1.过滤器简介
Java中的Filter 并不是一个标准的Servlet ,它不能处理用户请求,也不能对客户端生成响应。 主要用于对HttpServletRequest 进行预处理,也可以对HttpServletResponse 进行后处理,是个典型的处理链。
优点:过滤链的好处是,执行过程中任何时候都可以打断,只要不执行chain.doFilter()就不会再执行后面的过滤器和请求的内容。而在实际使用时,就要特别注意过滤链的执行顺序问题
2.登录过滤器Code案例
- 用户登录界面(login.jsp)
<%-- Created by IntelliJ IDEA. User: 网络黑寡妇 Date: 17-5-18 --%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>登录界面</title>
</head>
<body>
<div align="center">
<form method="POST" name="frmLogin" action="LoginServlet">
<h1 align="center">用户登录</h1><br/>
<table border=1>
<tr>
<td>用户名:</td>
<td>
<input type="text" name="username" value="Your name" size="20" maxlength="20" autocomplete="off" onfocus="if (this.value=='Your name') this.value='';"/>
</td>
</tr>
<tr>
<td>密 码:</td>
<td>
<input type="password" name="password" value="Your password" size="20" maxlength="20" autocomplete="off" onfocus="if (this.value=='Your password') this.value='';"/>
</td>
</tr>
<tr align="center">
<td colspan="4" height="40px">
<input type="submit" name="Submit" value="提 交" onClick="return validateLogin()"/>
<input type="reset" name="Reset" value="重 置"/>
</td>
</tr>
</table>
</form>
</div>
<script language="javascript"> function validateLogin() { var sUserName = document.frmLogin.username.value; var sPassword = document.frmLogin.password.value; if ((sUserName == "") || (sUserName == "Your name")) { alert("请输入用户名!"); return false; } if ((sPassword == "") || (sPassword == "Your password")) { alert("请输入密码!"); return false; } } 2.后台(Servlet)处理Code (LoginServlet)
package com.Servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
/** * Created by dhc on 17-5-18. * user: 网络黑寡妇 */
@WebServlet("/LoginServlet")
public class LoginServlet extends HttpServlet{
private static final long serialVersionUID = 1L;
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
HttpSession session = request.getSession();
String adminName = request.getParameter("username");
String adminpsw = request.getParameter("password");
session.setAttribute("username", adminName); //存储在Session中
if ( adminName.equals(admin) && adminpsw.equals(password))) {
//main.jsp文件为要跳转的jsp界面.
request.getRequestDispatcher("main.jsp").forward(request, response);
} else {
request.getRequestDispatcher("login.jsp").forward(request,response);
}
}
3.重点过滤器的编写 (LoginFilter)
package com.Filter;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
/** * Created by dhc on 17-5-18. * Description: 所有请求都走此过滤器来判断用户是否登录 * user: 网络黑寡妇 **/
public class LoginFilter implements Filter{
private String sessionKey;
private String redirectUrl;
private String uncheckedUrls;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
ServletContext servletContext = filterConfig.getServletContext();
//获取XML文件中配置参数
sessionKey = servletContext.getInitParameter("userSessionKey");
//System.out.println("sessionKey======" + sessionKey);//调试用
redirectUrl = servletContext.getInitParameter("redirectPage");
//System.out.println("redirectPage======" + redirectUrl);
uncheckedUrls = servletContext.getInitParameter("uncheckedUrls");
//System.out.println("uncheckedUrls=====" + uncheckedUrls);
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
// 获得在下面代码中要用的request,response,session对象
HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
//1.获取请求URL
String servletPath = httpRequest.getServletPath();
//2.检测1中获取的servletPath是否为不需要检测的URl中的一个.若是,放行
List<String> urls = Arrays.asList(uncheckedUrls.split(","));
if (urls.contains(servletPath)) {
filterChain.doFilter(httpRequest, httpResponse);
return;
}
//3.从session中获取SessionKey对应值,若值不存在,则重定向到redirectUrl
Object user = httpRequest.getSession().getAttribute("username");
if ((user == null)) {
httpResponse.sendRedirect(httpRequest.getContextPath() + redirectUrl);
return;
}
//4.若存在,则放行
filterChain.doFilter(httpRequest, httpResponse);
}
@Override
public void destroy() {
}
}
4.配置 web.XML 文件
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1">
<!--检测用户是否登录的过滤器配置-->
<!--用户信息存放到session中的键的名字-->
<context-param>
<param-name>userSessionKey</param-name>
<param-value>username</param-value>
</context-param>
<!--若未登录,需要重定向的页面-->
<context-param>
<param-name>redirectPage</param-name>
<param-value>/login.jsp</param-value>
</context-param>
<!--不需要拦截的URL列表;注意配置时不要拦截后台对用户和密码判断的页面,否则可能登录登录不进主界面-->
<context-param>
<param-name>uncheckedUrls</param-name>
<param-value>/index.jsp,/LoginServlet</param-value>
</context-param>
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.Filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<!--过滤站点下所有文件,也可设置成过滤某一类文件如: "*.jsp" 或是过滤掉某一个文件夹下的所有文件,如: "/目录名/*" -->
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
京公网安备 11010502036488号