filter过滤器
Filter简介:
Filter也称之为过滤器。
Servlet API中提供了一个Filter接口,开发web应用时,如果编写的Java类实现了这个接口,则把这个java类称之为过滤器Filter。通过Filter技术,开发人员可以实现用户在访问某个目标资源之前,对访问的请求和响应进行拦截。
Filter开发分为二个步骤:
编写java类实现Filter接口,并实现其doFilter方法。
在 web.xml 文件中使用<filter>和<filter-mapping>元素对编写的filter类进行注册,并设置它所能拦截的资源。
Filter链
在一个web应用中,可以开发编写多个Filter,这些Filter组合起来称之为一个Filter链。
web服务器根据Filter在web.xml文件中的注册顺序,决定先调用哪个Filter,当第一个Filter的doFilter方法被调用时,web服务器会创建一个代表Filter链的FilterChain对象传递给该方法。在doFilter方法中,开发人员如果调用了FilterChain对象的doFilter方法,则web服务器会检查FilterChain对象中是否还有filter,如果有,则调用第2个filter,如果没有,则调用目标资源。
Filter的生命周期
init(FilterConfig filterConfig)throws ServletException:
Filter的创建和销毁由WEB服务器负责。 web 应用程序启动时,web 服务器将创建Filter 的实例对象,并调用其init方法,完成对象的初始化功能,从而为后续的用户请求作好拦截的准备工作(注:filter对象只会创建一次,init方法也只会执行一次。)
destroy():在Web容器卸载 Filter 对象之前被调用。该方法在Filter的生命周期中仅执行一次。在这个方法中,可以释放过滤器使用的资源。
FilterConfig接口:
用户在配置filter时,可以使用<init-param>为filter配置一些初始化参数,当web容器实例化Filter对象,调用其init方法时,会把封装了filter初始化参数的filterConfig对象传递进来。因此开发人员在编写filter时,通过filterConfig对象的方法,就可获得:
String getFilterName():得到filter的名称。
String getInitParameter(String name): 返回在部署描述中指定名称的初始化参数的值。如果不存在返回null.
Enumeration getInitParameterNames():返回过滤器的所有初始化参数的名字的枚举集合。
public ServletContext getServletContext():返回Servlet上下文对象的引用。
FilterDemo1.java package cn.lcp.web.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; /* * filter的三种典型应用: * 1、可以在filter中根据条件决定是否调用chain.doFilter(request, response)方法,即是否让目标资源执行 * 2、在让目标资源执行之前,可以对request\response作预处理,再让目标资源执行 * 3、在目标资源执行之后,可以捕获目标资源的执行结果,从而实现一些特殊的功能 * */ public class FilterDemo1 implements Filter { //拦截下来写代码,要执行的操作---指定拦截谁,在web.xml中配置 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { System.out.println("hhhh"); //对request和response进行一些预处理,对全站都有效果,解决乱码问题 request.setCharacterEncoding("UTF-8"); response.setCharacterEncoding("UTF-8"); response.setContentType("text/html;charset=UTF-8"); System.out.println("filterdemo1执行前!!!"); chain.doFilter(request, response); //让目标资源执行,放行 System.out.println("filterdemo1执行后!!!"); } public void init(FilterConfig filterConfig) throws ServletException { // TODO Auto-generated method stub } public void destroy() { // TODO Auto-generated method stub } }
web.xml <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0"> <display-name>day18</display-name> <filter> <!-- 配置filter --> <filter-name>FilterDemo1</filter-name> <filter-class>cn.lcp.web.filter.FilterDemo1</filter-class> </filter> <filter-mapping> <!-- 指定filter拦截那个web资源 --> <filter-name>FilterDemo1</filter-name> <url-pattern>/*</url-pattern> <!-- 指定filter拦截所有的web资源 --> </filter-mapping> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> </web-app>
应用
应用1:统一全站字符编码的过滤器
package cn.lcp.web.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; //解决全站乱码问题 public class CharacterEncodingFilter implements Filter { private FilterConfig filterConfig = null; private String defaultCharset = "UTF-8"; public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { String charset = filterConfig.getInitParameter("charset"); if(charset==null){ charset = defaultCharset; } request.setCharacterEncoding(charset); //post response.setCharacterEncoding(charset); response.setContentType("text/html;charset=" + charset); chain.doFilter(request, response); } public void init(FilterConfig filterConfig) throws ServletException { this.filterConfig = filterConfig; } public void destroy() { // TODO Auto-generated method stub } }
