Java Web学习(35)：Filter学习(二)

来源：互联网发布：maya软件好学吗编辑：程序博客网时间：2024/06/06 04:44

与Filter相关的接口

FilterConfig接口

getInitParamter()：获取初始化参数，

getFilterName()：获取过滤器名称，

getServletContext()：获取application，

FilterChain接口

doFilter(ServletRequest,ServletResponse)：放行，相当于调用了目标Servlet的service()方法。

过滤器的四种拦截方式

1拦截请求REQUEST(默认)

2拦截转发FOWARD

3拦截包含INCLUDE

4拦截错误ERROR

在<filter-mapping>中进行配置。例如：<dispatcher>FOWARD</dispatcher>

当然也可以在注解中进行配置。

过滤器分类

Servlet2.5

REQUEST——用户直接访问页面时，Web容器将会调用该过滤器

FORWARD——目标资源是通过RequestDispatcher的forward访问时，该过滤器将被调用

INCLUDE——目标资源是通过RequestDispatcher的include方法调用时，该过滤器将被调用

ERROR——目标资源是通过声明式异常处理机制时，过滤器将被调用

Servlet3.0在Servlet2.5基础上加了下面的一项：

ASYNC——支持异步处理

@WebFilter

@WebFilter用于将一个类声明为过滤器，该注解将会在部署时被容器处理，容器将会根据具体的属性配置将相应

的类部署为过滤器。

使用注解和配置web.xml的对比：

@WebFilter的常用属性：

使用注解的例子：

@WebFilter(filterName="LoginFilter",urlPatterns={"/success.jsp"})

@WebFilter(filterName="FilterDemo",urlPatterns={"/*"},dispatcherTypes={DispatcherType.REQUEST})

过滤器在实际项目中的应用场景

1对用户请求进行统一认证

2编码转换

3对用户发送的数据进行过滤替换

4转换图像格式

5对响应的内容进行压缩

简单登录认证和编码转换实例

LoginServlet.java源代码：

package com.servlet;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.annotation.WebServlet;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;/** * Servlet implementation class LoginServlet */@WebServlet(name="LoginServlet",urlPatterns={"/LoginServlet"})public class LoginServlet extends HttpServlet {private static final long serialVersionUID = 1L;           /**     * @see HttpServlet#HttpServlet()     */    public LoginServlet() {        super();    }/** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {doPost(request, response);}/** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {request.setCharacterEncoding("UTF-8");//防止中文乱码String username = request.getParameter("username");String password = request.getParameter("password");System.out.println(username);if("李思思".equals(username) && "123456".equals(password)){//校验通过HttpSession session = request.getSession();session.setAttribute("username", username);//请求重定向response.sendRedirect(request.getContextPath()+"/success.jsp");}else{//校验失败response.sendRedirect(request.getContextPath()+"/failure.jsp");}}}

LoginFilter.java源代码：

package com.filter;import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.annotation.WebFilter;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;/** * Servlet Filter implementation class FilterDemo */@WebFilter(filterName="LoginFilter",urlPatterns={"/success.jsp"})public class LoginFilter implements Filter {private FilterConfig config;    /**     * Default constructor.      */    public LoginFilter() {        // TODO Auto-generated constructor stub    }/** * @see Filter#destroy() */public void destroy() {// TODO Auto-generated method stub}/** * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) */public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {// TODO Auto-generated method stubHttpServletRequest hrequest = (HttpServletRequest)request;HttpServletResponse hresponse = (HttpServletResponse) response;HttpSession session = hrequest.getSession();String noLoginPaths = config.getInitParameter("noLoginPaths");//字符编码String charset = config.getInitParameter("charset");if(charset==null){charset = "UTF-8";}hrequest.setCharacterEncoding(charset);if(noLoginPaths!=null){String[] strArray = noLoginPaths.split(";");for (int i = 0; i < strArray.length; i++) {if(strArray[i]==null || "".equals(strArray[i])){continue;}if(hrequest.getRequestURI().indexOf(strArray[i])!=-1 ){chain.doFilter(request, response);return;}}}if(session.getAttribute("username")!=null){chain.doFilter(request, response);}else{hresponse.sendRedirect(hrequest.getContextPath()+"/login.jsp");}}/** * @see Filter#init(FilterConfig) */public void init(FilterConfig fConfig) throws ServletException {// TODO Auto-generated method stubconfig = fConfig;}}

<%@ page language="java" contentType="text/html; charset=UTF-8"    pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>登录页面</title></head><body>     <form action="<%=request.getContextPath() %>/LoginServlet" method="post">      用户名：<input type="text" name="username"><br/>      密码：<input type="password" name="password"><br/>                 <input type="submit" value="提交">      </form></body></html>

success.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"    pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>成功页面</title></head><body>         <h1>登录成功，欢迎您<font color="red">${username}</font></h1></body></html>

failure.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"    pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>失败页面</title></head><body>      <h1>登录失败，请检查用户名和密码！</h1></body></html>

