Filter过滤器

Filter什么是过滤器

1、Filter过滤器它是JavaWeb的三大组件之一。三大组件分别是:Servlet程序、Listener***、Filter过滤器;

2、Filter过滤器它是JavaEE的规范。也就是接口;

3、Filter过滤器它的作用是:拦截请求,过滤响应。

拦截请求常见的应用场景有:
    1、权限检查
    2、日记操作
    3、事务管理
    ......等等

Filter的初体验

要求:在你的web工程下,有一个admin目录。这个admin目录下的所有资源(html页面、jpg图片、jsp文件、等等)都必须是用户登录之后才允许访问。

思考:根据之前我们学过内容。我们知道,用户登录之后都会把用户登录的信息保存到Session域中。所以要检查用户是否登录,可以判断Session中否包含有用户登录的信息即可!!!

这是a.jsp页面:

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>Title</title>
</head>
<body>
    <%
        Object user = session.getAttribute("user");
        // 如果为null,说明未登录
        if(user == null){
            request.getRequestDispatcher("/login.jsp").forward(request,response);
            return;
        }
    %>
    <h2>这是a.jsp页面</h2>
</body>
</html>

这是login.jsp页面:

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>Title</title>
</head>
<body>
    <h1>这是登陆页面login.jsp</h1>
</body>
</html>


Filter的工作流程图:

Filter的代码:

package com.github.filter;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.io.IOException;

/** * @author subei * @create 2020-11-19 22:46 */
public class AdminFilter implements Filter {


    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    /** * doFilter方法,专门用于拦截请求。可以做权限检查 * @param servletRequest * @param servletResponse * @param filterChain * @throws IOException * @throws ServletException */
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest)servletRequest;
        HttpSession session = httpServletRequest.getSession();
        Object user = session.getAttribute("user");
        //如果等于null,说明还没有登录
        if(user==null){
            servletRequest.getRequestDispatcher("/login.jsp").forward(servletRequest,servletResponse);
            return;
        }else{
            //让程序继续往下访问用户的目标资源
            filterChain.doFilter(servletRequest,servletResponse);
        }
    }

    @Override
    public void destroy() {

    }
}

web.xml中的配置:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd" version="4.0">

    <!--filter标签用于配置一个Filter过滤器-->
    <filter>
        <!--给filter起一个别名-->
        <filter-name>AdminFilter</filter-name>
        <!--配置filter的全类名-->
        <filter-class>com.github.filter.AdminFilter</filter-class>
    </filter>
    <!--filter-mapping配置Filter过滤器的拦截路径-->
    <filter-mapping>
        <!--filter-name表示当前的拦截路径给哪个filter使用-->
        <filter-name>AdminFilter</filter-name>
        <!--url-pattern配置拦截路径 / 表示请求地址为:http://ip:port/工程路径/映射到IDEA的web目录 /admin/* 表示请求地址为:http://ip:port/工程路径/admin/* -->
        <url-pattern>/admin/*</url-pattern>
    </filter-mapping>

</web-app>

Filter过滤器的使用步骤:

1、编写一个类去实现Filter接口;

2、实现过滤方法doFilter();

3、到web.xml中去配置Filter的拦截路径


完整的用户登录

login.jsp页面==登录表单:

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>Title</title>
</head>
<body>
    <h1>这是登陆页面login.jsp</h1>
    <form action="http://localhost:8080/11_filter/loginServlet"method="get">
        用户名:<input type="text"name="username"/><br>
        密码:<input type="password"name="password"/><br>
        <input type="submit"/>
    </form>
</body>
</html>

LoginServlet程序:

package com.github.filter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/** * @author subei * @create 2020-11-1922:57 */
public class LoginServlet extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        resp.setContentType("text/html;charset=UTF-8");
        String username=req.getParameter("username");
        String password=req.getParameter("password");
        if("subei365".equals(username)&&"admin".equals(password)){
            req.getSession().setAttribute("user",username);
            resp.getWriter().write("登录成功!!!");
        }else{
            req.getRequestDispatcher("/login.jsp").forward(req,resp);
        }
    }
}

web.xml页面:

	<servlet>
        <servlet-name>LoginServlet</servlet-name>
        <servlet-class>com.github.filter.LoginServlet</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>LoginServlet</servlet-name>
        <url-pattern>/loginServlet</url-pattern>
    </servlet-mapping>

Filter的生命周期

Filter的生命周期包含几个方法:

  1. 构造器方法
  2. init初始化方法
    1. 第1,2步,在web工程启动的时候执行(Filter已经创建)
  3. doFilter过滤方法
    1. 第3步,每次拦截到请求,就会执行
  4. destroy销毁
    1. 第4步,停止web工程的时候,就会执行(停止web工程,也会销毁Filter过滤器)
package com.github.filter;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.io.IOException;