package cn.lcp.web.servlet; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ServletDemo1 extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { //System.out.println("servletdemo1"); //request.getRequestDispatcher("/index.jsp").forward(request, response); response.getWriter().write("中国"); } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request, response); } }
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0"> <display-name>day18</display-name> <filter> <!-- 配置filter --> <filter-name>CharacterEncodingFilter</filter-name> <filter-class>cn.lcp.web.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>charset</param-name> <param-value>utf-8</param-value> </init-param> </filter> <filter-mapping> <!-- 指定filter拦截那个web资源 --> <filter-name>CharacterEncodingFilter</filter-name> <url-pattern>/*</url-pattern> <!-- 指定filter拦截所有的web资源 --> </filter-mapping> <servlet> <description>This is the description of my J2EE component</description> <display-name>This is the display name of my J2EE component</display-name> <servlet-name>ServletDemo1</servlet-name> <servlet-class>cn.lcp.web.servlet.ServletDemo1</servlet-class> </servlet> <servlet-mapping> <servlet-name>ServletDemo1</servlet-name> <url-pattern>/servlet/ServletDemo1</url-pattern> </servlet-mapping> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> </web-app>
应用2:禁止浏览器缓存所有动态页面的过滤器:
有 3 个 HTTP 响应头字段都可以禁止浏览器缓存当前页面,它们在 Servlet 中的示例代码如下:
response.setDateHeader("Expires",-1);
response.setHeader("Cache-Control","no-cache");
response.setHeader("Pragma","no-cache");
并不是所有的浏览器都能完全支持上面的三个响应头,因此最好是同时使用上面的三个响应头。
Expires数据头:值为GMT时间值,为-1指浏览器不要缓存页面
Cache-Control响应头有两个常用值:
no-cache指浏览器不要缓存当前页面。
max-age:xxx指浏览器缓存页面xxx秒。
<filter> <!-- 配置filter --> <filter-name>NoCacheFilter</filter-name> <filter-class>cn.lcp.web.filter.NoCacheFilter</filter-class> </filter> <filter-mapping> <!-- 指定filter拦截那个web资源 --> <filter-name>NoCacheFilter</filter-name> <url-pattern>*.jsp</url-pattern> <!-- 指定filter拦截所有的jsp--> </filter-mapping>
package cn.lcp.web.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class NoCacheFilter implements Filter { public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) resp; response.setDateHeader("Expires", -1); response.setHeader("Cache-Control", "no-cache"); response.setHeader("Pragma", "no-cache"); chain.doFilter(request, response); } public void init(FilterConfig filterConfig) throws ServletException { // TODO Auto-generated method stub } public void destroy() { // TODO Auto-generated method stub } }
应用3:控制浏览器缓存页面中的静态资源的过滤器
<filter> <!-- 配置filter --> <filter-name>ExpiresFilter</filter-name> <filter-class>cn.lcp.web.filter.ExpiresFilter</filter-class> <init-param><!-- 初始化参数 --> <param-name>css</param-name> <param-value>4</param-value> </init-param> <init-param> <param-name>jpg</param-name> <param-value>1</param-value> </init-param> </filter> <filter-mapping> <!-- 指定filter拦截那个web资源 --> <filter-name>ExpiresFilter</filter-name> <url-pattern>*.jpg</url-pattern> <!-- 指定filter拦截所有的jsp--> </filter-mapping> <filter-mapping> <!-- 指定filter拦截那个web资源 --> <filter-name>ExpiresFilter</filter-name> <url-pattern>*.css</url-pattern> <!-- 指定filter拦截所有的jsp--> </filter-mapping>
