过滤器核心代码

一、全局过滤器

public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException,ServletException {HttpServletRequest request = (HttpServletRequest) req;String url = request.getRequestURI();Pattern p = Pattern.compile(".(jsp|jspx|php|asp|aspx)");//将给定的正则表达式编译并赋予给Pattern类 Matcher m = p.matcher(url);boolean rs = m.find();//能不能在目标字符串里找到一个匹配子串。 if (url.equals("/imageUp.jsp") || url.equals("/upfile.jsp") || url.equals("/plugins/ueditor/jsp/controller.jsp") || url.equals("/controller.jsp")) {logger.debug("ueditor file upload file!");chain.doFilter(req, res);//放行} else if (rs) {//一般情况下，找到了就转发请求，除非是以上几个文件logger.debug(".(jsp|jspx|php|asp|aspx) forbidden allow!");request.getRequestDispatcher("/404.html").forward(req, res);} else {chain.doFilter(req, res);//放行}}

二、session过滤器，过滤掉登录时需验证的请求

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,ServletException {HttpServletRequest httpServletRequest = (HttpServletRequest) request;HttpServletResponse httpServletResponse = (HttpServletResponse) response;// String requesturi = httpServletRequest.getRequestURI();// 通过检查session中的变量，过虑请求HttpSession session = httpServletRequest.getSession();Operator sessionUser = (Operator) session.getAttribute(Constant.SESSION_OPERATOR);// 当前会话用户为空而且不是请求登录，退出登录，欢迎页面和根目录则退回到应用的根目录String servletPath = httpServletRequest.getServletPath();String queryString = httpServletRequest.getQueryString();List<String> pathList = notNeedSessionCheck();if (!pathList.contains(servletPath)) {if (sessionUser == null) {String redirectURL = servletPath;if (StringUtil.isNotBlank(queryString)) {redirectURL = httpServletRequest.getContextPath() + servletPath + "?"+ StringUtil.isNull(queryString);}redirectURL = java.net.URLEncoder.encode(redirectURL, "UTF-8");httpServletResponse.sendRedirect(Global.getString("adminurl") + "/home.html?timeout=1&redirectURL="+ httpServletRequest.getContextPath() + redirectURL);return;}}chain.doFilter(request, response);}

private List<String> notNeedSessionCheck() {String[] paths = new String[] { "/modules/login.html", "/modules/login.action","/modules/validimg.html" };return Arrays.asList(paths);}

三、FilterConfig的用法 {FilterConfig可以获取web.xml中分配的过滤器初始化参数。}

public class EncodingFilter implements Filter {     private FilterConfig filterConfig = null;    private String encoding = null;       //实现销毁方法    public void destroy() {            encoding = null;        }       //进行具体的过滤    public void doFilter(ServletRequest request, ServletResponse response,                FilterChain chain) throws IOException, ServletException {        // 获取ServletContext 对象，用于记录日志          ServletContext context = this.filterConfig.getServletContext();          context.log("开始设置编码格式");         String encoding = getEncoding();            if (encoding == null){                encoding = "gb2312";            }         // 在请求里设置上指定的编码         request.setCharacterEncoding(encoding);         chain.doFilter(request, response);           context.log("成功设置了编码格式");     }       //初始化配置    public void init(FilterConfig filterConfig) throws ServletException {        this.filterConfig = filterConfig;        this.encoding = filterConfig.getInitParameter("encoding");        }          private String getEncoding() {           return this.encoding;        }   } 

<!-- 缓存超时时间, 单位为秒 -->
<init-param>
<param-name>cacheTimeout</param-name>
<param-value>600</param-value>
</init-param>


用法：
filterConfig.getInitParameter("locale-sensitive"); 得到的就是 ture
filterConfig.getInitParameter("cacheTimeout"); 得到的就是 600
filterConfig.getInitParameter(request.getRequestURI()); 得到的就是param-name 对应的 param-value 值

【总结】

在web.xml中哪个先配置，哪个就先调用。在filter中也可以配置一些初始化参数。
Java中的Filter 并不是一个标准的Servlet ，它不能处理用户请求，也不能对客户端生成响应。 
主要用于对HttpServletRequest 进行预处理，也可以对HttpServletResponse 进行后处理，是个典型的处理链。