JAVA过滤器
一.过滤器Filter
1.filter的简介
filter是对客户端访问资源的过滤,符合条件放行,不符合条件不放行,并且可以对目标资源访问前后进行逻辑处理
作用:
- 代码的抽取(可以对request设置编码,这样所有走过的servlet的编码都是统一的,没必要每一个都写)
- 权限管理(在filter内部取出当前登录用户的角色,再看访问的资源,如果匹配则放行,不匹配则不放行)
2.快速入门
步骤:
- 编写一个过滤器的类实现Filter接口
- 实现接口中尚未实现的方法(着重实现doFilter方法)
- 在web.xml中进行配置(主要是配置要对哪些资源进行过滤)
实例代码
//[filter/QuickFilter1.java] package filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; public class QuickFilter1 implements Filter{ @Override public void destroy() { } @Override public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException { System.out.println("quickfilter1... start..."); //放行请求 arg2.doFilter(arg0, arg1); } @Override public void init(FilterConfig arg0) throws ServletException { } } //[web.xml]中添加的内容QuickFilter1 filter.QuickFilter1 QuickFilter1 /*
3.Filter的API详解
filter生命周期及其与生命周期相关的方法
- Filter接口有三个方法,并且这个三个都是与Filter的生命相关的方法
- init(Filterconfig):代表filter对象初始化方法,filter对象创建时执行
- doFilter(ServletRequest,ServletResponse,FilterCha):代表filter执行过滤的核心方法,如果某资源在已经被配置到这个filter进行过滤的话,那么每次访问这个资源都会执行doFilter方法
- destory():代表是filter销毁方法,当filter对象销毁时执行该方法
- Filter对象的生命周期:
- Filter何时创建:服务器启动时就创建该filter对象
- Filter何时销毁:服务器关闭时filter销毁
- 每次访问被filter过滤的资源时,都执行doFilter()
- Filter接口有三个方法,并且这个三个都是与Filter的生命相关的方法
Filter的API详情
- init(FilterConfig arg0)其中参数arg0代表该Filter对象的配置信息的对象,内部封装是该filter的配置信息。
@Override public void init(FilterConfig arg0) throws ServletException { //获得web.xml中QuickFilter1 的名字 System.out.println(arg0.getFilterName()); //获得当前filter的初始化参数aaa bbb - destory()方法在filter对象销毁时执行
- doFilter(ServletRequest arg0,ServletResponse arg1,FilterChain arg2)方法时Filter的核心过滤方法,参数解析如下:
- ServletRequest arg0:内部封装的是客户端http请求的内容
- ServletResponse arg1:代表响应
- ServletRequest/ServletResponse:每次在执行doFilter方法时 web容器负责创建一个request和一个response对象作为doFilter的参数传递进来。该request给该response就是在访问目标资源的service方法时的request和response。
- FilterChain:过滤器链对象,知道所有filter和对应的顺序,通过该对象的doFilter方法可以放行该请求 【注意filter的顺序是根据filter-mapping的先后顺序去执行】
4.Filter的配置
基本配置如下:
<filter> <filter-name>QuickFilter1filter-name> <filter-class>filter.QuickFilter1filter-class> <init-param> <param-name>aaaparam-name> <param-value>bbbparam-value> init-param> filter> <filter-mapping> <filter-name>QuickFilter1filter-name> <url-pattern>/*url-pattern> <dispatcher>REQUESTdispatcher> filter-mapping> <filter> <filter-name>QuickFilter2filter-name> <filter-class>filter.QuickFilter2filter-class> filter> <filter-mapping> <filter-name>QuickFilter2filter-name> <url-pattern>/*url-pattern> <dispatcher>FORWARDdispatcher> filter-mapping>url-pattern配置时
完全匹配 /sertvle1
目录匹配 /aaa/bbb/* (最多的)
/user/*:访问前台的资源进入此过滤器
/admin/*:访问后台的资源时执行此过滤器
扩展名匹配 .abc .jsp
注意:url-pattern可以使用servlet-name替代,也可以混用,表示过滤指定的servlet。
dispatcher:访问的方式(了解)
- REQUEST:默认值,代表直接访问某个资源时执行filter(故此时转发访问一次,重定向访问两次)
- FORWARD:转发时才执行filter
- INCLUDE: 包含资源时执行filter(A资源包含B资源的情形下执行)
- ERROR:发生错误时进行跳转是执行filter(在跳转错误页面的时候执行)
5.总结Filter的作用
- 公共代码的提取
- 可以对request和response中的方法进行增强(装饰者模式/动态代理)
- 进行权限控制
6.用户自动登录Demo
- 登录的基本实现思路
实现流程:
- 编写index.jsp页面,实现用户的登录页
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title heretitle> head> <body> <form action="${pageContext.request.contextPath}/login" method="post" style="height:100px;width:200px;margin:0 auto"> 用户名:<input type="text" name="username"/><br> 密码:<input type="text" name="password"/><br> <input type="checkbox" name="autoLogin" value="autoLogin"/>自动登录<br> <input type="submit" value="提交" style="height:20px;width:50px;margin:0 auto;"/> form> body> html>- 编写LoginServlet.java并设置访问接口为/login
