2022-09-04 第六小组 张宁杰 cookie&session&filter&监听器
axios和ajax的区别:
axios是通过Promise实现对ajax技术的一种封装,就像jquery对ajax的封装一样,简单来说就是ajax技术实现了局部数据的刷新,axios实现了对ajax的封装,axios有的ajax都有,ajax有的axios不一定有,总结一句话就是axios是ajax,ajax不止axios。
axios实现天气转换
查看代码
查看代码
COOKIE
http 不能保存状态,如保存密码自动登录,自动登录什么时候失效
cookie:保存 http 状态,保存在客户端,浏览器上,登录信息以键值对形式保存,不安全
使用 cookie 步骤
1. 创建 cookie 对象
2. 设置最大时效
3. 把 cookie 放入 http 响应头中
@WebServlet("/cookie.do")
public class CookieServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
// 获取cookie
Cookie[] cookies = req.getCookies();
if(Objects.nonNull(cookies) && cookies.length > 0){
// 有cookie
for (Cookie cookie : cookies) {
if(cookie.getValue().equals("admin")){
System.out.println(cookie.getName() + cookie.getValue());
}
}
}else {
System.out.println("没有发现cookie");
String name = req.getParameter("name");
String pass = req.getParameter("pass");
Cookie cookie = new Cookie(name,pass);
/*
设置cookie最大时效
cookie.setMaxAge(10);
把 cookie 放入 http 响应头中
*/
resp.addCookie(cookie);
resp.sendRedirect("success.html");
}
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
SESSION
session:HttpSession 会话
创建session
@WebServlet(name = "SessionServlet",value = "/session.do")
public class SessionServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
// 获取 session
// 会话
HttpSession session = req.getSession();
String username = req.getParameter("username");
// 把 username 放到 session中
session.setAttribute("username",username);
resp.sendRedirect("success.html");
// session.setMaxInactiveInterval(1000);设置过期时间
// 令session销毁
// session.invalidate();
// 删除key值对应的属性
session.removeAttribute("");
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
session 中数据什么时候失效
1. 过期
2. 关闭浏览器(并不能完全销毁session.JSESSIONID,根据JSESSIONID找到之前的session)
3. 调用 session 销毁的方法
网站上安全退出原理是销毁 session
过滤器:Filter
是 javaweb 的一个重要组件,可以对发送到 servlet 的请求进行拦截过滤,也可以对响应进行拦截
Filter 是实现了 Filter 接口的 java 类
Filter 需要在 web.xml中进行注册,也可以通过注解来注册
创建一个 Filter
需要实现 Filter 接口
implements Filter
初始化
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// System.out.println("Filter init 初始化");
}
再创建 Filter 对象,再 servlet 容器(tomcat)加载当前web应用(当前工程)被调用
只执行一次,当前 Filter 的初始化操作,Filter 和 Servlet 都是单例的
filterConfig 类似于 ServletConfig,获取初始化参数
过滤请求的方法
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("Filter doing..");
// 放行请求
String name = servletRequest.getParameter("name");
if(Objects.equals(name,"a")){
filterChain.doFilter(servletRequest,servletResponse);
return;
}
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpServletRequest request = (HttpServletRequest) servletRequest;
response.sendRedirect(request.getContextPath() + "/filter/test.html");
}
真正Filter要处理的逻辑代码,每次拦截都会调用这个方法
ServletRequest:当请求来的时候,实例化的还是HttpServletRequest
ServletResponse:当请求来的时候,实例化的还是HttpServletResponse
FilterChain:过滤器链,一个项目中可以有多个过滤器,会形成一个链,当前过滤器,要把请求传给下一个过滤器
Filter执行顺序
xml文件
注解是文件名顺序
这里的请求响应参数,实际就是 HttpServletRequest 和 HttpServletResponse
由于形参声明的父类类型,发生了向上转型
ServletResponse 和 HttpServletResponse
由于子类对象调父类方式,随便调
父类对象想调子类方法,不行,除非再向下转型
说明sendRedirect是子类特有的方法
需要向下转型,但是有风险
只要地址栏不改变,request永远是同一个
销毁
@Override
public void destroy() {
// System.out.println("Filter 销毁");
}
案例:网站防止盗链
@WebFilter("/afternoon/vip.html")
public class LoginFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpSession session = request.getSession();
Object card = session.getAttribute("card");
// 如果从session中获取的数据为null,则说明盗链过来的,没有登录过
if(Objects.isNull(card)){