运行结果：

粗粒度的权限控制

RBAC->基于角色的权限控制说明

我们给出三个页面default.jsp、user.jsp、admin.jsp

default.jsp：谁都可以访问，没有限制

user.jsp：只有登录用户才可以访问

admin.jsp：只有管理员才可以访问

代码实现：

LoginServlet1.java源代码：

package com.servlet;import java.io.IOException;import javax.servlet.ServletConfig;import javax.servlet.ServletException;import javax.servlet.annotation.WebServlet;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;/** * Servlet implementation class LoginServlet1 */@WebServlet(name="LoginServlet1",urlPatterns={"/LoginServlet1"})public class LoginServlet1 extends HttpServlet {private static final long serialVersionUID = 1L;           /**     * @see HttpServlet#HttpServlet()     */    public LoginServlet1() {        super();        // TODO Auto-generated constructor stub    }/** * @see Servlet#init(ServletConfig) */public void init(ServletConfig config) throws ServletException {// TODO Auto-generated method stub}/** * @see Servlet#destroy() */public void destroy() {// TODO Auto-generated method stub}/** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {// TODO Auto-generated method stubdoPost(request, response);}/** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {// TODO Auto-generated method stubresponse.setContentType("text/html;charset=UTF-8");//1获取用户名String username = request.getParameter("username");//2判断用户名中时候包含admin，如果包含就是管理员，如果不包含，则是普通会员//3要把登录的用户名保存到session中if(username.contains("guanliyuan")){request.getSession().setAttribute("admin", username);}else {request.getSession().setAttribute("username", username);}//4转发到default.jsprequest.getRequestDispatcher("/default.jsp").forward(request, response);}}

UserFilter.java源代码：

package com.filter;import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.annotation.WebFilter;import javax.servlet.http.HttpServletRequest;/** * Servlet Filter implementation class LoginFilter1 */@WebFilter(filterName="UserFilter",urlPatterns={"/user/*"})public class UserFilter implements Filter {    /**     * Default constructor.      */    public UserFilter() {        // TODO Auto-generated constructor stub    }/** * @see Filter#destroy() */public void destroy() {// TODO Auto-generated method stub}/** * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) */public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {// TODO Auto-generated method stub// place your code here        //1得到sessionHttpServletRequest req = (HttpServletRequest)request;String name = (String)req.getSession().getAttribute("admin");//2判断session域中是否存在admin，如果存在，放行//3判断session域中是否存在username。如果存在，放行，否则重定向到login1.jspif(name!=null){chain.doFilter(request, response);return;}name = (String)req.getSession().getAttribute("username");if(name!=null){chain.doFilter(request, response);}else {req.setAttribute("info", "你是游客！");req.getRequestDispatcher("/login1.jsp").forward(request, response);}}/** * @see Filter#init(FilterConfig) */public void init(FilterConfig fConfig) throws ServletException {// TODO Auto-generated method stub}}

AdminFilter.java源代码：

package com.filter;import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.annotation.WebFilter;import javax.servlet.http.HttpServletRequest;/** * Servlet Filter implementation class FilterDemo */@WebFilter(filterName="AdminFilter",urlPatterns={"/admin/*"})public class AdminFilter implements Filter {    /**     * Default constructor.      */    public AdminFilter() {        // TODO Auto-generated constructor stub    }/** * @see Filter#destroy() */public void destroy() {// TODO Auto-generated method stub}/** * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) */public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {// TODO Auto-generated method stub //1得到sessionHttpServletRequest req = (HttpServletRequest)request;String name = (String)req.getSession().getAttribute("admin");//2判断session域中是否存在admin，如果存在，放行//3判断session域中是否存在username。如果存在，放行，否则打会到login1.jspif(name!=null){chain.doFilter(request, response);}else {req.setAttribute("info", "你是会员！");req.getRequestDispatcher("/login1.jsp").forward(request, response);}}/** * @see Filter#init(FilterConfig) */public void init(FilterConfig fConfig) throws ServletException {// TODO Auto-generated method stub}}

login1.jsp：

<%@ page language="java" contentType="text/html; charset=UTF-8"    pageEncoding="UTF-8"%><!-- 导入JSTL标签库 --><%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %><!-- 导入JSTL函数库 --><%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>登录界面</title></head><body>      <h1>登录</h1>      ${info}      <form action="<c:url value='/LoginServlet1' />" method="post">           用户名：<input type="text" name="username" />           <input type="submit" value="登录" />      </form></body></html>

default.jsp：

<%@ page language="java" contentType="text/html; charset=UTF-8"    pageEncoding="UTF-8"%><!-- 导入JSTL标签库 --><%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %><!-- 导入JSTL函数库 --><%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>游客界面</title></head><body>    <h1>欢迎游客！</h1>    <a href="<c:url value='/default.jsp' />">游客入口</a>    <a href="<c:url value='/user/user.jsp' />">会员入口</a>    <a href="<c:url value='/admin/admin.jsp' />">管理员入口</a></body></html>

admin.jsp：

<%@ page language="java" contentType="text/html; charset=UTF-8"    pageEncoding="UTF-8"%><!-- 导入JSTL标签库 --><%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %><!-- 导入JSTL函数库 --><%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>管理员界面</title></head><body>     <h1>欢迎管理员！</h1>     <a href="<c:url value='/default.jsp' />">游客入口</a>     <a href="<c:url value='/user/user.jsp' />">会员入口</a>     <a href="<c:url value='/admin/admin.jsp' />">管理员入口</a></body></html>

user.jap：

<%@ page language="java" contentType="text/html; charset=UTF-8"    pageEncoding="UTF-8"%><!-- 导入JSTL标签库 --><%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %><!-- 导入JSTL函数库 --><%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>会员界面</title></head><body>      <h1>欢迎会员！</h1>      <a href="<c:url value='/default.jsp' />">游客入口</a>      <a href="<c:url value='/user/user.jsp' />">会员入口</a>      <a href="<c:url value='/admin/admin.jsp' />">管理员入口</a></body></html>

结果：

我们从default.jsp页面开始测试：只能点击游客入口，不能进入会员和管理员入口

点击会员入口，我们输入用户名：这一次我们进不去管理员入口，能进入游客和会员入口

点击管理员入口，我们输入管理员账户：三个入口都可以进去。

1 0