package web; import java.io.IOException; import java.sql.SQLException; import javax.servlet.ServletException; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import domain.User; import service.UserService; public class LoginServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { //获取数据 String username = request.getParameter("username"); String password = request.getParameter("password"); HttpSession session = request.getSession(); User user = null; UserService service = new UserService(); try { //检查用户信息 user = service.login(username,password); } catch (SQLException e) { e.printStackTrace(); } if(user != null) { //登陆成功 //判断用户是否勾选自动登录 String autoLogin = request.getParameter("autoLogin"); if(autoLogin!=null) { Cookie cookie_username = new Cookie("cookie_username",user.getUsername()); Cookie cookie_password = new Cookie("cookie_password",user.getPassword()); //设置cookie的持久化时间 cookie_username.setMaxAge(60*60);//设置一小时可用时间 cookie_password.setMaxAge(60*60);//设置一小时可用时间 //设置cookie的携带路径 cookie_username.setPath(request.getContextPath()); cookie_password.setPath(request.getContextPath()); //发送cookie response.addCookie(cookie_username); response.addCookie(cookie_password); } //将登陆的用户的user对象存到session中 session.setAttribute("user",user); //重定向到首页 response.sendRedirect(request.getContextPath()+"/success.jsp"); }else { //登录失败,转发到登录页面,给出提示信息 request.setAttribute("loginInfo", "用户名和密码错误"); request.getRequestDispatcher("/login.jsp").forward(request, response);; } } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request, response); } }- 编写UserService.java实现service服务
package service; import java.sql.SQLException; import dao.UserDao; import domain.User; public class UserService { public User login(String username, String password) throws SQLException { UserDao dao = new UserDao(); return dao.login(username,password); } }- 编写UserDao.java访问数据库
package dao; import java.sql.SQLException; import org.apache.commons.dbutils.QueryRunner; import org.apache.commons.dbutils.handlers.BeanHandler; import domain.User; import utils.DataSourceUtils; public class UserDao { public User login(String username, String password) throws SQLException { System.out.println(username+" "+password); QueryRunner runner = new QueryRunner(DataSourceUtils.getDataSource()); String sql = "select * from user where username = ? and password = ?"; User user = runner.query(sql, new BeanHandler(User.class),username,password); System.out.println(user); return user; } } - 编写User.java作为实体
package domain; public class User { private int id; private String username; private String password; private String email; public int getId() { return id; } public void setId(int id) { this.id = id; } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } public String getEmail() { return email; } public void setEmail(String email) { this.email = email; } @Override public String toString() { return "User [id=" + id + ", username=" + username + ", password=" + password + ", email=" + email + "]"; } public User(int id, String username, String password, String email) { super(); this.id = id; this.username = username; this.password = password; this.email = email; } public User() { super(); } }- 编写访问成功页面success.jsp用于获取session中的数据,login.jsp页面用于提示错误信息
//success.jsp <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> "Content-Type" content="text/html; charset=UTF-8">Insert title here - "${pageContext.request.contextPath}/">登陆
欢迎您,${user.username}
Insert title here ${loginInfo}
- 编写过滤器AutoLoginFilter.java用于对cookie内容进行校验如果存在用户则将用户存到session中并放行
