Servlet过滤器

1.脏话过滤器

<span style="font-size:24px;">//过滤脏话public class DirtyFilter implements Filter {public void destroy() {}public void doFilter(ServletRequest req, ServletResponse resp,FilterChain chain) throws IOException, ServletException {HttpServletRequest request = (HttpServletRequest) req;HttpServletResponse response = (HttpServletResponse) resp;DirtyRequest dirtyrequest = new DirtyRequest(request);chain.doFilter(dirtyrequest, response);}public void init(FilterConfig arg0) throws ServletException {}}class DirtyRequest extends HttpServletRequestWrapper {private HttpServletRequest request;public DirtyRequest(HttpServletRequest request) {super(request);this.request = request;}private List<String> dirtyWords = Arrays.asList("傻逼", "操蛋", "畜生");public String getParameter(String name) {String value = this.request.getParameter(name);if (value == null) {return null;}for (String dirtyWord : dirtyWords) {if (value.contains(dirtyWord)) {value = value.replace(dirtyWord, "****");}}return value;}}</span>

2.编码过滤器

<span style="font-size:24px;">//为解决全站的乱码问题public class CharacterEncodingFilter implements Filter {public void destroy() {}public void doFilter(ServletRequest req, ServletResponse resp,FilterChain chain) throws IOException, ServletException {HttpServletRequest request = (HttpServletRequest) req;HttpServletResponse response = (HttpServletResponse) resp;request.setCharacterEncoding("UTF-8");response.setCharacterEncoding("UTF-8");response.setContentType("text/html;charset=UTF-8");MyCharacterEncodingRequest requestWrapper = new MyCharacterEncodingRequest(request);chain.doFilter(requestWrapper, response);}public void init(FilterConfig filterConfig) throws ServletException {}}/* *   1.实现与被增强对象相同的接口  *   2、定义一个变量记住被增强对象 *   3、定义一个构造器，接收被增强对象  *   4、覆盖需要增强的方法 *   5、对于不想增强的方法，直接调用被增强对象（目标对象）的方法 */// 专门处理get请求参数class MyCharacterEncodingRequest extends HttpServletRequestWrapper {private HttpServletRequest request;public MyCharacterEncodingRequest(HttpServletRequest request) {super(request);this.request = request;}public String getParameter(String name) {try {String value = this.request.getParameter(name);if (value == null) {return null;}if (!this.request.getMethod().equalsIgnoreCase("get")) {return value;}value = new String(value.getBytes("ISO8859-1"),this.request.getCharacterEncoding());return value;} catch (Exception e) {throw new RuntimeException(e);}}}</span>

3.实现用户自动登陆的过滤器

•在用户登陆成功后，发送一个名称为user的cookie给客户端，cookie的值为用户名和md5加密后的密码。

•编写一个AutoLoginFilter，这个filter检查用户是否带有名称为user的cookie来，如果有，则调用dao查询cookie的用户名和密码是否和数据库匹配，匹配则向session中存入user对象（即用户登陆标记），以实现程序完成自动登陆。

public class AutoLoginFilter implements Filter {public void destroy() {}public void doFilter(ServletRequest req, ServletResponse resp,FilterChain chain) throws IOException, ServletException {HttpServletRequest request = (HttpServletRequest) req;HttpServletResponse response = (HttpServletResponse) resp;//如果用户已经登录，直接放行if (request.getSession().getAttribute("user") != null) {chain.doFilter(request, response);return;}//如果用户没有登陆则：// 1.得到用户带过来的autologin的cookieString value = null;Cookie cookies[] = request.getCookies();for (int i = 0; cookies != null && i < cookies.length; i++) {if (cookies[i].getName().equals("autologin")) {value = cookies[i].getValue();}}// 2.得到cookie中的用户名和密码if (value != null) {String username = value.split("\\.")[0];String password = value.split("\\.")[1];System.out.println(username + "::" + password);// 3.调用dao获取用户对应的密码UserDao dao = new UserDao();User user = dao.find(username);String dbpassword = user.getPassword();// 4.检查用户带来的md5的密码和数据库中的密码是否匹配，如果匹配则自动登陆if (password.equals(WebUtils.md5(dbpassword))) {request.getSession().setAttribute("user", user);}}chain.doFilter(request, response);}public void init(FilterConfig filterConfig) throws ServletException {}}

LoginServlet

public class LoginServlet extends HttpServlet {public void doGet(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {String username = request.getParameter("username");String password = request.getParameter("password");UserDao dao = new UserDao();User user = dao.find(username, password);if (user == null) {request.setAttribute("message", "用户名或者密码不对！！");request.getRequestDispatcher("/message.jsp").forward(request,response);return;}request.getSession().setAttribute("user", user);request.setAttribute("message", "恭喜,登录成功");// 发送自动登陆的cookiesendAutoLoginCookie(request, response, user);request.getRequestDispatcher("/message.jsp").forward(request, response);}private void sendAutoLoginCookie(HttpServletRequest request,HttpServletResponse response, User user) {int logintime = Integer.parseInt(request.getParameter("logintime"));Cookie cookie = new Cookie("autologin", user.getUsername() + "."+ WebUtils.md5(user.getPassword()));cookie.setMaxAge(logintime);cookie.setPath("/day18");response.addCookie(cookie);}public void doPost(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {doGet(request, response);}}

loginJSP

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><title>My JSP</title></head><body><form action="${pageContext.request.contextPath }/servlet/LoginServlet"method="post">用户名：<input type="text" name="username"><br /> 密码：<inputtype="password" name="password"><br /> 有效期： <inputtype="radio" name="logintime" value="3600">1小时 <inputtype="radio" name="logintime" value="${10*60 }">10分钟 <inputtype="radio" name="logintime" value="${5*60 }">5分钟 <br /> <inputtype="submit" value="登陆"></form></body></html>

3.WebUtils

<span style="font-size:24px;">import java.security.MessageDigest;import java.security.NoSuchAlgorithmException;import sun.misc.BASE64Encoder;public class WebUtils {public static String md5(String message) {try {MessageDigest md = MessageDigest.getInstance("md5");byte result[] = md.digest(message.getBytes());BASE64Encoder encoder = new BASE64Encoder();return encoder.encode(result);} catch (NoSuchAlgorithmException e) {throw new RuntimeException(e);}}}</span>