response.sendRedirect(request.getContextPath() + "/afternoon/main.html");
return;
}
// 如果从session中获取的数据不为null,则说明登录成功了,放行
filterChain.doFilter(servletRequest,servletResponse);
}
}
@WebServlet("/main.do")
public class MainServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String card = req.getParameter("card");
if(Objects.equals(card,"80011234")){
// 如果登录成功,那我就把你的信息放入到session里
req.getSession().setAttribute("card",card);
resp.sendRedirect(req.getContextPath() + "/afternoon/vip.html");
}else {
resp.sendRedirect(req.getContextPath() + "/afternoon/main.html");
}
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
字符编码集过滤器
@WebFilter("/*")
public class EncodingFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse)servletResponse;
servletRequest.setCharacterEncoding("utf-8");
servletResponse.setCharacterEncoding("utf-8");
// 给response添加响应头,text/html,后台向前台输出字符串的时候
// 当前台前后台输出是json格式,不需要设置这个
response.addHeader("content-type","text/html;charset=utf-8");
// 放行
filterChain.doFilter(servletRequest,servletResponse);
}
}
监听器(Listener)
专门用于对其他对象身上发生的事件或状态改变进行监听和相应的处理
分类:
1.监听域对象自身的创建和销毁
2.监听域对象中属性的增加和删除
3.监听绑定到session中某个对象状态的事件监听
java(ee)三大件
- servlet
- filter
- listener
public class HelloSessionListener implements HttpSessionActivationListener {
/*
钝化
向磁盘中写入session对象
*/
@Override
public void sessionWillPassivate(HttpSessionEvent se) {
HttpSessionActivationListener.super.sessionWillPassivate(se);
}
/*
活化
从磁盘中读取session对象
*/
@Override
public void sessionDidActivate(HttpSessionEvent se) {
HttpSessionActivationListener.super.sessionDidActivate(se);
}
}
public class HelloListener implements HttpSessionListener, ServletRequestListener, ServletContextListener {
@Override
public void contextInitialized(ServletContextEvent sce) {
ServletContextListener.super.contextInitialized(sce);
}
@Override
public void contextDestroyed(ServletContextEvent sce) {
ServletContextListener.super.contextDestroyed(sce);
}
@Override
public void requestDestroyed(ServletRequestEvent sre) {
ServletRequestListener.super.requestDestroyed(sre);
}
@Override
public void requestInitialized(ServletRequestEvent sre) {
ServletRequestListener.super.requestInitialized(sre);
}
@Override
public void sessionCreated(HttpSessionEvent se) {
HttpSessionListener.super.sessionCreated(se);
}
@Override
public void sessionDestroyed(HttpSessionEvent se) {
HttpSessionListener.super.sessionDestroyed(se);
}
}
@WebListener()
public class HelloAttributeListener implements ServletContextAttributeListener, ServletRequestAttributeListener {
@Override
public void attributeAdded(ServletContextAttributeEvent scae) {
ServletContextAttributeListener.super.attributeAdded(scae);
}
@Override
public void attributeRemoved(ServletContextAttributeEvent scae) {
ServletContextAttributeListener.super.attributeRemoved(scae);
}
@Override
public void attributeReplaced(ServletContextAttributeEvent scae) {
ServletContextAttributeListener.super.attributeReplaced(scae);
}
@Override
public void attributeAdded(ServletRequestAttributeEvent srae) {
ServletRequestAttributeListener.super.attributeAdded(srae);
}
@Override
public void attributeRemoved(ServletRequestAttributeEvent srae) {
ServletRequestAttributeListener.super.attributeRemoved(srae);
}
@Override
public void attributeReplaced(ServletRequestAttributeEvent srae) {
ServletRequestAttributeListener.super.attributeReplaced(srae);
}
}