package filter; import java.io.IOException; import java.sql.SQLException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import domain.User; import service.UserService; public class AutoLoginFilter implements Filter{ @Override public void destroy() {} @Override public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest)arg0; HttpServletResponse response = (HttpServletResponse)arg1; //获得cookie中的用户名和密码进行登录操作 //定义cookie_username String cookie_username = null; //定义cookie_password String cookie_password = null; //获得cookie Cookie[] cookies = request.getCookies(); if(cookies != null) { for(Cookie cookie:cookies) { //获得名字是cookie_username和cookie_password的cookie if(cookie.getName().equals("cookie_username")) { cookie_username = cookie.getValue(); } if(cookie.getName().equals("cookie_password")) { cookie_password = cookie.getValue(); } } } //判断username和password是否是null if(cookie_username!=null&&cookie_password!=null) { HttpSession session = request.getSession(); User user = null; UserService service = new UserService(); try { user = service.login(cookie_username,cookie_password); } catch (SQLException e) { e.printStackTrace(); } //将登陆的用户存到session中 if(user != null) { session.setAttribute("user",user); } } //放行 arg2.doFilter(arg0, arg1); } @Override public void init(FilterConfig arg0) throws ServletException {} }- 配置web.xml中的servlet接口地址和filter过滤内容
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <display-name>WEB24_FILTERdisplay-name> <filter> <filter-name>AutoLoginFilterfilter-name> <filter-class>filter.AutoLoginFilterfilter-class> filter> <filter-mapping> <filter-name>AutoLoginFilterfilter-name> <url-pattern>/*url-pattern> filter-mapping> <welcome-file-list> <welcome-file>index.jspwelcome-file> welcome-file-list> <description>description> <display-name>LoginServletdisplay-name> <servlet-name>LoginServletservlet-name> <servlet-class>web.LoginServletservlet-class> servlet> <servlet-mapping> <servlet-name>LoginServletservlet-name> <url-pattern>/loginurl-pattern> servlet-mapping> web-app>测试功能是否好用的思路
- 未登录时进入success.jsp提示登录
- 登录用户时选中自动登录后进入seccess.jsp
- 将浏览器关闭(目的:清除session)
- 打开浏览器,直接访问success.jsp可以看到欢迎您,用户名的提示
解决全局乱码的问题
问题出现原因
cookie不能存中文
登录时输入中文,后台接受时会出现乱码
get时需要在后台添加先编码再解码
parameter = new String(parameter.getBytes("ios8859-1"),"UTF-8");- post时需要在后台添加
request.setCharacterEncoding("UTF-8");解决问题
解决cookie不能存中文的问题:
- 在存储到cookie前对内容进行编码
String username_code = URLEncoder.encode(username,"UTF-8"); String password_code = URLEncoder.encode(password,"UTF-8");- 在过滤器取之前对cookie的内容进行解码
//恢复中文用户名 cookie_username = URLDecoder.decode(cookie_username,"UTF-8"); //恢复中文密码 cookie_password = URLDecoder.decode(cookie_password,"URF-8");解决登录中输入中文后台接受出现乱码的问题
- 添加编码格式转换的过滤器EncodingFilter.java并在web.xml中配置
- 首先对请求的方式进行判断,如果是POST请求,直接给request设置编码字符集为UTF-8即可;如果是GET请求,则需要将request对象利用装饰者模式进行增强,增强request对象的getParameter方法,将接受的参数用ISO8859-1解码UTF-8编码,将增强的对象传递给之后的过滤器或目标方法。
package filter; import java.io.IOException; import java.io.UnsupportedEncodingException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; public class EncodingFilter implements Filter{ @Override public void destroy() {} @Override public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException { //被增强的对象 HttpServletRequest request = (HttpServletRequest)arg0; if(request.getMethod().equals("POST")) { request.setCharacterEncoding("UTF-8"); arg2.doFilter(request, arg1); }else if(request.getMethod().equals("GET")){ //在传递request之前,对request的getParamter方法进行增强 /* * 利用装饰者模式(包装) * 1.增强类与被增强的类实现同一个接口 * 2.在增强类中传入被增强的类 * 3.需要增强的方法重写,不需要增强的方法调用被增强对象的 */ //增强对象 EnhanceRequest enchangeRequest = new EnhanceRequest(request); arg2.doFilter(enchangeRequest, arg1); } } @Override public void init(FilterConfig arg0) throws ServletException {} } //HttpServletRequestWrapper是专门为了实现装饰者模式的类 class EnhanceRequest extends HttpServletRequestWrapper{ private HttpServletRequest request; public EnhanceRequest(HttpServletRequest request) { super(request); this.request = request; } //对getParamter增强 @Override public String getParameter(String name) { String parameter = request.getParameter(name);//乱码 try { parameter = new String(parameter.getBytes("iso8859-1"),"UTF-8"); } catch (UnsupportedEncodingException e) { // TODO Auto-generated catch block e.printStackTrace(); } return parameter; } }