servlet过滤器

一.过滤器作用

• 用户认证与授权管理，统计web应用访问量(找到就访问，没的话转到其他页面)和访问命中率和形成访问报告。
• 实现web应用的日志处理功能
• 实现数据压缩和加密功能
• 实现xml和xstl的转换。

二.预备知识

• init() ：这个方法在容器实例化过滤器时被调用，它主要设计用于使过滤器为处理做准备。该方法接受一个 FilterConfig 类型的对象作为输入。
• doFilter() ：与 servlet 拥有一个 service() 方法（这个方法又调用 doPost() 或者 doGet() ）来处理请求一样，过滤器拥有单个用于处理请求和响应的方法?D?D doFilter() 。这个方法接受三个输入参数：一个 ServletRequest 、 response 和一个 FilterChain (可能多个filter，按顺序执行)对象。 这里的ServletRequest和ServletResponse一般需要转换成具体的Servlet实现对于的对象，如：HttpServletRequest和HttpServletResponse。

doFilter(ServletRequest request, ServletResponse response, FilterChain chain)

• destroy() ：正如您想像的那样，这个方法执行任何清理操作，这些操作可能需要在自动垃圾收集之前进行。当Servlet容器在销毁过滤器实例前，该方法销毁过滤器占用的资源。

三.代码

        1.访问时间限制

//访问时的过滤器（在过滤器中使用servlet初始化参数）
//下面利用init设定一个正常访问时间范围，对那些不在此时间段的访问作出记录
import java.io.IOException;
import java.text.DateFormat;
import java.util.Calendar;
import java.util.GregorianCalendar;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
 
public class SimpleFilter2 implements Filter {
    @SuppressWarnings("unused")
    private FilterConfig config;
    private ServletContext context;
    private int startTime, endTime;
    private DateFormat formatter;
 
    public void init(FilterConfig config) throws ServletException {
       this.config = config;
       context = config.getServletContext();
       formatter = DateFormat.getDateTimeInstance(DateFormat.MEDIUM,
              DateFormat.MEDIUM);
       try {
           startTime = Integer.parseInt(config.getInitParameter("startTime"));// web.xml
           endTime = Integer.parseInt(config.getInitParameter("endTime"));// web.xml
       } catch (NumberFormatException nfe) { // Malformed or null
           // Default: access at or after 10 p.m. but before 6 a.m. is
           // considered unusual.
           startTime = 22; // 10:00 p.m.
           endTime = 6; // 6:00 a.m.
       }
    }
 
    public void doFilter(ServletRequest request, ServletResponse response,
           FilterChain chain) {
       try {
           System.out.println("Within SimpleFilter2:Filtering the Request...");
           HttpServletRequest req = (HttpServletRequest) request;
           GregorianCalendar calendar = new GregorianCalendar();
           int currentTime = calendar.get(Calendar.HOUR_OF_DAY);
           if (isUnusualTime(currentTime, startTime, endTime)) {
              context.log("WARNING: " + req.getRemoteHost() + " accessed "
                     + req.getRequestURL() + " on "
                     + formatter.format(calendar.getTime()));
              // The log file is under <CATALINA_HOME>/logs.One log per day.
           }
           chain.doFilter(request, response);
           System.out
                  .println("Within SimpleFilter2:Filtering the Response...");
       } catch (IOException ioe) {
           ioe.printStackTrace();
       } catch (ServletException se) {
           se.printStackTrace();
       }
    }
 
    public void destroy() {}
 
    // Is the current time between the start and end
    // times that are marked as abnormal access times?
    private boolean isUnusualTime(int currentTime, int startTime, int endTime) {
       // If the start time is less than the end time (i.e.,
       // they are two times on the same day), then the
       // current time is considered unusual if it is
       // between the start and end times.
       if (startTime < endTime) {
           return ((currentTime >= startTime) && (currentTime < endTime));
       }
       // If the start time is greater than or equal to the
       // end time (i.e., the start time is on one day and
       // the end time is on the next day), then the current
       // time is considered unusual if it is NOT between
       // the end and start times.
       else {
           return (!isUnusualTime(currentTime, endTime, startTime));
       }
    }
}

          参考资料：http://zhangjunhd.blog.51cto.com/113473/20629

       2.登陆限制

public class LoginFilter implements Filter {
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        System.out.println("init LoginFilter");
    }
    @Override
    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {
        //把ServletRequest和ServletResponse转换成真正的类型
        HttpServletRequest req = (HttpServletRequest)request;
        HttpSession session = req.getSession();
        //由于web.xml中设置Filter过滤全部请求，可以排除不需要过滤的url
        String requestURI = req.getRequestURI();
        if(requestURI.endsWith("login.jsp")){
            chain.doFilter(request, response);
            return;
        }
        //判断用户是否登录，进行页面的处理
        if(null == session.getAttribute("user")){
            //未登录用户，重定向到登录页面
            ((HttpServletResponse)response).sendRedirect("login.jsp");
            return;
        } else {
            //已登录用户，允许访问
            chain.doFilter(request, response);
        }
    }
    @Override
    public void destroy() {
        System.out.println("destroy!!!");
    }
}

        3.过滤敏感词

public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {
        //转换成实例的请求和响应对象
        HttpServletRequest req = (HttpServletRequest)request;
        HttpServletResponse resp = (HttpServletResponse)response;
        //获取评论并屏蔽关键字
        String comment = req.getParameter("comment");
        comment = comment.replace("A", "***");
        //重新设置参数
        req.setAttribute("comment", comment);
        //继续执行
        chain.doFilter(request, response);
    }