过滤器
过滤器
什么是过滤器
Filter也称之为过滤器,它是Servlet技术中最激动人心的技术,WEB开发人员通过Filter技术,对web服务器管理的所有web资源:例如Jsp, Servlet, 静态图片文件或静态html文件等进行拦截,从而实现一些特殊的功能。例如实现URL级别的权限访问控制、过滤敏感词汇、压缩响应信息等一些高级功能。
Servlet API中提供了一个Filter接口,开发web应用时,如果编写的Java类实现了这个接口,则把这个java类称之为过滤器Filter。通过Filter技术,开发人员可以实现用户在访问某个目标资源之前,对访问的请求和响应进行拦截。
如何编写过滤器
1、编写java类实现Filter接口
2、重写doFilter方法
3、设置拦截的url
入门案例:
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import java.io.IOException;
/**
* 2018/11/28 9:23
* @version 1.0
*/
@WebFilter("/myservlet1")//过滤路径
public class MyFilter1 implements Filter {
//初始化过滤器
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("过滤器初始化了........init... "+filterConfig);
}
//执行过滤
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
System.out.println("过滤前........doFilter ");
//放行
chain.doFilter(request, response);
System.out.println("过滤后.......doFilter");
}
//销毁
@Override
public void destroy() {
System.out.println("销毁了.....destroy");
}
}
过滤器的配置
注解式配置
在自定义的Filter类上使用注解@WebFilter(“/*”)
xml配置
在web.xml中进行过滤器的配置:
sf
com.qf.web.filter.SecondFilter
sf
/*
过滤器的拦截匹配路径通常有三种形式:
(1)精确拦截地址匹配 ,比如/index.jsp
(2)后缀拦截地址匹配,比如*.jsp、*.html、*.jpg
(3)通配符匹配/*,表示匹配所有、注意过滤器不能使用/匹配。
#####过滤器链
通常客户端对服务器请求之后,服务器调用Servlet之前会执行一组过滤器(多个过滤器),那么这组过滤器就称为一条过滤器链。
每个过滤器实现某个特定的功能,当第一个Filter的doFilter方法被调用时,web服务器会创建一个代表Filter链的FilterChain对象传递给该方法。在doFilter方法中,开发人员如果调用了FilterChain对象的doFilter方法,则web服务器会检查FilterChain对象中是否还有filter,如果有,则调用第2个filter,如果没有,则调用目标资源。
过滤器的优先级
在一个web应用中,可以开发编写多个Filter,这些Filter组合起来称之为一个Filter链。这些过滤器的执行顺序由filter-mapping的顺序决定,前面filter-mapping优先级高于后面的。
注意:
(1)如果为注解的话,是按照类名的字符串顺序进行起作用的
(2)如果web.xml,按照 filter-mapping注册顺序,从上往下
(3)web.xml配置高于注解方式
(4)如果注解和web.xml同时配置,会创建多个过滤器对象,造成过滤多次。
过滤器的初始化参数
在过滤器的创建的时候,可以传递初始化参数
第一种:基于注解的
/**
* Servlet Filter implementation class FirstFilter 创建过滤器
*/
@WebFilter(value="/*",initParams= {@WebInitParam(name = "version", value = "1.0")})
public class FirstFilter implements Filter {
/**
* Default constructor.
*/
public FirstFilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy() 销毁
*/
public void destroy() {
// TODO Auto-generated method stub
System.out.println("destroy销毁……");
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) 过滤
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
// TODO Auto-generated method stub
// place your code here
System.out.println("doFilter……过滤");
// 是否继续---访问下一个
chain.doFilter(request, response);
}
/**
* @see Filter#init(FilterConfig)
* 初始化
*/
public void init(FilterConfig fConfig) throws ServletException {
// TODO Auto-generated method stub
System.out.println("init……初始化");
System.out.println("初始化参数:版本号:"+fConfig.getInitParameter("version"));
}
}
第二种:基于xml配置
/**
* 创建过滤器
*/
public class SecondFilter implements Filter {
/**
* Default constructor.
