Filter
一.过滤器Filter
1.filter的简介
filter是对客户端访问资源的过滤,符合条件放行,不符合条件不放行,并且可以对目标资源访问前后进行逻辑处理
作用:
代码的抽取(可以对request设置编码,这样所有走过的servlet的编码都是统一的,没必要每一个都写)
权限管理(在filter内部取出当前登录用户的角色,再看访问的资源,如果匹配则放行,不匹配则不放行)
2.快速入门
步骤:
①编写一个过滤器的类实现Filter接口
②实现接口中尚未实现的方法(着重实现doFilter方法)
③在web.xml中进行配置(主要是配置要对哪些资源进行过滤)
实例代码
//[filter/QuickFilter1.java]
package filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
public class QuickFilter1 implements Filter{
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)
throws IOException, ServletException {
System.out.println("quickfilter1... start...");
//放行请求
arg2.doFilter(arg0, arg1);
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}//[web.xml]中添加的内容
<filter>
<filter-name>QuickFilter1</filter-name>
<filter-class>filter.QuickFilter1</filter-class>
</filter>
<filter-mapping>
<filter-name>QuickFilter1</filter-name>
<url-pattern>/*</url-pattern><!-- 实现过滤所有请求 -->
</filter-mapping>3.Filter的API详解
filter生命周期及其与生命周期相关的方法
Filter接口有三个方法,并且这三个都是与Filter的生命相关的方法 :
① init(Filterconfig):代表filter对象初始化方法,filter对象创建时执行
② doFilter(ServletRequest,ServletResponse,FilterCha):代表filter执行过滤的核心方法,如果某资源在已经被配置到这个filter进行过滤的话,那么每次访问这个资源都会执行doFilter方法
③ destory():代表是filter销毁方法,当filter对象销毁时执行该方法
Filter对象的生命周期:
- Filter何时创建:服务器启动时就创建该filter对象
- Filter何时销毁:服务器关闭时filter销毁
- 每次访问被filter过滤的资源时,都执行doFilter()
Filter的API详情
init(FilterConfig arg0)其中参数arg0代表该Filter对象的配置信息的对象,内部封装是该filter的配置信息。
@Override
public void init(FilterConfig arg0) throws ServletException {
//获得web.xml中<filter-name>QuickFilter1</filter-name>的名字
System.out.println(arg0.getFilterName());
//获得当前filter的初始化参数<init-param><param-name>aaa</param-name><param-value>bbb</param-value></init-param>
System.out.println(arg0.getInitParameter("aaa"));
//获得所有初始化参数的名字
System.out.println(arg0.getInitParameterNames());
//获得servletContext对象(故先有servletContext)
System.out.println(arg0.getServletContext());
System.out.println("init...");
}destory()方法在filter对象销毁时执行
doFilter(ServletRequest arg0,ServletResponse arg1,FilterChain arg2)方法时Filter的核心过滤方法,参数解析如下:
- ServletRequest arg0:内部封装的是客户端http请求的内容
- ServletResponse arg1:代表响应ServletRequest/ServletResponse:每次在执行doFilter方法时 web容器负责创建一个request和一个response对象作为doFilter的参数传递进来。该request给该response就是在访问目标资源的service方法时的request和response。
- FilterChain:过滤器链对象,知道所有filter和对应的顺序,通过该对象的doFilter方法可以放行该请求 【注意filter的顺序是根据filter-mapping的先后顺序去执行】
4.Filter的配置
基本配置如下:
<filter>
<filter-name>QuickFilter1</filter-name>
<filter-class>filter.QuickFilter1</filter-class>
<init-param>
<param-name>aaa</param-name>
<param-value>bbb</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>QuickFilter1</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher><!-- 直接访问某个资源时执行filter -->
</filter-mapping>
<filter>
<filter-name>QuickFilter2</filter-name>
<filter-class>filter.QuickFilter2</filter-class>
</filter>
<filter-mapping>
<filter-name>QuickFilter2</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher><!-- 转发时才执行filter -->
</filter-mapping>url-pattern配置时
- 完全匹配 /sertvle1
- 目录匹配 /aaa/bbb/* (最多的)
/user/*:访问前台的资源进入此过滤器
/admin/*:访问后台的资源时执行此过滤器
扩展名匹配 .abc .jsp
注意:url-pattern可以使用servlet-name替代,也可以混用,表示过滤指定的servlet。
dispatcher:访问的方式(了解)
- REQUEST:默认值,代表直接访问某个资源时执行filter(故此时转发访问一次,重定向访问两次)
- FORWARD:转发时才执行filter
- INCLUDE: 包含资源时执行filter(A资源包含B资源的情形下执行)
- ERROR:发生错误时进行跳转是执行filter(在跳转错误页面的时候执行)
5.总结Filter的作用
- 公共代码的提取
- 可以对request和response中的方法进行增强(装饰者模式/动态代理)
- 进行权限控制
6.用户自动登录Demo
登录的基本实现思路
实现流程:
- 编写index.jsp页面,实现用户的登录页
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="${pageContext.request.contextPath}/login" method="post" style="height:100px;width:200px;margin:0 auto">
用户名:<input type="text" name="username"/><br>
密码:<input type="text" name="password"/><br>
<input type="checkbox" name="autoLogin" value="autoLogin"/>自动登录<br>
