Filter类
Filter类其实也是servlet,它的作用是客户端请求到达时未达到servlet处理前拦截请求,可以对HttpServletRequest进行预处理,然后再把请求转交给后续的servlet处理;它也可会HttpServletResponse返回客户端前进行后处理。
Filter的通常用法:
1.用户授权判断,当用户请求达到时,验证用户是否已通过登录授权。
2.日志记录处理,记录用户特殊用户请求。
3.解码处理,负责对请求的内容统一进行解码。
Filter类需要实现javax.servlet.Filter接口,该接口有3个方法:init()、doFilter()、destroy()。
Filter的配置:
1.可以使用注释方式,在filter类前使用@WebFilter注释,filterName属性指定filter名称,urlPatterns属性指定过滤路径。
2.在web.xml中配置方式
以使用Filter实际用户授权控制实例:
目录结构如下
security目录下的资源需要授权后再能方式
login.jsp为登录页面,为了不引入新技术,没有使用struts,只使用html表单,表单的处理为login_proc.jsp。
login_proc.jsp为登录的处理页面(本应该使用servlet或者MVC框架来处理,为了省事而直接使用jsp页面,jsp其本质也是servlet),当用户名和密码均为admin时表示登录成功。
error.jsp为未授权访问security的提示页面。
firstfilter.java为Filter类,实现security访问授权控制。
security/index.jsp文件内容:
1 <%@ page language="java" contentType="text/html; charset=utf-8" 2 pageEncoding="utf-8"%> 3 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 4 <html> 5 <head> 6 <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> 7 <title>授权访问首页</title> 8 </head> 9 <body> 10 <% out.println("你好," + session.getAttribute("userName") + "!"); %> 11 </body> 12 </html>
1 <%@ page language="java" contentType="text/html; charset=utf-8" 2 pageEncoding="utf-8"%> 3 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 4 <html> 5 <head> 6 <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> 7 <title>用户登录</title> 8 </head> 9 <body> 10 <form action="login_proc.jsp" method="post"> 11 用户名:<input type="text" name="userName" value=""></input><br/> 12 密码:<input type="password" name="passWord" value=""></input><br/><br/> 13 <input type="submit" value="提交"/> 14 15 </form> 16 </body> 17 </html>
1 <%@ page language="java" contentType="text/html; charset=utf-8" 2 pageEncoding="utf-8"%> 3 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 4 <html> 5 <head> 6 <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> 7 <title>Filter实例</title> 8 </head> 9 <body> 10 <% 11 String userName = request.getParameter("userName"); 12 String passWord = request.getParameter("passWord"); 13 out.println(userName); 14 out.println(passWord); 15 if(userName.equals("admin") && passWord.equals("admin")) 16 { 17 session.setAttribute("userName", userName); 18 response.sendRedirect("security/index.jsp"); 19 } 20 else 21 { 22 response.sendRedirect("login.jsp"); 23 } 24 %> 25 </body> 26 </html>
1 <%@ page language="java" contentType="text/html; charset=utf-8" 2 pageEncoding="utf-8"%> 3 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 4 <html> 5 <head> 6 <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> 7 <title>不好意思,出错了!</title> 8 </head> 9 <body> 10 你还没有登录,请先<a href="login.jsp" name=login >登录</a>! 11 12 </body> 13 </html>
1 package com.info.filter; 2 3 import java.io.IOException; 4 5 import javax.servlet.Filter; 6 import javax.servlet.FilterChain; 7 import javax.servlet.FilterConfig; 8 import javax.servlet.ServletContext; 9 import javax.servlet.ServletException; 10 import javax.servlet.ServletRequest; 11 import javax.servlet.ServletResponse; 12 import javax.servlet.annotation.WebFilter; 13 import javax.servlet.http.HttpServletRequest; 14 import javax.servlet.http.HttpServletResponse; 15 import javax.servlet.http.HttpSession; 16 import javax.websocket.Session; 17 18 @WebFilter(filterName="firstfilter" 19 ,urlPatterns={"/security/*"}) 20 public class firstfilter implements Filter { 21 22 private FilterConfig config; 23 24 @Override 25 public void destroy() { 26 // TODO Auto-generated method stub 27 this.config = null; 28 29 } 30 31 @Override 32 public void doFilter(ServletRequest request1, ServletResponse response1, FilterChain chain) 33 throws IOException, ServletException { 34 // TODO Auto-generated method stub 35 36 HttpServletRequest request = (HttpServletRequest) request1; 37 HttpServletResponse response = (HttpServletResponse) response1; 38 39 ServletContext context = this.config.getServletContext(); 40 41 HttpSession hsesson = request.getSession(); 42 if(hsesson.getAttribute("userName")==null || hsesson.getAttribute("userName").equals("")) 43 { 44 response.sendRedirect("/filterdemo/error.jsp"); 45 } 46 else 47 { 48 //将请求继续传递直至达到最终访问资源 49 chain.doFilter(request1, response1); 50 } 51 52 53 //--------------------Filter后处理开始-------------------------// 54 //TODO 55 } 56 57 @Override 58 public void init(FilterConfig config) throws ServletException { 59 // TODO Auto-generated method stub 60 61 this.config=config; 62 63 } 64 65 }
1 <?xml version="1.0" encoding="UTF-8"?> 2 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1"> 3 <display-name>filterdemo</display-name> 4 <welcome-file-list> 5 <welcome-file>index.html</welcome-file> 6 <welcome-file>index.htm</welcome-file> 7 <welcome-file>index.jsp</welcome-file> 8 <welcome-file>default.html</welcome-file> 9 <welcome-file>default.htm</welcome-file> 10 <welcome-file>default.jsp</welcome-file> 11 </welcome-file-list> 12 <filter> 13 <filter-name>firstfilter</filter-name> 14 <filter-class>com.info.filter.firstfilter</filter-class> 15 </filter> 16 <filter-mapping> 17 <filter-name>firstfilter</filter-name> 18 <url-pattern>/security/*</url-pattern> 19 </filter-mapping> 20 </web-app>
注:web.xml中配置了filter类,则filter类中的注释则无效。
运行效果:
由于没有登录,Filter将请求转向error.jsp错误页面。
登录成功后,授权页面访问成功!