterDemo1 implements Filter{ /* * @see javax.servlet.Filter#init(javax.servlet.FilterConfig) */ @Override public void init(FilterConfig filterConfig) throws ServletException { // TODO Auto-generated method stub } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { // TODO Auto-generated method stub System.out.println("我是FilterDemo1,客户端向Servlet发送的请求被我拦截到了"); //对请求放行,进入下一个过滤器FilterDemo2 chain.doFilter(request, response); System.out.println("我是FilterDemo1,Servlet向客户端发送的响应被我拦截到了"); } @Override public void destroy() { // TODO Auto-generated method stub } }
- 编写FilterDemo2类
package com.oracle.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; public class FilterDemo2 implements Filter{ @Override public void init(FilterConfig filterConfig) throws ServletException { // TODO Auto-generated method stub } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { // TODO Auto-generated method stub System.out.println("我是FilterDemo2,客户端向Servlet发送的请求被我拦截到了"); //对请求放行,进入Servlet chain.doFilter(request, response); System.out.println("我是FilterDemo2,Servlet向客户端发送的响应被我拦截到了"); } @Override public void destroy() { // TODO Auto-generated method stub } }
- 配置filter,在web.xml文件中加入下面这段代码
<filter> <filter-name>filterDemo1</filter-name> <filter-class>com.oracle.filter.FilterDemo1</filter-class> </filter> <filter> <filter-name>filterDemo2</filter-name> <filter-class>com.oracle.filter.FilterDemo2</filter-class> </filter> <filter-mapping> <filter-name>filterDemo1</filter-name> <url-pattern>/*</url-pattern> <!-- /*是对所有的文件进行拦截 --> </filter-mapping> <filter-mapping> <filter-name>filterDemo2</filter-name> <url-pattern>/*</url-pattern> <!-- /*是对所有的文件进行拦截 --> </filter-mapping>
- 控制台结果
- 分 析:当有多个过滤器对同一个请求进行拦截时,根据web.xml文件中<filter-mapping>的配置顺序,谁在前,先执行谁。当第 一过滤器拦截成功后,会执行doFilter方法,该方法中,调用chain.doFilter方法,会将该请求放行给下一个过滤器,依次执行,直到执行 到最后一个过滤器,当最后一个过滤器调用chain.doFilter方法时,请求会被放行给Servlet,当Servlet处理返回响应信息时,先返 回到最后执行的过滤器,继续执行该过滤器剩下的代码。依次返回,直到返回到第一个过滤器,最后返回给客户端。
(3)禁用所有动态页面的缓存过滤器
- 编写FilterDemo3类
package com.oracle.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletResponse; public class FilterDemo3 implements Filter{ @Override public void init(FilterConfig filterConfig) throws ServletException { // TODO Auto-generated method stub } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { // 在response的头部设置Cache-Control、Pragma和Expires即可取消缓存 HttpServletResponse resp = (HttpServletResponse)response; resp.setHeader("Cache-Control", "no-cache"); resp.setHeader("Pragma", "no-cache"); resp.setDateHeader("Expires", -1); chain.doFilter(request, resp); } @Override public void destroy() { // TODO Auto-generated method stub } }
(4) 分IP统计网站的访问次数过滤器
- 编写FilterDemo4类
package com.oracle.filter; import java.io.IOException; import java.util.HashMap; import java.util.Map; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; public class FilterDemo4 implements Filter{ private FilterConfig filterConfig; @Override public void init(FilterConfig filterConfig) throws ServletException { // TODO Auto-generated method stub //初始化参数,ipCount用来存放ip及访问次数 ServletContext application = filterConfig.getServletContext(); Map<String,Integer> ipCount = new HashMap<String,Integer>(); application.setAttribute("ipCount",ipCount); this.filterConfig = filterConfig; } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { // TODO Auto-generated method stub ServletContext application = filterConfig.getServletContext(); Map<String,Integer> ipCount = (HashMap<String,Integer>)application.getAttribute("ipCount"); String ip = request.getRemoteAddr(); Integer count = ipCount.get(ip); if(count != null){ //Map中存在该ip count = count + 1; }else{ count = 1; } ipCount.put(ip, count); application.setAttribute("ipCount",ipCount); chain.doFilter(request, response); } @Override public void destroy() { // TODO Auto-generated method stub } }
- 编写index.jsp页面
