Java Web学习(35):Filter学习(二)
来源:互联网 发布:maya软件好学吗 编辑:程序博客网 时间:2024/06/06 04:44
与Filter相关的接口
FilterConfig接口
getInitParamter():获取初始化参数,
getFilterName():获取过滤器名称,
getServletContext():获取application,FilterChain接口
doFilter(ServletRequest,ServletResponse):放行,相当于调用了目标Servlet的service()方法。
过滤器的四种拦截方式
1拦截请求REQUEST(默认)
2拦截转发FOWARD
3拦截包含INCLUDE
4拦截错误ERROR
在<filter-mapping>中进行配置。例如:<dispatcher>FOWARD</dispatcher>
当然也可以在注解中进行配置。
过滤器分类
Servlet2.5
REQUEST——用户直接访问页面时,Web容器将会调用该过滤器
FORWARD——目标资源是通过RequestDispatcher的forward访问时,该过滤器将被调用
INCLUDE——目标资源是通过RequestDispatcher的include方法调用时,该过滤器将被调用
ERROR——目标资源是通过声明式异常处理机制时,过滤器将被调用
Servlet3.0在Servlet2.5基础上加了下面的一项:
ASYNC——支持异步处理
@WebFilter
@WebFilter用于将一个类声明为过滤器,该注解将会在部署时被容器处理,容器将会根据具体的属性配置将相应
的类部署为过滤器。
使用注解和配置web.xml的对比:
@WebFilter的常用属性:
使用注解的例子:
@WebFilter(filterName="LoginFilter",urlPatterns={"/success.jsp"})
@WebFilter(filterName="FilterDemo",urlPatterns={"/*"},dispatcherTypes={DispatcherType.REQUEST})
过滤器在实际项目中的应用场景
1对用户请求进行统一认证
2编码转换
3对用户发送的数据进行过滤替换
4转换图像格式
5对响应的内容进行压缩
简单登录认证和编码转换实例
LoginServlet.java源代码:
package com.servlet;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.annotation.WebServlet;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;/** * Servlet implementation class LoginServlet */@WebServlet(name="LoginServlet",urlPatterns={"/LoginServlet"})public class LoginServlet extends HttpServlet {private static final long serialVersionUID = 1L; /** * @see HttpServlet#HttpServlet() */ public LoginServlet() { super(); }/** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {doPost(request, response);}/** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {request.setCharacterEncoding("UTF-8");//防止中文乱码String username = request.getParameter("username");String password = request.getParameter("password");System.out.println(username);if("李思思".equals(username) && "123456".equals(password)){//校验通过HttpSession session = request.getSession();session.setAttribute("username", username);//请求重定向response.sendRedirect(request.getContextPath()+"/success.jsp");}else{//校验失败response.sendRedirect(request.getContextPath()+"/failure.jsp");}}}
LoginFilter.java源代码:
package com.filter;import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.annotation.WebFilter;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;/** * Servlet Filter implementation class FilterDemo */@WebFilter(filterName="LoginFilter",urlPatterns={"/success.jsp"})public class LoginFilter implements Filter {private FilterConfig config; /** * Default constructor. */ public LoginFilter() { // TODO Auto-generated constructor stub }/** * @see Filter#destroy() */public void destroy() {// TODO Auto-generated method stub}/** * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) */public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {// TODO Auto-generated method stubHttpServletRequest hrequest = (HttpServletRequest)request;HttpServletResponse hresponse = (HttpServletResponse) response;HttpSession session = hrequest.getSession();String noLoginPaths = config.getInitParameter("noLoginPaths");//字符编码String charset = config.getInitParameter("charset");if(charset==null){charset = "UTF-8";}hrequest.setCharacterEncoding(charset);if(noLoginPaths!=null){String[] strArray = noLoginPaths.split(";");for (int i = 0; i < strArray.length; i++) {if(strArray[i]==null || "".equals(strArray[i])){continue;}if(hrequest.getRequestURI().indexOf(strArray[i])!=-1 ){chain.doFilter(request, response);return;}}}if(session.getAttribute("username")!=null){chain.doFilter(request, response);}else{hresponse.sendRedirect(hrequest.getContextPath()+"/login.jsp");}}/** * @see Filter#init(FilterConfig) */public void init(FilterConfig fConfig) throws ServletException {// TODO Auto-generated method stubconfig = fConfig;}}