<input type="submit" value="提交" style="height:20px;width:50px;margin:0 auto;"/>
</form>
</body>
</html>- 编写LoginServlet.java并设置访问接口为/login
package web;
import java.io.IOException;
import java.sql.SQLException;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import domain.User;
import service.UserService;
public class LoginServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
//获取数据
String username = request.getParameter("username");
String password = request.getParameter("password");
HttpSession session = request.getSession();
User user = null;
UserService service = new UserService();
try {
//检查用户信息
user = service.login(username,password);
} catch (SQLException e) {
e.printStackTrace();
}
if(user != null) {
//登陆成功
//判断用户是否勾选自动登录
String autoLogin = request.getParameter("autoLogin");
if(autoLogin!=null) {
Cookie cookie_username = new Cookie("cookie_username",user.getUsername());
Cookie cookie_password = new Cookie("cookie_password",user.getPassword());
//设置cookie的持久化时间
cookie_username.setMaxAge(60*60);//设置一小时可用时间
cookie_password.setMaxAge(60*60);//设置一小时可用时间
//设置cookie的携带路径
cookie_username.setPath(request.getContextPath());
cookie_password.setPath(request.getContextPath());
//发送cookie
response.addCookie(cookie_username);
response.addCookie(cookie_password);
}
//将登陆的用户的user对象存到session中
session.setAttribute("user",user);
//重定向到首页
response.sendRedirect(request.getContextPath()+"/success.jsp");
}else {
//登录失败,转发到登录页面,给出提示信息
request.setAttribute("loginInfo", "用户名和密码错误");
request.getRequestDispatcher("/login.jsp").forward(request, response);;
}
}
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}
}- 编写UserService.java实现service服务
package service;
import java.sql.SQLException;
import dao.UserDao;
import domain.User;
public class UserService {
public User login(String username, String password) throws SQLException {
UserDao dao = new UserDao();
return dao.login(username,password);
}
}- 编写UserDao.java访问数据库
package dao;
import java.sql.SQLException;
import org.apache.commons.dbutils.QueryRunner;
import org.apache.commons.dbutils.handlers.BeanHandler;
import domain.User;
import utils.DataSourceUtils;
public class UserDao {
public User login(String username, String password) throws SQLException {
System.out.println(username+" "+password);
QueryRunner runner = new QueryRunner(DataSourceUtils.getDataSource());
String sql = "select * from user where username = ? and password = ?";
User user = runner.query(sql, new BeanHandler<User>(User.class),username,password);
System.out.println(user);
return user;
}
}- 编写User.java作为实体
package domain;
public class User {
private int id;
private String username;
private String password;
private String email;
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
@Override
public String toString() {
return "User [id=" + id + ", username=" + username + ", password=" + password + ", email=" + email + "]";
}
public User(int id, String username, String password, String email) {
super();
this.id = id;
this.username = username;
this.password = password;
this.email = email;
}
public User() {
super();
}
}- 编写访问成功页面success.jsp用于获取session中的数据,login.jsp页面用于提示错误信息
//success.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<c:if test="${empty user }">
<li><a href="${pageContext.request.contextPath}/">登陆</a></li>
</c:if>
<c:if test="${!empty user }">
<h1>欢迎您,${user.username}</h1>
</c:if>
</body>
</html>- 编写过滤器AutoLoginFilter.java用于对cookie内容进行校验如果存在用户则将用户存到session中并放行
package filter;
import java.io.IOException;
import java.sql.SQLException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import domain.User;
import service.UserService;
public class AutoLoginFilter implements Filter{
@Override
public void destroy() {}
@Override
public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)arg0;