package cn.lcp.web.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; //控制缓存的filter public class ExpiresFilter implements Filter { private FilterConfig filterConfig; public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) resp; //1.获取用户想访问的资源 String uri = request.getRequestURI(); //2.得到用户想访问的资源的后缀名 String ext = uri.substring(uri.lastIndexOf(".")+1); //得到资源需要缓存的时间 String time = filterConfig.getInitParameter(ext); if(time!=null){ long t = Long.parseLong(time)*3600*1000; response.setDateHeader("expires", System.currentTimeMillis() + t); } chain.doFilter(request, response); } public void init(FilterConfig filterConfig) throws ServletException { this.filterConfig = filterConfig; } public void destroy() { // TODO Auto-generated method stub } }
应用4:使用Filter实现URL级别的权限认证
应用5:实现用户自动登陆的过滤器
dao package cn.lcp.dao; import java.util.List; import cn.lcp.db.MyDb; import cn.lcp.domain.User; public class UserDao { public User find(String username,String password){ List<User> list = MyDb.getAll(); for(User user : list){ if(user.getUsername().equals(username) && user.getPassword().equals(password)){ return user; } } return null; } public User find(String username){ List<User> list = MyDb.getAll(); for(User user : list){ if(user.getUsername().equals(username)){ return user; } } return null; } }
db package cn.lcp.db; import java.util.ArrayList; import java.util.List; import cn.lcp.domain.User; //模拟数据库 public class MyDb { private static List list = new ArrayList(); static{ list.add(new User("aaa","123")); list.add(new User("bbb","123")); list.add(new User("ccc","123")); } public static List getAll(){ return list; } }
domain package cn.lcp.domain; public class User { private String username; private String password; public User() { super(); // TODO Auto-generated constructor stub } public User(String username, String password) { super(); this.username = username; this.password = password; } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } }
utils package cn.lcp.utils; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import sun.misc.BASE64Encoder; public class WebUtils { public static String md5(String message) { try { MessageDigest md = MessageDigest.getInstance("md5"); byte result[] = md.digest(message.getBytes()); BASE64Encoder encoder = new BASE64Encoder(); return encoder.encode(result); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } } }
filter--过滤器 package cn.lcp.web.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import cn.lcp.dao.UserDao; import cn.lcp.domain.User; import cn.lcp.utils.WebUtils; public class AutoLoginFilter implements Filter { public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) resp; if(request.getSession().getAttribute("user")!=null){ chain.doFilter(request, response); return; } //1.得到用户带过来的authlogin的cookie, String value = null; Cookie cookies[] = request.getCookies(); for(int i=0;cookies!=null && i<cookies.length;i++){ if(cookies[i].getName().equals("autologin")){ value = cookies[i].getValue(); } } //2.得到 cookie中的用户名和密码 if(value!=null){ String username = value.split("\\.")[0]; String password = value.split("\\.")[1]; //3.调用dao获取用户对应的密码 UserDao dao = new UserDao(); User user = dao.find(username); String dbpassword = user.getPassword(); //4.检查用户带过来的md5的密码和数据库中的密码是否匹配,如匹配则自动登陆 if(password.equals(WebUtils.md5(dbpassword))){ request.getSession().setAttribute("user", user); } } chain.doFilter(request, response); } public void destroy() { // TODO Auto-generated method stub } public void init(FilterConfig filterConfig) throws ServletException { // TODO Auto-generated method stub } }
