1、簡介
應用場景
- 自動登入;
- 統一設定編碼格式;
- 通路權限控制;
- 敏感字元過濾等。
2、編寫過濾器
- test
public class FilterTest01 implements Filter {
//初始化:web伺服器啟動的時候就會初始化,随時等待過濾對象出現
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("初始化");
}
/*
FilterChain:鍊;
1.過濾中的所有代碼,在過濾特定請求的時候都會執行;
2.必須要讓過濾器繼續通行
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
request.setCharacterEncoding("utf-8");
response.setCharacterEncoding("utf-8");
response.setContentType("text/html;charset=utf-8");
System.out.println("執行FilterTest01前");
filterChain.doFilter(request,response);//讓我們的請求繼續走,如果不寫,程式就會被攔截停止在這裡
System.out.println("執行FilterTest01後");
}
//銷毀:web伺服器關閉的時候,過濾器才會銷毀
public void destroy() {
System.out.println("銷毀");
}
}
<filter>
<filter-name>Demo01</filter-name>
<filter-class>com.beyond.filter.FilterTest01</filter-class>
</filter>
<filter-mapping>
<filter-name>Demo01</filter-name>
<!--隻要是 /servlet的任何請求都會經過這個過濾器-->
<url-pattern>/servlet/*</url-pattern>
</filter-mapping>
2.判斷使用者賬号、權限登入(使用者登陸之後才能進入首頁,使用者登出後就不能進入首頁了)
//登陸驗證
public class LoginTest01 extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
//擷取前端請求的參數
String username = req.getParameter("username");
if(username.equals("admin")){//登陸成功
req.getSession().setAttribute("USER_SESSION",req.getSession().getId());
resp.sendRedirect("sys/success.jsp");
}else {
resp.sendRedirect("error/500.jsp");
}
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
=================================================
//登陸成功後,登出,過濾
public class LoginFilter implements Filter {
public void init(FilterConfig filterConfig) throws ServletException {
}
public void doFilter(ServletRequest sreq, ServletResponse sresp, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) sreq;
HttpServletResponse response = (HttpServletResponse) sresp;
if(request.getSession().getAttribute("USER_SESSION")==null){
response.sendRedirect("error/500.jsp");
}
filterChain.doFilter(request,response);
}
public void destroy() {
}
}
=================================================
//登陸失敗
public class LogoutTest01 extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
Object user_session = req.getSession().getAttribute("USER_SESSION");
if(user_session!=null){
req.getSession().removeAttribute("USER_SESSION");
resp.sendRedirect("login.jsp");
}else {
resp.sendRedirect("login.jsp");
}
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
<h2>登入</h2>
<form action="login" method="post">
<input type="text" name="username">
<input type="submit">
</form>
=================================================
<h1>首頁</h1>
<p><a href="/jsp_01/logout">登出</a></p>
=================================================
<h1>自定義500的錯誤頁面</h1>
<h3>賬号錯誤,沒有權限</h3>
<a href="../login.jsp">傳回登陸頁面</a>
=================================================
<servlet>
<servlet-name>LoginTest01</servlet-name>
<servlet-class>com.beyond.filter.LoginTest01</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginTest01</servlet-name>
<url-pattern>/login</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>LogoutTest01</servlet-name>
<servlet-class>com.beyond.filter.LogoutTest01</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LogoutTest01</servlet-name>
<url-pattern>/logout</url-pattern>
</servlet-mapping>
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.beyond.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/sys/*</url-pattern>
</filter-mapping>