Servlet过滤器(非法字符审核案例)

1、过滤器

    (1)什么是过滤器
        servlet规范当中定义的一种特殊的组件，用来拦截容器的调用过程并进行相应的处理。
    (2)如何写一个过滤器
        step1,写一个java类，实现Filter接口。
        step2,在doFilter方法，编写拦截处理逻辑。
        step3,在web.xml文件里面，配置过滤器(让容器针对特定的地址进行拦截处理)。
    (3)过滤器的优先级
        当有多个过滤器都满足过滤的条件，容器会按照<filter-mapping>的先后顺序来调用相应的过滤器。
    (4)初始化参数
        step1,在web.xml文件中添加
            <init-param>
                <param-name>length</param-name>
                <param-value>10</param-value>
            </init-param>
        step2,使用String FilterConfig.getInitParameter("length");
    (5)过滤器的优点
        1)可以实现代码的"可插拔性"(即增加或者减少某个功能模块，不会影响到程序的正常运行)。

        2)可以将多个模块相同的处理逻辑集中写在过滤器里面，方便代码的维护。

2、案例：非法字符审核

comment_form.jsp：

<%@page pageEncoding="utf-8" 
contentType="text/html;charset=utf-8" %>
<html>
	<head></head>
	<body style="font-size:30px;">
		<form action="comment" method="post">
		请输入你的评论:<input name="content"/>
		<input type="submit" value="发表"/>
		</form>
	</body>
</html>

配置web.xml:

<!-- 配置过滤器 -->
  <filter>
  	<filter-name>filter1</filter-name>
  	<filter-class>web.CommentFilter1</filter-class>
  </filter>
  <filter>
  	<filter-name>filter2</filter-name>
  	<filter-class>web.CommentFilter2</filter-class>
  	<!-- 初始化参数 -->
  	<init-param>
  		<param-name>length</param-name>
  		<param-value>5</param-value>
  	</init-param>
  </filter>
  <!--  
  <filter-mapping>
  	<filter-name>filter2</filter-name>
  	<url-pattern>/comment</url-pattern>
  </filter-mapping>
  -->
  <filter-mapping>
  	<filter-name>filter1</filter-name>
  	<url-pattern>/comment</url-pattern>
  </filter-mapping>
  <servlet>
    <servlet-name>CommentServlet</servlet-name>
    <servlet-class>web.CommentServlet</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>CommentServlet</servlet-name>
    <url-pattern>/comment</url-pattern>
  </servlet-mapping>

CommentServlet.java：

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class CommentServlet extends HttpServlet {

	public void service(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		System.out.println("commentServlet's service begin...");
		request.setCharacterEncoding("utf-8");
		response.setContentType("text/html;charset=utf-8");
		PrintWriter out = response.getWriter();
		String content = request.getParameter("content");
		out.println("你的评论内容是:" + content);
		out.close();
		System.out.println("commentServlet's service end.");
	}

}

CommentFilter1.java：

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class CommentFilter1 implements Filter{
	public CommentFilter1(){
		System.out.println("filter1's constructor...");
	}
	/*
	 * 容器在销毁过滤器实例之前，会调用destroy方法，该方法只会执行一次。
	 */
	public void destroy() {
		System.out.println("filter1's destroy...");
	}
	
	/*
	 * 容器会调用doFilter方法来处理请求。
	 * 容器会将request,response作为参数传递给doFilter方法，如果调用了FilterChain对象的doFilter方法，
	 * 容器会调用后续的过滤器或者servlet；否则，返回。
	 */
	public void doFilter(ServletRequest arg0, 
			ServletResponse arg1, FilterChain arg2) 
	throws IOException, ServletException {
		System.out.println("filter1's doFilter begin...");
		HttpServletRequest request = 
			(HttpServletRequest)arg0;
		HttpServletResponse response = 
			(HttpServletResponse)arg1;
		request.setCharacterEncoding("utf-8");
		String content = request.getParameter("content");
		response.setContentType("text/html;charset=utf-8");
		PrintWriter out = response.getWriter();
		if(content.indexOf("dog") != -1){
			out.println("非法评论");
		}else{
			//调用后续的过滤器或者servlet
			arg2.doFilter(arg0, arg1);
		}
		System.out.println("filter1's doFilter end.");
		
	}
	
	/*
	 * 容器在启动之后，会立即创建过滤器实例。接下来，会调用init方法完成初始化。
	 * FilterConfig对象由容器创建，其作用是访问过滤器的初始化参数<init-param>。
	 * init方法只会调用一次。
	 */
	public void init(FilterConfig arg0) throws ServletException {
		System.out.println("filter's init...");
	}

}

CommentFilter2.java：

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class CommentFilter2 implements Filter{
	private FilterConfig config;
	public void destroy() {
		
	}

	public void doFilter(ServletRequest arg0, 
			ServletResponse arg1, FilterChain arg2) throws IOException, ServletException {
		//日志工具(log4j)
		System.out.println("Filter2's doFilter begin...");
		HttpServletRequest request = 
			(HttpServletRequest)arg0;
		HttpServletResponse response = 
			(HttpServletResponse)arg1;
		request.setCharacterEncoding("utf-8");
		String content = request.getParameter("content");
		response.setContentType("text/html;charset=utf-8");
		PrintWriter out = response.getWriter();
		int length = Integer.parseInt(
				config.getInitParameter("length"));
		if(content.length() > length){
			out.println("长度非法");
		}else{
			arg2.doFilter(arg0, arg1);
		}
		System.out.println("Filter2's doFilter end.");
	}

	public void init(FilterConfig arg0) throws ServletException {
		config = arg0;
	}

}