login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>登录页面</title></head><body> <form action="<%=request.getContextPath() %>/LoginServlet" method="post"> 用户名:<input type="text" name="username"><br/> 密码:<input type="password" name="password"><br/> <input type="submit" value="提交"> </form></body></html>
success.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>成功页面</title></head><body> <h1>登录成功,欢迎您<font color="red">${username}</font></h1></body></html>
failure.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>失败页面</title></head><body> <h1>登录失败,请检查用户名和密码!</h1></body></html>
运行结果:
粗粒度的权限控制
RBAC->基于角色的权限控制说明
我们给出三个页面default.jsp、user.jsp、admin.jsp
default.jsp:谁都可以访问,没有限制
user.jsp:只有登录用户才可以访问
admin.jsp:只有管理员才可以访问
代码实现:
LoginServlet1.java源代码:
package com.servlet;import java.io.IOException;import javax.servlet.ServletConfig;import javax.servlet.ServletException;import javax.servlet.annotation.WebServlet;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;/** * Servlet implementation class LoginServlet1 */@WebServlet(name="LoginServlet1",urlPatterns={"/LoginServlet1"})public class LoginServlet1 extends HttpServlet {private static final long serialVersionUID = 1L; /** * @see HttpServlet#HttpServlet() */ public LoginServlet1() { super(); // TODO Auto-generated constructor stub }/** * @see Servlet#init(ServletConfig) */public void init(ServletConfig config) throws ServletException {// TODO Auto-generated method stub}/** * @see Servlet#destroy() */public void destroy() {// TODO Auto-generated method stub}/** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {// TODO Auto-generated method stubdoPost(request, response);}/** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {// TODO Auto-generated method stubresponse.setContentType("text/html;charset=UTF-8");//1获取用户名String username = request.getParameter("username");//2判断用户名中时候包含admin,如果包含就是管理员,如果不包含,则是普通会员//3要把登录的用户名保存到session中if(username.contains("guanliyuan")){request.getSession().setAttribute("admin", username);}else {request.getSession().setAttribute("username", username);}//4转发到default.jsprequest.getRequestDispatcher("/default.jsp").forward(request, response);}}
UserFilter.java源代码:
package com.filter;import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.annotation.WebFilter;import javax.servlet.http.HttpServletRequest;/** * Servlet Filter implementation class LoginFilter1 */@WebFilter(filterName="UserFilter",urlPatterns={"/user/*"})public class UserFilter implements Filter { /** * Default constructor. */ public UserFilter() { // TODO Auto-generated constructor stub }/** * @see Filter#destroy() */public void destroy() {// TODO Auto-generated method stub}/** * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) */public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {// TODO Auto-generated method stub// place your code here //1得到sessionHttpServletRequest req = (HttpServletRequest)request;String name = (String)req.getSession().getAttribute("admin");//2判断session域中是否存在admin,如果存在,放行//3判断session域中是否存在username。如果存在,放行,否则重定向到login1.jspif(name!=null){chain.doFilter(request, response);return;}name = (String)req.getSession().getAttribute("username");if(name!=null){chain.doFilter(request, response);}else {req.setAttribute("info", "你是游客!");req.getRequestDispatcher("/login1.jsp").forward(request, response);}}/** * @see Filter#init(FilterConfig) */public void init(FilterConfig fConfig) throws ServletException {// TODO Auto-generated method stub}}
AdminFilter.java源代码:
package com.filter;import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.annotation.WebFilter;import javax.servlet.http.HttpServletRequest;/** * Servlet Filter implementation class FilterDemo */@WebFilter(filterName="AdminFilter",urlPatterns={"/admin/*"})public class AdminFilter implements Filter { /** * Default constructor. */ public AdminFilter() { // TODO Auto-generated constructor stub }/** * @see Filter#destroy() */public void destroy() {// TODO Auto-generated method stub}/** * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) */public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {// TODO Auto-generated method stub //1得到sessionHttpServletRequest req = (HttpServletRequest)request;String name = (String)req.getSession().getAttribute("admin");//2判断session域中是否存在admin,如果存在,放行//3判断session域中是否存在username。如果存在,放行,否则打会到login1.jspif(name!=null){chain.doFilter(request, response);}else {req.setAttribute("info", "你是会员!");req.getRequestDispatcher("/login1.jsp").forward(request, response);}}/** * @see Filter#init(FilterConfig) */public void init(FilterConfig fConfig) throws ServletException {// TODO Auto-generated method stub}}
login1.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%><!-- 导入JSTL标签库 --><%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %><!-- 导入JSTL函数库 --><%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>登录界面</title></head><body> <h1>登录</h1> ${info} <form action="<c:url value='/LoginServlet1' />" method="post"> 用户名:<input type="text" name="username" /> <input type="submit" value="登录" /> </form></body></html>
default.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%><!-- 导入JSTL标签库 --><%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %><!-- 导入JSTL函数库 --><%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>游客界面</title></head><body> <h1>欢迎游客!</h1> <a href="<c:url value='/default.jsp' />">游客入口</a> <a href="<c:url value='/user/user.jsp' />">会员入口</a> <a href="<c:url value='/admin/admin.jsp' />">管理员入口</a></body></html>
admin.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%><!-- 导入JSTL标签库 --><%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %><!-- 导入JSTL函数库 --><%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>管理员界面</title></head><body> <h1>欢迎管理员!</h1> <a href="<c:url value='/default.jsp' />">游客入口</a> <a href="<c:url value='/user/user.jsp' />">会员入口</a> <a href="<c:url value='/admin/admin.jsp' />">管理员入口</a></body></html>
user.jap:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%><!-- 导入JSTL标签库 --><%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %><!-- 导入JSTL函数库 --><%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>会员界面</title></head><body> <h1>欢迎会员!</h1> <a href="<c:url value='/default.jsp' />">游客入口</a> <a href="<c:url value='/user/user.jsp' />">会员入口</a> <a href="<c:url value='/admin/admin.jsp' />">管理员入口</a></body></html>
结果:
我们从default.jsp页面开始测试:只能点击游客入口,不能进入会员和管理员入口
点击会员入口,我们输入用户名:这一次我们进不去管理员入口,能进入游客和会员入口
点击管理员入口,我们输入管理员账户:三个入口都可以进去。
- Java Web学习(35):Filter学习(二)
- java web 学习-filter简介
- Java.Web学习笔记 Filter
- Java Web学习(34):Filter学习(一)
- Java Web学习(36):Filter学习(三)
- Java Web学习笔记(五)filter
- Java Web学习笔记——Filter
- 跟龙哥学java web ,关于filter学习
- Java for Web学习笔记(四二):Filter(4)用于压缩
- java web学习总结42:Filter(过滤器)学习
- Java Web学习笔记(二)
- Java Web 编程学习 二
- JAVA WEB学习(二)
- Java Web学习(24): JSTL学习(二)
- Java Web学习(29): Servlet学习(二)
- Java Web学习(38):Listener学习(二)
- java web中Filter防盗链学习笔记
- java web学习总结43:Filter高级开发
- C++:Boost库智能指针_scoped_ptr
- next_permutation函数 自动排序
- MySql安装 版本 mysql-5.7.14-winx64
- C++处理字符串的方法——字符串类与字符串变量
- unity3d KeyCode各键值说明
- Java Web学习(35):Filter学习(二)
- POJ 3672(水题)
- Codeforces Round #304 (Div. 2)D. Soldier and Number Game
- Error:No suitable device found: no device found for connection "System eth0"
- !!!
- threading的应用以及join、setDaemon的分析
- 2013长春现场赛 (hdu4819)Mosaic
- PL/SQL:结构、语句块、变量
- 数据结构里的串是什么东西?(其实串就是指字符串)