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <base href="<%=basePath%>"> <title>My JSP 'index.jsp' starting page</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="This is my page"> <!-- <link rel="stylesheet" type="text/css" href="styles.css"> --> </head> <body> <h1>分IP统计网站浏览次数</h1> <table border="1" width="400"> <tr> <th>IP地址</th> <th>浏览次数</th> </tr> <c:forEach items="${ipCount}" var="m"> <tr> <td>${m.key}</td> <td>${m.value}</td> </tr> </c:forEach> </table> </body> </html>
- 配置filter,在web.xml文件中加入下面这段代码
<filter> <filter-name>filterDemo4</filter-name> <filter-class>com.oracle.filter.FilterDemo4</filter-class> </filter> <filter-mapping> <filter-name>filterDemo4</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
- 网页结果
(5)自动登录
- 编写AutoLoginFilter类
package com.oracle.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import com.oracle.biz.UserInfoBiz; import com.oracle.biz.impl.UserInfoBizImpl; import com.oracle.entity.UserInfo; import com.oracle.util.CookieUtil; public class AutoLoginFilter implements Filter{ @Override public void init(FilterConfig filterConfig) throws ServletException { // TODO Auto-generated method stub } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { // TODO Auto-generated method stub //先判断session中是否存在,存在则放行,不存在则判断cookie中是否存在用户名密码,存在则到数据库中查询是否正确,正确则存入session并放行,不正确则放行 HttpServletRequest req = (HttpServletRequest)request; HttpSession session = req.getSession(); UserInfo user = (UserInfo)session.getAttribute("user"); if(user != null){ chain.doFilter(req, response); }else{ //session中不存在用户 Cookie[] cookies = req.getCookies(); Cookie cookie = CookieUtil.findCookie(cookies, "autoLogin"); if(cookie!=null){ //在cookie中找到该用户 UserInfoBiz ubiz = new UserInfoBizImpl(); String name = cookie.getValue().split("#oracle#")[0]; String pwd = cookie.getValue().split("#oracle#")[1]; String msg = ubiz.login(name, pwd); if("登陆成功!".equals(msg)){ user = ubiz.getByName(name); session.setAttribute("user", user); chain.doFilter(req, response); }else{ chain.doFilter(req, response); } }else{ //没有找到该客户 chain.doFilter(req, response); } } } @Override public void destroy() { // TODO Auto-generated method stub } }
- 编写DoLoginServlet
package com.oracle.servlet; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import com.oracle.biz.UserInfoBiz; import com.oracle.biz.impl.UserInfoBizImpl; import com.oracle.entity.UserInfo; public class DoLoginServlet extends HttpServlet { /** * Constructor of the object. */ public DoLoginServlet() { super(); } /** * Destruction of the servlet. <br> */ public void destroy() { super.destroy(); // Just puts "destroy" string in log // Put your code here } /** * The doGet method of the servlet. <br> * * This method is called when a form has its tag value method equals to get. * * @param request the request send by the client to the server * @param response the response send by the server to the client * @throws ServletException if an error occurred * @throws IOException if an error occurred */ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request,response); } /** * The doPost method of the servlet. <br> * * This method is called when a form has its tag value method equals to post. * * @param request the request send by the client to the server * @param response the response send by the server to the client * @throws ServletException if an error occurred * @throws IOException if an error occurred */ public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { HttpSession session = request.getSession(); request.setCharacterEncoding("UTF-8"); response.setCharacterEncoding("UTF-8"); String name = request.getParameter("myname"); String pwd = request.getParameter("pwd"); String autoLogin = request.getParameter("autoLogin"); UserInfoBiz ubiz = new UserInfoBizImpl(); //ubiz.login(name, pwd):判断用户是否登陆成功,返回一个字符串。成功则返回"登陆成功!",不成功则返回对应的错误提示。 String msg = ubiz.login(name, pwd); if("登陆成功!".equals(msg)){ UserInfo user = ubiz.getByName(name); session.setAttribute("user", user); if("true".equals(autoLogin)){ //利用cookie记住用户名和密码 Cookie cookie = new Cookie("autoLogin",user.getUserName()+"#oracle#"+user.getPassword()); //设置有效时间 cookie.setMaxAge(60*60*24); //将cookie回写到浏览器 response.addCookie(cookie); } response.sendRedirect("success.jsp"); }else{ request.setAttribute("msg", msg); request.getRequestDispatcher("login.jsp").forward(request, response); } } /** * Initialization of the servlet. <br> * * @throws ServletException if an error occurs */ public void init() throws ServletException { // Put your code here } }
