Filer

Filter

对与url匹配的所有的请求进行拦截

单个过滤器

示例1：

拦截所有的请求，比如：http://localhost:8080/bb/fds、http://localhost:8080/b、http://localhost:8080/a.jsp……

@WebFilter(urlPatterns = "/*")
public class AuthFilter implements Filter {
    public void destroy() {
        System.out.println("destroy");
    }

    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
        System.out.println("do11");
        chain.doFilter(req, resp);
        System.out.println("do22");
    }

    public void init(FilterConfig config) throws ServletException {
        System.out.println("init");
    }

}

示例2：

拦截以aa开始的所有的请求，比如：http://localhost:8080/aa/fds、http://localhost:8080/aa/b.jsp，但不能拦截http://localhost:8080/bb/aa

@WebFilter(urlPatterns = "/aa/*")
public class AuthFilter implements Filter {
    public void destroy() {
        System.out.println("destroy");
    }

    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
        System.out.println("do11");
        chain.doFilter(req, resp);
        System.out.println("do22");
    }

    public void init(FilterConfig config) throws ServletException {
        System.out.println("init");
    }

}

示例2：

拦截以aa或bb开始的所有的请求，比如：http://localhost:8080/aa/fds、http://localhost:8080/bb/b.jsp

@WebFilter(urlPatterns = {"/aa/*","/bb/*"})
public class AuthFilter implements Filter {
    public void destroy() {
        System.out.println("destroy");
    }

    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
        System.out.println("do11");
        chain.doFilter(req, resp);
        System.out.println("do22");
    }

    public void init(FilterConfig config) throws ServletException {
        System.out.println("init");
    }

}

示例3：基于Filter与Session的用户登录判断

• 项目目录结构
  

• aa.html

  <!DOCTYPE html>
  <html lang="en">
  <head>
      <meta charset="UTF-8">
      <title>机密文件</title>
  </head>
  <body>
      登录之后才能访问的页面
  </body>
  </html>
  

• bb.png
  一张普通的图片

• login.jsp

  <%@ page contentType="text/html;charset=UTF-8" language="java" %>
  <html>
  <head>
      <title>logintitle>
  head>
  <body>
      <form action="/loginServlet" method="post">
          用户名：<input type="text" name="uname"><br>
          密码：<input type="password" name="upwd"><br>
          <input type="submit">
      form>
  body>
  html>
  

• LoginServlet.java

  @WebServlet(urlPatterns = "/loginServlet")
  public class LoginServlet extends HttpServlet {
      protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
          String uname = request.getParameter("uname");
          String upwd = request.getParameter("upwd");
  
          if ("zhangsan".equals(uname) && "1234".equals(upwd)) {//如果登录成功
              HttpSession session = request.getSession(); //获取Session
              session.setMaxInactiveInterval(30*60); //设置session的有效时间为60s
              session.setAttribute("user",uname);//将用户信息放到Session中
  
              Object aim = request.getSession().getAttribute("aim");//Filter拦截的url
              System.out.println("*** "+aim);
  
              request.getRequestDispatcher(aim.toString()).forward(request, response);
          }
      }
  }
  

• AuthFilter.java

  @WebFilter(urlPatterns = "/sec/*")
  public class AuthFilter implements Filter {
      public void destroy() {
      }
  
      public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
          HttpServletRequest request = (HttpServletRequest) req;
          HttpServletResponse response = (HttpServletResponse) resp;
  
          String aim = request.getRequestURI();
          String queryString = request.getQueryString();
          if (queryString != null) {
              aim += "?" + queryString;
          }
          HttpSession session = request.getSession();
  
          session.setAttribute("aim", aim);
  
          Object user = session.getAttribute("user");
          if (user == null) { //如果用户没有登录，跳转到登录页面
              request.getRequestDispatcher("/login.jsp").forward(request, response);
              return; //如果有过滤器链，不再执行后面的过滤器
          }
          chain.doFilter(req, resp);
          System.out.println("haha");
      }
  
      public void init(FilterConfig config) throws ServletException {
  
      }
  
  }
  

• DemoServlet.java

  @WebServlet(urlPatterns = "/sec/demoServlet")
  public class DemoServlet extends HttpServlet {
      @Override
      protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
          doGet(req,resp);
      }
      @Override
      protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
          request.getRequestDispatcher("/WEB-INF/sec/aa.html").forward(request,response);
      }
  }
  

• DemoServlet2.java

  @WebServlet(urlPatterns = "/sec/demoServlet2")
  public class DemoServlet2 extends HttpServlet {
      @Override
      protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
          request.getRequestDispatcher("/WEB-INF/sec/bb.png").forward(request,response);
      }
  
      @Override
      protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
          doGet(req,resp);
      }
  }
  

• 运行

1. 请求http://localhost:8080/sec/demoServlet2，进入用户登录页面
   
2. 输入用户名密码，单击按钮，结果：
   

---

过滤器链

示例1：

• EmojiFilter

  @WebFilter(urlPatterns = "/*")
  public class EmojiFilter implements Filter {
      public void destroy() {
          System.out.println("EmojiFilter destroy");
      }
  
      public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
          System.out.println("EmojiFilter doFilter before");
          chain.doFilter(req, resp);
          System.out.println("EmojiFilter doFilter after");
      }
  
      public void init(FilterConfig config) throws ServletException {
          System.out.println("EmojiFilter init");
      }
  
  }
  

• HtmlFilter

  @WebFilter(urlPatterns = "/*")
  public class HtmlFilter implements Filter {
      public void destroy() {
          System.out.println("HtmlFilter destroy");
      }
  
      public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
          System.out.println("HtmlFilter doFilter before");
          chain.doFilter(req, resp);
          System.out.println("HtmlFilter doFilter after");
      }
  
      public void init(FilterConfig config) throws ServletException {
          System.out.println("HtmlFilter init");
      }
  
  }
  

• SensitiveFilter

  @WebFilter(urlPatterns = "/*")
  public class SensitiveFilter implements Filter {
      public void destroy() {
          System.out.println("SensitiveFilter destroy");
      }
  
      public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
          System.out.println("SensitiveFilter doFilter before");
          chain.doFilter(req, resp);
          System.out.println("SensitiveFilter doFilter after");
      }
  
      public void init(FilterConfig config) throws ServletException {
          System.out.println("SensitiveFilter init");
      }
  
  }
  

• DemoServlet

  @WebServlet(urlPatterns = "/demoServlet")
  public class DemoServlet extends HttpServlet {
      @Override
      protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
          System.out.println("hahaha......");
      }
  }
  

运行：在浏览器中请求http://localhost:8080/demoServlet，控制台输出结果：