*/
public SecondFilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy() 销毁
*/
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) 过滤
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
// 是否继续---访问下一个
chain.doFilter(request, response);
}
/**
* @see Filter#init(FilterConfig)
* 初始化
*/
public void init(FilterConfig fConfig) throws ServletException {
// TODO Auto-generated method stub
System.out.println("初始化参数:版本号:"+fConfig.getInitParameter("version"));
}
}
Web.xml实现配置:
Web_Day
myfilter
com.qf.web.filter.SecondFilter
version
1.0
myfilter
/*
index.html
过滤器的优点
可以实现 Web 应用程序中的预处理和后期处理逻辑
过滤器的典型应用
案例1 禁止浏览器缓存动态页面
对于目前现在的浏览器,get请求动态资源缓存问题已经解决。
对于静态资源部分浏览器(IE,FixFox)使用Cache-Control头和Expires头设置缓存时间。chrome浏览器设置不设置都无效而是每次都请求服务器。
对于静态资源服务器会采用304状态码控制是否再次发送数据,从而节省带宽;可以通过Cache-Control=no-store控制304无效。
过滤器的代码:
/**
* Servlet Filter implementation class NoCacheFilter
* 实现禁止浏览器缓存动态页面
*/
@WebFilter("*.jsp")
public class NoCacheFilter implements Filter {
/**
* Default constructor.
*/
public NoCacheFilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
//把ServletRequest强转成HttpServletRequest
HttpServletRequest req = (HttpServletRequest) request;
//把ServletResponse强转成HttpServletResponse
HttpServletResponse resp = (HttpServletResponse) response;
//禁止浏览器缓存所有动态页面
resp.setDateHeader("Expires", -1);
resp.setHeader("Cache-Control", "no-cache"); //no-store
resp.setHeader("Pragma", "no-cache");
//放行
chain.doFilter(req, resp);
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
// TODO Auto-generated method stub
}
}
带缓存过滤器
@WebFilter(filterName = "CacheFilter",value = "*.html")
public class CacheFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
HttpServletRequest request= (HttpServletRequest) req;
HttpServletResponse response= (HttpServletResponse) resp;
response.setDateHeader("Expires",System.currentTimeMillis()+600000);//毫秒 10分钟
response.setHeader("Cache-Control", "max-age=600");//秒
chain.doFilter(req, resp);
}
public void init(FilterConfig config) throws ServletException {
}
}
案例2 自动登录
创建数据库和用户表
DbHelper类:
import java.sql.SQLException;
import javax.sql.DataSource;
import org.apache.commons.dbutils.DbUtils;
import org.apache.commons.dbutils.QueryRunner;
import org.apache.commons.dbutils.handlers.BeanHandler;
import com.mchange.v2.c3p0.ComboPooledDataSource;
//数据库工具类
public class DbHelper {
private static DataSource ds;
private static QueryRunner qr;
static{
ds=new ComboPooledDataSource();
qr=new QueryRunner(ds);
}
//执行非查询语句,返回值受影响的行数
public static int execute(String sql,Object... vs){
try {
return qr.execute(sql, vs);
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return 0;
}
//执行查询语句
public static <T> T querySingle(String sql,Class<T> clz,Object... vs){
try {
return qr.query(sql, new BeanHandler<>(clz),vs);
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return null;
}
}
User类:
public class User {
private int id;
private String username;
private String pass;
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPass() {
return pass;
}
public void setPass(String pass) {
this.pass = pass;
}
}
过滤器代码:
/**
* Servlet Filter implementation class AutoLoginFilter
* 实现自动登录,只是拦截登录页面
*/
@WebFilter(value="/login.html")
public class AutoLoginFilter implements Filter {
/**
* Default constructor.
*/
public AutoLoginFilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
//强制转换为Http的请求和响应
HttpServletRequest req=(HttpServletRequest) request;
HttpServletResponse rep=(HttpServletResponse) response;
//验证是否登录
if(req.getSession().getAttribute("user")==null){
//从Cookie获取上次保存的账号和密码
Cookie[] cks=req.getCookies();
User user=null;
for(Cookie c:cks){
if(c.getName().equals("user")){
String[] us=c.getValue().split("@");
user=new User();
user.setUsername(us[0]);
user.setPass(us[1]);
break;
}
}
//如果存储Cookie,那么就实现自动登录
if(user!=null){//需要自动登录
// 登录校验
User user1 = DbHelper.querySingle("select * from tb_user where username=?", User.class, user.getUsername());
boolean res=true;
if (user1 != null) {
if (user.getPass().equals(user1.getPass())) {
req.getSession().setAttribute("user", user1);
res=false;
rep.sendRedirect(req.getServletContext().getContextPath()+"/success.jsp");
}
}
if(res){//登录失败,之前的记录账号和密码错误
Cookie ck=new Cookie("user","");
ck.setPath("/");
ck.setMaxAge(0);
