学习笔记——http
一、学习重点
二、学习内容
案例一
登录cookie
前端代码
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<h1>欢迎光临 success.html</h1>
</body>
</html>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form action="login.do" method="post">
账号:<input type="text" name="username">
密码:<input type="text" name="password">
<input type="submit" value="登录">
</form>
</body>
</html>
后端代码
package com.jsoft.morning.servlet;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.servlet.annotation.*;
import java.io.IOException;
import java.util.Objects;
@WebServlet(name = "LoginServlet", value = "/login.do")
public class LoginServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
// 如果登录成功,把用户名保存到cookie
if(Objects.equals(username,"admin") && Objects.equals(password,"123456")){
Cookie cookie = new Cookie("username",username);
cookie.setMaxAge(1000*24*60);
response.addCookie(cookie);
}else {
username = null;
// 从cookie中获取用户信息,如果存在,跳转到success.html
Cookie[] cookies = request.getCookies();
if(Objects.nonNull(cookies) && cookies.length > 0) {
for (Cookie cookie : cookies) {
String name = cookie.getName();
if ("username".equals(name)) {
String value = cookie.getValue();
username = value;
}
}
}
}
if(Objects.nonNull(username)) {
response.sendRedirect("success.html");
}else {
response.sendRedirect("login.html");
}
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request,response);
}
}
案例二
登录session
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<h1>Welcome VIP!!!</h1>
</body>
</html>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form action="../main.do" method="post">
CardId:<input type="text" name="cardid">
<input type="submit" value="InTo">
</form>
</body>
</html>
package com.jsoft.afternoon.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Objects;
@WebServlet("/main.do")
public class MainServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String cardid = req.getParameter("cardid");
if(Objects.equals(cardid,"80011234")){
// 如果登录成功,那我就把你的信息放入到session里
req.getSession().setAttribute("cardid",cardid);
resp.sendRedirect(req.getContextPath() + "/afternoon/vip.html");
}else {
resp.sendRedirect(req.getContextPath() + "/afternoon/main.html");
}
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
案例三
test.do收到请求
前端代码
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<a href="../test.do">test.do</a>
</body>
</html>
后端代码
package com.jsoft.afternoon.servlet;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.servlet.annotation.*;
import java.io.IOException;
@WebServlet(name = "HelloServlet", value = "/test.do")
public class HelloServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
System.out.println("后台的test.do收到了请求");
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request,response);
}
}
案例四
练习:
登录:login.html发起请求到login.do
在过程中,两个过滤器,
UsernameFilter,负责判断用户名,如果用户名正确,则把请求放行到下一个过滤器,否则,回到登录页。
PasswordFilter,负责判断密码,如果密码正确,就跳转到success.html,否则,回到登录页。
特别注意:
这里面的servletRequest和servletResponse实际上就是HttpServletRequest和HttpServletResponse的对象
由于在形参处声明的是父类类型,发生了向上转型,
父类 父类对象 = new 子类;
父类对象.方法
ServletResponse和HttpServletResponse
子类对象调父类的方法,随便调。
父类对象想要调子类的方法,不可能,除非再向下转型。
ServletResponse没有sendRedirect
HttpServletResponse有sendRedirect
sendRedirect是子类的独有的方法
需要向下转型,向下转型是有风险的。
记住一个事:
只要地址栏不发生改变,request永远是同一个,请求转发
前端代码
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>login</title>
</head>
<body>
<form action="../login2.do" method="post">
账号:<input type="text" name="username">
密码:<input type="password" name="password">
<input type="submit" value="登录">
</form>
</body>
</html>
后端代码
package com.jsoft.afternoon.filter;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Objects;
@WebFilter("/login2.do")
public class Filter01_UsernameFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("UsernameFilter....");
filterChain.doFilter(servletRequest,servletResponse);