/** * @author subei * @create 2020-11-1922:46 */
public class AdminFilter implements Filter {

    public AdminFilter(){
        System.out.println("1.Filter构造器方法AdminFilter()");
    }

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        System.out.println("2.Filter的init(FilterConfigfilterConfig)初始化");
    }

    /** * doFilter方法,专门用于拦截请求。可以做权限检查 * @param servletRequest * @param servletResponse * @param filterChain * @throws IOException * @throws ServletException */
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        System.out.println("3.Filter的doFilter()过滤方法");

        HttpServletRequest httpServletRequest = (HttpServletRequest)servletRequest;
        HttpSession session = httpServletRequest.getSession();
        Object user = session.getAttribute("user");
        //如果等于null,说明还没有登录
        if(user==null){
            servletRequest.getRequestDispatcher("/login.jsp").forward(servletRequest,servletResponse);
            return;
        }else{
            //让程序继续往下访问用户的目标资源
            filterChain.doFilter(servletRequest,servletResponse);
        }
    }

    @Override
    public void destroy() {
        System.out.println("4、Filter的destory()销毁方法");
    }
}

FilterConfig类

FilterConfig类见名知义,它是Filter过滤器的配置文件类。

Tomcat每次创建Filter的时候,也会同时创建一个FilterConfig类,这里包含了Filter配置文件的配置信息。

FilterConfig类的作用是获取filter过滤器的配置内容:

1、获取Filter的名称filter-name的内容;

2、获取在Filter中配置的init-param初始化参数;

3、获取ServletContext对象;

java代码:

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        System.out.println("2.Filter的init(FilterConfigfilterConfig)初始化");

// 1.、获取Filter的名称filter-name的内容
        System.out.println("filter-name的值是:"+filterConfig.getFilterName());
// 2、获取在web.xml中配置的init-param初始化参数
        System.out.println("初始化参数username的值是:"+filterConfig.getInitParameter("username"));
        System.out.println("初始化参数url的值是:"+filterConfig.getInitParameter("url"));
// 3、获取ServletContext对象
        System.out.println(filterConfig.getServletContext());
    }

web.xml配置:

    <!--filter标签用于配置一个Filter过滤器-->
    <filter>
        <!--给filter起一个别名-->
        <filter-name>AdminFilter</filter-name>
        <!--配置filter的全类名-->
        <filter-class>com.github.filter.AdminFilter</filter-class>

        <init-param>
            <param-name>user</param-name>
            <param-value>root</param-value>
        </init-param>

        <init-param>
            <param-name>url</param-name>
            <param-value>jdbc:mysql://localhost3306/test</param-value>
        </init-param>
    </filter>

FilterChain过滤器链

Filter1.java

import javax.servlet.*;
import java.io.IOException;

public class Filter1 implements Filter {

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        System.out.println("Filter1 前置代码");
        filterChain.doFilter(servletRequest, servletResponse);
        System.out.println("Filter1 后置代码");
    }

    @Override
    public void destroy() {

    }
}

Filter2.java

import javax.servlet.*;
import java.io.IOException;

public class Filter2 implements Filter {


    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        System.out.println("Filter2 前置代码");
        filterChain.doFilter(servletRequest, servletResponse);
        System.out.println("Filter2 后置代码");
    }

    @Override
    public void destroy() {

    }
}

target.jsp页面:

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>Title</title>
</head>
<body>
    <%
        System.out.println("target.jsp页面执行情况");
    %>
</body>
</html>

web.xml配置

   <filter>
        <filter-name>Filter1</filter-name>
        <filter-class>com.github.filter.Filter1</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>Filter1</filter-name>
        <url-pattern>/target.jsp</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>Filter2</filter-name>
        <filter-class>com.github.filter.Filter2</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>Filter2</filter-name>
        <url-pattern>/target.jsp</url-pattern>
    </filter-mapping>

Filter的拦截路径

  • 精确匹配

<url-pattern>/target.jsp</url-pattern>
以上配置的路径,表示请求地址必须为:http://ip:port/工程路径/target.jsp
  • 目标匹配

<url-pattern>/admin/*</url-pattern>
以上配置的路径,表示请求地址必须为:http://ip:port/工程路径/admin/*
  • 后缀名匹配

<url-pattern>*.html</url-pattern>
以上配置的路径,表示请求地址必须以.html结尾才会拦截到;

<url-pattern>*.do</url-pattern>
以上配置的路径,表示请求地址必须以.do结尾才会拦截到;

<url-pattern>*.action</url-pattern>
以上配置的路径,表示请求地址必须以.action结尾才会拦截到;

Filter过滤器它只关心请求的地址是否匹配,不关心请求的资源是否存在!!!