servlet package cn.lcp.web.servlet; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import cn.lcp.dao.UserDao; import cn.lcp.domain.User; import cn.lcp.utils.WebUtils; public class LoginServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String username = request.getParameter("username"); String password = request.getParameter("password"); UserDao dao = new UserDao(); User user = dao.find(username, password); if(user==null){ request.setAttribute("message", "用户名或密码不对!!"); request.getRequestDispatcher("/message.jsp").forward(request, response); return; } request.getSession().setAttribute("user", user); request.setAttribute("message", "恭喜,登陆成功!!"); //发送自动登陆cookie sendAutoLoginCookie(request,response,user); request.getRequestDispatcher("/message.jsp").forward(request, response); } private void sendAutoLoginCookie(HttpServletRequest request, HttpServletResponse response, User user) { int logintime = Integer.parseInt(request.getParameter("logintime")); Cookie cookie = new Cookie("autologin",user.getUsername() + "." + WebUtils.md5(user.getPassword())); cookie.setMaxAge(logintime); cookie.setPath("/day18");//设置cookie的有效路径 response.addCookie(cookie); } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request, response); } }
index.jsp <%@ page language="java" import="java.util.*" pageEncoding="utf-8"%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>My JSP 'index.jsp' starting page</title> </head> <body> <form action="${pageContext.request.contextPath }/servlet/LoginServlet" method="post"> 用户名:<input type="text" name="username"><br/> 密码:<input type="password" name="password"><br/> 有效期: <input type="radio" name="logintime" value="3600">1小时 <input type="radio" name="logintime" value="${10*60 }">10分钟 <input type="radio" name="logintime" value="${5*60 }">5分钟 <br/> <input type="submit" value="登陆"> </form> </body> </html>
Filter的部署—注册Filter:
<filter> <filter-name>testFitler</filter-name> <filter-class>org.test.TestFiter</filter-class> <init-param> <param-name>word_file</param-name> <param-value>/WEB-INF/word.txt</param-value> </init-param> </filter>
<filter-name>用于为过滤器指定一个名字,该元素的内容不能为空。
<filter-class>元素用于指定过滤器的完整的限定类名。
<init-param>元素用于为过滤器指定初始化参数,它的子元素<param-name>指定参数的名字,<param-value>指定参数的值。在过滤器中,可以使用FilterConfig接口对象来访问初始化参数。
Filter的部署—映射Filter:
<filter-mapping>元素用于设置一个 Filter 所负责拦截的资源。一个Filter拦截的资源可通过两种方式来指定:Servlet 名称和资源访问的请求路径
<filter-name>子元素用于设置filter的注册名称。该值必须是在<filter>元素中声明过的过滤器的名字
<url-pattern>设置 filter 所拦截的请求路径(过滤器关联的URL样式)
<servlet-name>指定过滤器所拦截的Servlet名称。
<dispatcher>指定过滤器所拦截的资源被 Servlet 容器调用的方式,可以是REQUEST,INCLUDE,FORWARD和ERROR之一,默认REQUEST。用户可以设置多个<dispatcher> 子元素用来指定 Filter 对资源的多种调用方式进行拦截。
<dispatcher> 子元素可以设置的值及其意义:
REQUEST:当用户直接访问页面时,Web容器将会调用过滤器。如果目标资源是通过RequestDispatcher的include()或forward()方法访问时,那么该过滤器就不会被调用。
INCLUDE:如果目标资源是通过RequestDispatcher的include()方法访问时,那么该过滤器将被调用。除此之外,该过滤器不会被调用。
FORWARD:如果目标资源是通过RequestDispatcher的forward()方法访问时,那么该过滤器将被调用,除此之外,该过滤器不会被调用。
ERROR:如果目标资源是通过声明式异常处理机制调用时,那么该过滤器将被调用。除此之外,过滤器不会被调用
<filter-mapping> <filter-name>testFilter</filter-name> <url-pattern>/test.jsp</url-pattern> </filter-mapping> <filter-mapping> <filter-name>testFilter</filter-name> <url-pattern>/index.jsp</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping> <error-page> <exception-type>java.lang.ArithmeticException</exception-type> <location>/2.jsp</location> </error-page>