String username = servletRequest.getParameter("username");
if(Objects.equals(username,"admin")){
// 用户名正确,当前过滤器放行
filterChain.doFilter(servletRequest,servletResponse);
return;
}
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpServletRequest request = (HttpServletRequest) servletRequest;
response.sendRedirect(request.getContextPath() + "/afternoon/login.html");
}
}
package com.jsoft.afternoon.filter;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Objects;
@WebFilter("/login2.do")
public class Filter02_PasswordFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("PasswordFilter...");
filterChain.doFilter(servletRequest,servletResponse);
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
String password = request.getParameter("password");
if(Objects.equals(password,"123456")){
response.sendRedirect(request.getContextPath() + "/afternoon/welcome.html");
return;
}
response.sendRedirect(request.getContextPath() + "/afternoon/login.html");
}
}
三、笔记内容
http不能保存各种状态。
一个网站,登录的时候,点击了保存密码,自动登录。
自动登录,保存密码,什么时候会失效。
登录的时候,默认的时限,当你去清除浏览器的
cookie
cookie:保存http状态。
保存在客户端,保存在浏览器上的,登录信息,保存在浏览器上,以键值对的形式。不安全。
JavaEE的四大作用域
JavaEE的九大内置对象
使用cookie的步骤:
1、创建Cookie对象
2、设置最大时效
3、把cookie放入到Http响应头中
package com.jsoft.morning.servlet;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.servlet.annotation.*;
import java.io.IOException;
import java.util.Objects;
// 用当前这个servlet当做我的主页
@WebServlet(name = "IndexServlet", value = "/index.do")
public class IndexServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// 1.获取Cookie
Cookie[] cookies = request.getCookies();
if(Objects.nonNull(cookies) && cookies.length > 0){
System.out.println("发现了cookie...");
// 有cookie的情况
for (Cookie cookie : cookies) {
if(cookie.getName().equals("username")){
response.sendRedirect("success.html");
}
}
} else {
System.out.println("没有发现cookie,创建cookie。。。");
// 创建cookie
String username = request.getParameter("username");
String password = request.getParameter("password");
if(Objects.equals(username,"admin") && Objects.equals(password,"123456")){
Cookie cookie = new Cookie("username",username);
// 设置cookie的最大时效
// cookie.setMaxAge(5000);
// 把cookie放入到响应中
response.addCookie(cookie);
response.sendRedirect("success.html");
}
}
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request,response);
}
}
Session
session:HttpSession 会话
session中的数据什么时候失效。
1.过期了。
2.关闭浏览器。(并不能完全的销毁session,JSESSIONID,根据JSESSIONID找到之前的session的)
3.调用session销毁的方法。
网站上的安全退出,销毁session。
session中的数据失效时间:
1.过期了。
2.关闭浏览器。(并不能完全的销毁session,JSESSIONID,根据JSESSIONID找到之前的session的)
3.调用session销毁的方法。
网站上的安全退出,销毁session。
cookie。
前端代码
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<!--
我们在访问一个web工程时,不一定非得要访问这个工程下的某一个页面url
index.do login.do,
一个项目主页,不一定非得是某个index
-->
<form action="session.do" method="post">
账号:<input type="text" name="username">
<input type="submit" value="提交">
</form>
</body>
</html>
后端代码
package com.jsoft.morning.servlet;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.servlet.annotation.*;
import java.io.IOException;
@WebServlet(name = "SessionServlet", value = "/session.do")
public class SessionServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// 获取session
// 会话
HttpSession session = request.getSession();
String username = request.getParameter("username");
// 把username放入到session中
session.setAttribute("username",username);
// session销毁
session.invalidate();
// 设置session的过期时间
session.setMaxInactiveInterval(3000);
// 根据key的值删除对应的属性
session.removeAttribute("");
response.sendRedirect("success.html");
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request,response);
}
}
判断是否盗链
package com.jsoft.afternoon.filter;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.util.Objects;
@WebFilter("/afternoon/vip.html")
public class LoginFilter implements Filter {
/**
* 怎么判断是登录跳过来的还是盗链过来的?
