servlet過濾器

一.過濾器作用

• 使用者認證與授權管理，統計web應用通路量(找到就通路，沒的話轉到其他頁面)和通路命中率和形成通路報告。
• 實作web應用的日志處理功能
• 實作資料壓縮和加密功能
• 實作xml和xstl的轉換。

二.預備知識

• init() ：這個方法在容器執行個體化過濾器時被調用，它主要設計用于使過濾器為處理做準備。該方法接受一個 FilterConfig 類型的對象作為輸入。
• doFilter() ：與 servlet 擁有一個 service() 方法（這個方法又調用 doPost() 或者 doGet() ）來處理請求一樣，過濾器擁有單個用于處理請求和響應的方法?D?D doFilter() 。這個方法接受三個輸入參數：一個 ServletRequest 、 response 和一個 FilterChain (可能多個filter，按順序執行)對象。 這裡的ServletRequest和ServletResponse一般需要轉換成具體的Servlet實作對于的對象，如：HttpServletRequest和HttpServletResponse。

doFilter(ServletRequest request, ServletResponse response, FilterChain chain)

• destroy() ：正如您想像的那樣，這個方法執行任何清理操作，這些操作可能需要在自動垃圾收集之前進行。當Servlet容器在銷毀過濾器執行個體前，該方法銷毀過濾器占用的資源。

三.代碼

        1.通路時間限制

//通路時的過濾器（在過濾器中使用servlet初始化參數）      

//下面利用init設定一個正常通路時間範圍，對那些不在此時間段的通路作出記錄      

import java.io.IOException;      

import java.text.DateFormat;      

import java.util.Calendar;      

import java.util.GregorianCalendar;      

import javax.servlet.Filter;      

import javax.servlet.FilterChain;      

import javax.servlet.FilterConfig;      

import javax.servlet.ServletContext;      

import javax.servlet.ServletException;      

import javax.servlet.ServletRequest;      

import javax.servlet.ServletResponse;      

import javax.servlet.http.HttpServletRequest;      

public class SimpleFilter2 implements Filter {      

@SuppressWarnings("unused")      

private FilterConfig config;      

private ServletContext context;      

private int startTime, endTime;      

private DateFormat formatter;      

public void init(FilterConfig config) throws ServletException {      

this.config = config;      

context = config.getServletContext();      

formatter = DateFormat.getDateTimeInstance(DateFormat.MEDIUM,      

DateFormat.MEDIUM);      

try {      

startTime = Integer.parseInt(config.getInitParameter("startTime"));// web.xml      

endTime = Integer.parseInt(config.getInitParameter("endTime"));// web.xml      

} catch (NumberFormatException nfe) { // Malformed or null      

// Default: access at or after 10 p.m. but before 6 a.m. is      

// considered unusual.      

startTime = 22; // 10:00 p.m.      

endTime = 6; // 6:00 a.m.      

}      

}      

public void doFilter(ServletRequest request, ServletResponse response,      

FilterChain chain) {      

try {      

System.out.println("Within SimpleFilter2:Filtering the Request...");      

HttpServletRequest req = (HttpServletRequest) request;      

GregorianCalendar calendar = new GregorianCalendar();      

int currentTime = calendar.get(Calendar.HOUR_OF_DAY);      

if (isUnusualTime(currentTime, startTime, endTime)) {      

context.log("WARNING: " + req.getRemoteHost() + " accessed "      

+ req.getRequestURL() + " on "      

+ formatter.format(calendar.getTime()));      

// The log file is under <CATALINA_HOME>/logs.One log per day.      

}      

chain.doFilter(request, response);      

System.out      

.println("Within SimpleFilter2:Filtering the Response...");      

} catch (IOException ioe) {      

ioe.printStackTrace();      

} catch (ServletException se) {      

se.printStackTrace();      

}      

}      

public void destroy() {}      

// Is the current time between the start and end      

// times that are marked as abnormal access times?      

private boolean isUnusualTime(int currentTime, int startTime, int endTime) {      

// If the start time is less than the end time (i.e.,      

// they are two times on the same day), then the      

// current time is considered unusual if it is      

// between the start and end times.      

if (startTime < endTime) {      

return ((currentTime >= startTime) && (currentTime < endTime));      

}      

// If the start time is greater than or equal to the      

// end time (i.e., the start time is on one day and      

// the end time is on the next day), then the current      

// time is considered unusual if it is NOT between      

// the end and start times.      

else {      

return (!isUnusualTime(currentTime, endTime, startTime));      

}      

}      

}      

          參考資料：​​http://zhangjunhd.blog.51cto.com/113473/20629​​

       2.登陸限制

public class LoginFilter implements Filter {      

@Override      

public void init(FilterConfig filterConfig) throws ServletException {      

System.out.println("init LoginFilter");      

}      

@Override      

public void doFilter(ServletRequest request, ServletResponse response,      

FilterChain chain) throws IOException, ServletException {      

//把ServletRequest和ServletResponse轉換成真正的類型      

HttpServletRequest req = (HttpServletRequest)request;      

HttpSession session = req.getSession();      

//由于web.xml中設定Filter過濾全部請求，可以排除不需要過濾的url      

String requestURI = req.getRequestURI();      

if(requestURI.endsWith("login.jsp")){      

chain.doFilter(request, response);      

return;      

}      

//判斷使用者是否登入，進行頁面的處理      

if(null == session.getAttribute("user")){      

//未登入使用者，重定向到登入頁面      

((HttpServletResponse)response).sendRedirect("login.jsp");      

return;      

} else {      

//已登入使用者，允許通路      

chain.doFilter(request, response);      

}      

}      

@Override      

public void destroy() {      

System.out.println("destroy!!!");      

}      

}      

        3.過濾敏感詞

public void doFilter(ServletRequest request, ServletResponse response,      

FilterChain chain) throws IOException, ServletException {      

//轉換成執行個體的請求和響應對象      

HttpServletRequest req = (HttpServletRequest)request;      

HttpServletResponse resp = (HttpServletResponse)response;      

//擷取評論并屏蔽關鍵字      

String comment = req.getParameter("comment");      

comment = comment.replace("A", "***");      

//重新設定參數      

req.setAttribute("comment", comment);      

//繼續執行      

chain.doFilter(request, response);      

}      

​