HttpServletResponse response = (HttpServletResponse)arg1;
//获得cookie中的用户名和密码进行登录操作
//定义cookie_username
String cookie_username = null;
//定义cookie_password
String cookie_password = null;
//获得cookie
Cookie[] cookies = request.getCookies();
if(cookies != null) {
for(Cookie cookie:cookies) {
//获得名字是cookie_username和cookie_password的cookie
if(cookie.getName().equals("cookie_username")) {
cookie_username = cookie.getValue();
}
if(cookie.getName().equals("cookie_password")) {
cookie_password = cookie.getValue();
}
}
}
//判断username和password是否是null
if(cookie_username!=null&&cookie_password!=null) {
HttpSession session = request.getSession();
User user = null;
UserService service = new UserService();
try {
user = service.login(cookie_username,cookie_password);
} catch (SQLException e) {
e.printStackTrace();
}
//将登陆的用户存到session中
if(user != null) {
session.setAttribute("user",user);
}
}
//放行
arg2.doFilter(arg0, arg1);
}
@Override
public void init(FilterConfig arg0) throws ServletException {}
}- 配置web.xml中的servlet接口地址和filter过滤内容
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>WEB24_FILTER</display-name>
<!-- 自动登录filter -->
<filter>
<filter-name>AutoLoginFilter</filter-name>
<filter-class>filter.AutoLoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AutoLoginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<description></description>
<display-name>LoginServlet</display-name>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>web.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/login</url-pattern>
</servlet-mapping>
</web-app>测试功能是否好用的思路
- 未登录时进入success.jsp提示登录
- 登录用户时选中自动登录后进入seccess.jsp
- 将浏览器关闭(目的:清除session)
- 打开浏览器,直接访问success.jsp可以看到欢迎您,用户名的提示
解决全局乱码的问题
- 问题出现原因
- cookie不能存中文
- 登录时输入中文,后台接受时会出现乱码
- get时需要在后台添加先编码再解码
parameter = new String(parameter.getBytes("ios8859-1"),"UTF-8");- post时需要在后台添加
request.setCharacterEncoding("UTF-8");- 解决问题
1. 解决cookie不能存中文的问题:
在存储到cookie前对内容进行编码
String username_code = URLEncoder.encode(username,"UTF-8");
String password_code = URLEncoder.encode(password,"UTF-8");
在过滤器取之前对cookie的内容进行解码
//恢复中文用户名
cookie_username = URLDecoder.decode(cookie_username,"UTF-8");
//恢复中文密码
cookie_password = URLDecoder.decode(cookie_password,"URF-8");2. 解决登录中输入中文后台接受出现乱码的问题
- 添加编码格式转换的过滤器EncodingFilter.java并在web.xml中配置
- 首先对请求的方式进行判断,如果是POST请求,直接给request设置编码字符集为UTF-8即可;如果是GET请求,则需要将request对象利用装饰者模式进行增强,增强request对象的getParameter方法,将接受的参数用ISO8859-1解码UTF-8编码,将增强的对象传递给之后的过滤器或目标方法。
package filter;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
public class EncodingFilter implements Filter{
@Override
public void destroy() {}
@Override
public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)
throws IOException, ServletException {
//被增强的对象
HttpServletRequest request = (HttpServletRequest)arg0;
if(request.getMethod().equals("POST")) {
request.setCharacterEncoding("UTF-8");
arg2.doFilter(request, arg1);
}else if(request.getMethod().equals("GET")){
//在传递request之前,对request的getParamter方法进行增强
/*
* 利用装饰者模式(包装)
* 1.增强类与被增强的类实现同一个接口
* 2.在增强类中传入被增强的类
* 3.需要增强的方法重写,不需要增强的方法调用被增强对象的
*/
//增强对象
EnhanceRequest enchangeRequest = new EnhanceRequest(request);
arg2.doFilter(enchangeRequest, arg1);
}
}
@Override
public void init(FilterConfig arg0) throws ServletException {}
}
//HttpServletRequestWrapper是专门为了实现装饰者模式的类
class EnhanceRequest extends HttpServletRequestWrapper{
private HttpServletRequest request;
public EnhanceRequest(HttpServletRequest request) {
super(request);
this.request = request;
}
//对getParamter增强
@Override
public String getParameter(String name) {
String parameter = request.getParameter(name);//乱码
try {
parameter = new String(parameter.getBytes("iso8859-1"),"UTF-8");
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return parameter;
}
}
原文:https://blog.****.net/qq_34829447/article/details/81736874