*/
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpSession session = request.getSession();
Object cardid = session.getAttribute("cardid");
// 如果从session中获取的数据为null,则说明盗链过来的,没有登录过
if(Objects.isNull(cardid)){
response.sendRedirect(request.getContextPath() + "/afternoon/main.html");
return;
}
// 如果从sesson中获取的数据不为null,则说明登录成功了,放行
filterChain.doFilter(servletRequest,servletResponse);
}
}
Filter
过滤器:Filter
Filter是什么?
1、JavaWEB的一个重要组件,可以对发送到servlet的请求进行拦截过滤,也可以对响应进行拦截。
2、Filter是实现了Filter接口的Java类
3、Filter需要在web.xml中进行注册,也可以通过注解来注册。
如何来创建一个Filter:只需要创建一个类,实现Filter接口即可。
XML配置文件(注册filter)
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
version="4.0">
<filter>
<filter-name>helloFilter</filter-name>
<filter-class>com.jsoft.afternoon.filter.HelloFilter</filter-class>
</filter>
<!-- 注册filter -->
<filter>
<filter-name>hello2Filter</filter-name>
<filter-class>com.jsoft.afternoon.filter.Hello2Filter</filter-class>
</filter>
<!-- 配置过滤器过滤拦截什么请求 -->
<filter-mapping>
<filter-name>hello2Filter</filter-name>
<url-pattern>/test.do</url-pattern>
</filter-mapping>
</web-app>
字符编码集的过滤器
package com.jsoft.afternoon.filter;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/*
* 字符编码集的过滤器
* 过滤拦截什么请求?
* */
@WebFilter("/*")
public class EncodingFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
// HttpServletResponse response = (HttpServletResponse) servletResponse;
servletRequest.setCharacterEncoding("utf-8");
servletResponse.setCharacterEncoding("utf-8");
/**
* 给response添加响应头,text/html,后台向前台输出字符串的时候
* 当后台向前台输出的是json格式,不需要设置这个。
*/
// response.addHeader("content-type","text/html;charset=utf-8");
// 放行
filterChain.doFilter(servletRequest,servletResponse);
}
}
Filter初始化
初始化
在创建Filter对象,在servlet容器(tomcat)加载当前web应用(当前工程)被调用
只执行一次。当前Filter的初始化操作,Filter和Servlet都是单例的。
FilterConfig类似于ServletConfig,获取初始化参数。
主要过滤的请求方法(核心方法)
真正Filter要处理的逻辑代码需要写在此方法里,每次拦截都会调用这个方法。
ServletRequest:实际上当请求来的时候,实例化的还是HttpServletRequest
ServletResponse:实际上当请求来的时候,实例化的还是HttpServletResponse
FilterChain:过滤器链,一个项目中是可以有多个过滤器的,会形成一个链,当前过滤器把请求传递给下一个过滤器
Filter的执行顺序:
filter-mapping的上下顺序有关
代码
package com.jsoft.afternoon.filter;
import javax.servlet.*;
import java.io.IOException;
public class HelloFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// System.out.println("Filter's init....");
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("HelloFilter....");
// 放行请求
filterChain.doFilter(servletRequest,servletResponse);
}
/*
* 销毁
* */
@Override
public void destroy() {
// System.out.println("Filter's destroy....");
}
}
package com.jsoft.afternoon.filter;
import javax.servlet.*;
import java.io.IOException;
public class Hello2Filter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("Hello2Filter...");
filterChain.doFilter(servletRequest,servletResponse);
}
}
listener
listener监听器:
专门用于对其他对象身上发生的事件或状态改变进行监听和相应的处理
分类:
1、监听域对象自身的创建和销毁
2、监听域对象中属性的增加和删除
3、监听绑定到session中的某个对象的状态的事件监听
JavaEE(servlet)三大件: servlet filter listener
xml配置文件(listener)
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
version="4.0">
<!-- 配置监听器 -->
<listener>
<listener-class>com.jsoft.afternoon.listener.HelloListener</listener-class>
</listener>
</web-app>
package com.jsoft.afternoon.listener;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import javax.servlet.ServletRequestEvent;
import javax.servlet.ServletRequestListener;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
