Servlet的过滤器
过滤器:
- 使用传统的方式需要在每个页面进行验证
- 造成代码的冗余功能重复麻烦
- 过滤器【统计进行验证、鉴权、日志、事务】拦截请求、过滤响应
配置一个Servlet
package com.sparrow.servlet;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* @Author: 诉衷情の麻雀
* @Description: TODO
* @DateTime: 2023/7/18 21:02
**/
public class LoginCheckServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
//获取用户名和密码
String username = req.getParameter("username");
String password = req.getParameter("password");
if("123456".equals(password)){
req.getSession().setAttribute("username",username);
req.getRequestDispatcher("/manage/admin.jsp").forward(req, resp);
}else {
req.getRequestDispatcher("/login.jsp").forward(req, resp);
}
System.out.println("LoginCheckServlet被调用了..");
}
}
配置过滤器
public class ManageFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
//当fTomcat创建filter后就会调用该方法,进行初始化
System.out.println("ManageFilter init被调用...");
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
//每次调用该filter doFilter方法就会被调用
System.out.println("ManageFilter doFilter被调用...");
//在调用过滤器前,request对象已经被创建并封装
//所以我们这里可以通过ServletRequest获取很多信息,比如访问url,session
//比如访问的参数...就可以做事务管理 数据获取 日志管理等
HttpSession session = ((HttpServletRequest) servletRequest).getSession();
if (session.getAttribute("username") != null) {
filterChain.doFilter(servletRequest, servletResponse);
}else { //说明没有登录过..回到登录页面
servletRequest.getRequestDispatcher("/login.jsp").forward(servletRequest, servletResponse);
}
filterChain.doFilter(servletRequest,servletResponse);
}
@Override
public void destroy() {
System.out.println("ManageFilter被销毁了");
}
}
在web目录下创建login.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>管理后台登录title>
head>
<body>
<h1>管理后台登录h1>
<form action="<%=request.getContextPath()%>/loginCheckServlet" method="post">
用户名: <input type="text" name="username"/><br/><br/>
密 码: <input type="password" name="password"><br/><br/>
<input type="submit" value="用户登录"/>
form>
body>
html>
在web目录下创建manage目录,在目录下创建admin.jsp再放一张图片
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>后台管理title>
<base href="<%=request.getContextPath()%>/manage/"/>
head>
<body>
<h1>后台管理h1>
<a href="#">用户列表a>||<a href="#">添加用户a>||<a href="#">删除用户a>
<hr/>
<img src="3.png " height="300"/>
body>
html>
web.xml
<filter>
<filter-name>ManageFilterfilter-name>
<filter-class>com.sparrow.filter.ManageFilterfilter-class>
filter>
<filter-mapping>
<filter-name>ManageFilterfilter-name>
<url-pattern>/manage/*url-pattern>
filter-mapping>
<servlet>
<servlet-name>LoginCheckServletservlet-name>
<servlet-class>com.sparrow.servlet.LoginCheckServletservlet-class>
servlet>
<servlet-mapping>
<servlet-name>LoginCheckServletservlet-name>
<url-pattern>/loginCheckServleturl-pattern>
servlet-mapping>
Filter过滤器url-pattern
url-pattern:Filter的拦截路径,即浏览器在请求什么位置的资源时,过滤器会进行拦截过滤- 精准匹配
/a.jsp - 目录匹配
/manage/* - 后缀名匹配
*.jsp - Filter过滤器只关心请求的地址是否匹配,不关心请求的资源是否存在
Filter的生命周期
- Filter在web启动时,由tomcat来创建filter实例,只会创建一个
- 会调用filter默认的无参构造器,同时会调用init方法,只会调用一次
- 在创建filter实例时,同时会创建一个FilterConfig对象,并通过init方法传入
- 通过filterConfig对象,可以获取该filter的相关配置信息
- 当一个HTTP请求和该filter的url-pattern匹配时,就会调用doFilter方法
- 在调用doFilter方法,tomcat会同时创建
ServletRequest、ServletResponse、FilterChain对象,并通过doFilter传入 - 如果后面的请求目标资源(jsp,serlvet…)会使用到request和response,那么会继续传递
FilterConfig
public class SparrowFilterConfig implements Filter {
private String ip; //从配置文件中获取ip
@Override
public void init(FilterConfig filterConfig) throws ServletException {
//通过filterConfig获取相关的参数
String filterName = filterConfig.getFilterName();
ip = filterConfig.getInitParameter("ip");
ServletContext servletContext = filterConfig.getServletContext();
Enumeration<String> parameterNames = filterConfig.getInitParameterNames();
while (parameterNames.hasMoreElements()) {
System.out.println("名字=" + parameterNames.nextElement());
}
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
//通过forbidden ip来控制
//先获取到访问ip
String remoteAddr = servletRequest.getRemoteAddr();
if (remoteAddr.contains(ip)) {
System.out.println("封杀该IP");
servletRequest.getRequestDispatcher("/login.jsp").forward(servletRequest, servletResponse);
}
}
@Override
public void destroy() {
Filter.super.destroy();
}
}
FilterChain过滤器链
- 多个Filter和目标资源在一次HTTP请求,在同一个线程中
- 当一个请求url和filter的url-pattern匹配时,才会被执行,如果有多个匹配上,就会顺序执行,形成一个filter调用链(底层可以使用一个数据结构搞定)
- 多个filter共同执行时,因为是一次HTTP请求,使用同一个request对象
- 多个filter执行顺序和web.xml配置顺序保持一致
- chain.doFilter(req,resp)方法 将执行下一个过滤器的doFilter方法,如果后面没有过滤器,则执行目标资源
- 注意执行过滤器链时,顺序是HTTP请求->A过滤器doFilter()->A过滤器前置代码->A过滤器chain.doFilter()->B过滤器doFilter()->B过滤器前置代码->B过滤器chain.doFilter()->目标文件->B过滤器后置代码->A过滤器后置代码->返回给浏览器页面/数据
public class AFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("AFilter~~~" + Thread.currentThread().getId());
System.out.println("AFilter doFilter的前置代码");
System.out.println("执行AFilter ");
filterChain.doFilter(servletRequest, servletResponse);
System.out.println("AFilter doFilter的后置代码");
}
}
public class BFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("BFilter~~~" + Thread.currentThread().getId());
System.out.println("BFilter doFilter的前置代码");
System.out.println("执行BFilter ");
filterChain.doFilter(servletRequest, servletResponse);
System.out.println("BFilter doFilter的后置代码");
}
}
<filter>
<filter-name>AFilterfilter-name>
<filter-class>com.sparrow.filter.AFilterfilter-class>
filter>
<filter-mapping>
<filter-name>AFilterfilter-name>
<url-pattern>/admin/*url-pattern>
filter-mapping>
<filter>
<filter-name>BFilterfilter-name>
<filter-class>com.sparrow.filter.BFilterfilter-class>
filter>
<filter-mapping>
<filter-name>BFilterfilter-name>
<url-pattern>/admin/*url-pattern>
filter-mapping>