rep.addCookie(ck);
rep.sendRedirect(req.getServletContext().getContextPath()+"/login.jsp");
}
}
else{//直接登录页面
chain.doFilter(request, response);
}
}
else{//如果已经登录,那么就直接放行
rep.sendRedirect("success.jsp");
}
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
// TODO Auto-generated method stub
}
}
案例3 过滤脏词
public class DirtyFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
chain.doFilter(new DirtyHttpServletRequest((HttpServletRequest)request), response);
}
@Override
public void destroy() {
// TODO Auto-generated method stub
}
static class DirtyHttpServletRequest extends HttpServletRequestWrapper{
private List<String> dirtywords=new ArrayList<String>();
public DirtyHttpServletRequest(HttpServletRequest request) {
super(request);
dirtywords.add("sb");
dirtywords.add("狗蛋");
dirtywords.add("扯淡");
}
@Override
public String getParameter(String name) {
// TODO Auto-generated method stub
String v=super.getParameter(name);
for (String s : dirtywords) {
v=v.replaceAll(s, "***");
}
return v;
}
}
}
案例4 过滤器解决编码
public class CharacterEncodingFilter implements Filter {
//filter配置
private FilterConfig config;
//默认编码
private String defaultcharset="utf-8";
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
this.config=filterConfig;
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
String charset=config.getInitParameter("charset");
if(charset==null){
charset=defaultcharset;
}
//1设置请求和响应的编码
request.setCharacterEncoding(charset);
response.setContentType("text/html;charset="+charset);
//2放行
chain.doFilter(request, response);
System.out.println("xxxxxxxxxxxxxxxx");
}
@Override
public void destroy() {
}
}
案例5 Jsp或Servlet响应内容压缩
文本内容压缩就是将服务器的响应结果给压缩为gzip的格式,以便达到浏览器和服务器传输,设置消息头让浏览器自动解压。
过滤器:
/**
* Servlet Filter implementation class GlobalGzipFilter
* 实现文本内容压缩
*/
@WebFilter("*.jsp")
public class GlobalGzipFilter implements Filter {
/**
* Default constructor.
*/
public GlobalGzipFilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
// 重构响应对象
GzipResponse rsp=new GzipResponse((HttpServletResponse)response, new ByteArrayOutputStream());
// pass the request along the filter chain
chain.doFilter(request, rsp);
//获取响应的内容
ByteArrayOutputStream baos=rsp.getOutStream();
System.out.println("压缩之前:"+baos.size()+"字节");
//开始压缩
//创建内存流对象,存储压缩之后的的内容
ByteArrayOutputStream newbaos=new ByteArrayOutputStream();
GZIPOutputStream gzip=new GZIPOutputStream(newbaos);
gzip.write(baos.toByteArray());
gzip.flush();
gzip.close();
System.out.println("压缩之后:"+newbaos.size()+"字节");
HttpServletResponse resp=(HttpServletResponse)response;
//设置消息头,标记内容为gzip
resp.setHeader("Content-Encoding", "gzip");
resp.getOutputStream().write(newbaos.toByteArray());//写出真正的内容
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
// TODO Auto-generated method stub
}
//自定义的响应对象
private class GzipResponse extends HttpServletResponseWrapper{
private ByteArrayOutputStream baos;//内存输出字节流
private PrintWriter pw;
public GzipResponse(HttpServletResponse response,ByteArrayOutputStream baos) {
super(response);
this.baos=baos;
// TODO Auto-generated constructor stub
}
//获取响应内容的内存流对象,存储着要响应的数据
public ByteArrayOutputStream getOutStream(){
// TODO Auto-generated method stub
if(pw!=null){
pw.flush();
}
return baos;
}
@Override
public PrintWriter getWriter() throws IOException {
//将响应的内容写出到指定的内存流中
pw=new PrintWriter(new OutputStreamWriter(baos,"UTF-8"));
return pw;
}
}
}
案例6 实现图片防盗链
原理:http 协议中,如果从一个网页跳到另一个网页,http 头字段里面会带个 Referer。图片服务器通过检测 Referer 是否来自规定域名,来进行防盗链。
图片防盗链有什么用?
防止其它网站盗用你的图片,浪费你宝贵的流量。
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebFilter(filterName = "StealFilter",urlPatterns = {"*.jpg","*.png"})
public class StealFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
HttpServletRequest request= (HttpServletRequest) req;
HttpServletResponse response= (HttpServletResponse) resp;
String referer = request.getHeader("referer");
String url="http://localhost:8080"+request.getContextPath();
System.out.println(url);
if(referer!=null&&referer.startsWith(url)){
System.out.println("页面正常请求");
chain.doFilter(req, resp);
}else{
System.out.println("盗链");
request.getRequestDispatcher("/error/steal.jpg").forward(request, response);
}
}
public void init(FilterConfig config) throws ServletException {
}
}