public class HelloListener implements HttpSessionListener, ServletRequestListener, ServletContextListener {
@Override
public void contextInitialized(ServletContextEvent sce) {
ServletContextListener.super.contextInitialized(sce);
}
@Override
public void contextDestroyed(ServletContextEvent sce) {
ServletContextListener.super.contextDestroyed(sce);
}
@Override
public void requestDestroyed(ServletRequestEvent sre) {
ServletRequestListener.super.requestDestroyed(sre);
}
@Override
public void requestInitialized(ServletRequestEvent sre) {
ServletRequestListener.super.requestInitialized(sre);
}
@Override
public void sessionCreated(HttpSessionEvent se) {
HttpSessionListener.super.sessionCreated(se);
}
@Override
public void sessionDestroyed(HttpSessionEvent se) {
HttpSessionListener.super.sessionDestroyed(se);
}
}
package com.jsoft.afternoon.listener;
import javax.servlet.ServletContextAttributeEvent;
import javax.servlet.ServletContextAttributeListener;
import javax.servlet.ServletRequestAttributeEvent;
import javax.servlet.ServletRequestAttributeListener;
import javax.servlet.http.HttpSessionAttributeListener;
import javax.servlet.http.HttpSessionBindingEvent;
//@WebListener
public class HelloAttributeListener implements ServletContextAttributeListener, ServletRequestAttributeListener, HttpSessionAttributeListener {
@Override
public void attributeAdded(ServletContextAttributeEvent scae) {
ServletContextAttributeListener.super.attributeAdded(scae);
}
@Override
public void attributeRemoved(ServletContextAttributeEvent scae) {
ServletContextAttributeListener.super.attributeRemoved(scae);
}
@Override
public void attributeReplaced(ServletContextAttributeEvent scae) {
ServletContextAttributeListener.super.attributeReplaced(scae);
}
@Override
public void attributeAdded(ServletRequestAttributeEvent srae) {
ServletRequestAttributeListener.super.attributeAdded(srae);
}
@Override
public void attributeRemoved(ServletRequestAttributeEvent srae) {
ServletRequestAttributeListener.super.attributeRemoved(srae);
}
@Override
public void attributeReplaced(ServletRequestAttributeEvent srae) {
ServletRequestAttributeListener.super.attributeReplaced(srae);
}
@Override
public void attributeAdded(HttpSessionBindingEvent se) {
HttpSessionAttributeListener.super.attributeAdded(se);
}
@Override
public void attributeRemoved(HttpSessionBindingEvent se) {
HttpSessionAttributeListener.super.attributeRemoved(se);
}
@Override
public void attributeReplaced(HttpSessionBindingEvent se) {
HttpSessionAttributeListener.super.attributeReplaced(se);
}
}
package com.jsoft.afternoon.listener;
import javax.servlet.http.HttpSessionActivationListener;
import javax.servlet.http.HttpSessionEvent;
public class HelloSessionListener implements HttpSessionActivationListener {
/*
* // 钝化之前被调用
* 钝化:向磁盘中写入session对象
* */
@Override
public void sessionWillPassivate(HttpSessionEvent se) {
HttpSessionActivationListener.super.sessionWillPassivate(se);
}
/*
* 活化:从磁盘中读取session对象
* // 活化之后被调用
* */
@Override
public void sessionDidActivate(HttpSessionEvent se) {
HttpSessionActivationListener.super.sessionDidActivate(se);
}
}
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· 没有Manus邀请码?试试免邀请码的MGX或者开源的OpenManus吧
· 【自荐】一款简洁、开源的在线白板工具 Drawnix
· 园子的第一款AI主题卫衣上架——"HELLO! HOW CAN I ASSIST YOU TODAY