- 编写CookieUtil
package com.oracle.util; import javax.servlet.http.Cookie; public class CookieUtil { public static Cookie findCookie(Cookie[] cookies,String name){ if(cookies==null){ return null; }else{ for(Cookie cookie:cookies){ if(cookie.getName().equals(name)){ return cookie; } } return null; } } }
- 编写login.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <base href="<%=basePath%>"> <title>My JSP 'login.jsp' starting page</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="This is my page"> <!-- <link rel="stylesheet" type="text/css" href="styles.css"> --> </head> <body> <form action="doLogin" method="post"> 用户名<input name="myname"><br/> 密 码<input type="password" name="pwd"><br/> <input type="checkBox" name="autoLogin" value="true">自动登录<br/> <input type="submit" value="登陆"> </form> </body> </html>
- 编写success.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <base href="<%=basePath%>"> <title>My JSP 'success.jsp' starting page</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="This is my page"> <!-- <link rel="stylesheet" type="text/css" href="styles.css"> --> </head> <body> <c:if test="${empty user}"> <h2>您还未登陆,请去<a href="login.jsp">登陆</a></h2> </c:if> <c:if test="${not empty user}"> <h2>欢迎你${user.userName}</h2> </c:if> </body> </html>
(6)处理网站的Get和Post请求乱码
- 思 路:增强request对象的getParameter方法等方法。编写一个类MyHttpServletRequest实现 HttpServletRequestWrapper,重写它的getParameter方法等方法,在这些方法中对不同方式提交的数据进行转码。在过滤 器中,将request强制转换成MyHttpServletRequest类型的对象,这样,当再次使用getParameter等方法时其实调用的是 你重写后的getParametr方法,也就是已经处理过的数据,这样就不用再担心乱码的问题了。
- MyHttpServletRequest类
package com.oracle.bookshop.filter; import java.io.UnsupportedEncodingException; import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; public class MyHttpServletRequest extends HttpServletRequestWrapper { /* * 该类重写 */ private HttpServletRequest request; private boolean hasEncode; public MyHttpServletRequest(HttpServletRequest request) { super(request);// super必须写 this.request = request; } // 对需要增强方法进行覆盖 @Override public Map getParameterMap() { // 先获得请求方式 String method = request.getMethod(); if (method.equalsIgnoreCase("post")) { // post请求 try { // 处理post乱码 request.setCharacterEncoding("utf-8"); return request.getParameterMap(); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } } else if (method.equalsIgnoreCase("get")) { // get请求 Map<String, String[]> parameterMap = request.getParameterMap(); if (!hasEncode) { // 确保get手动编码逻辑只运行一次 for (String parameterName : parameterMap.keySet()) { String[] values = parameterMap.get(parameterName); if (values != null) { for (int i = 0; i < values.length; i++) { try { // 处理get乱码 values[i] = new String(values[i] .getBytes("ISO-8859-1"), "utf-8"); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } } } } hasEncode = true; } return parameterMap; } return super.getParameterMap(); } @Override public String getParameter(String name) { Map<String, String[]> parameterMap = getParameterMap(); String[] values = parameterMap.get(name); if (values == null) { return null; } return values[0]; // 取回参数的第一个值 } @Override public String[] getParameterValues(String name) { Map<String, String[]> parameterMap = getParameterMap(); String[] values = parameterMap.get(name); return values; } }
- 编写CharacterEnodingFilter
package com.oracle.bookshop.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; public class CharacterEnodingFilter implements Filter{ @Override public void destroy() { // TODO Auto-generated method stub } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { // TODO Auto-generated method stub HttpServletRequest req = (HttpServletRequest)request; MyHttpServletRequest myreq = new MyHttpServletRequest(req); chain.doFilter(myreq, response); } @Override public void init(FilterConfig arg0) throws ServletException { // TODO Auto-generated method stub } }
————————————————
参考信息: