JavaWeb 入门篇(6.1) 过滤器 实现字符过滤器 实现模拟权限拦截
Filter(过滤器) 概述
- 过滤器是一个对象,它对对资源(Servlet或静态内容)的请求或对资源的响应或两者都执行过滤任务。
-
过滤器在doFilter方法中执行过滤。 每个过滤器都可以访问一个FilterConfig对象,从中可以获取其初始化参数,还可以访问ServletContext,例如,它可以用于加载过滤任务所需的资源。
在Web应用程序的部署描述符中配置过滤器。
- JavaWeb中的应用场景:
- 权限过滤
- 字符编码设置
- 数据加密过滤器
- 过滤垃圾请求
- 等等 还有不少勒
- 过滤器可以写多个,形成一个过滤器链。每个过滤器的作用都可以不一样。一层一层判断。
流程图:
一、过滤器(Filter)实现字符编码设置为UTF-8
使用过滤器设置字符编码
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import java.io.IOException;
/**
* @author crush
*/
@WebFilter("/*")
public class CharacterEncodingTest implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// filter的生命周期
System.out.println("Filter初始化");
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=utf-8");
System.out.println("过滤前");
chain.doFilter(request,response);
System.out.println("过滤后");
}
@Override
public void destroy() {
System.out.println("Filter销毁");
}
}
测试:
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
/**
* @author Adimi
*/
@WebServlet("/filter")
public class FilterTest extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String username = req.getParameter("username");
PrintWriter writer = resp.getWriter();
writer.print(username);
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
super.doPost(req, resp);
}
}
可以看到过滤器是生效的。
二、Filter 实现权限拦截
登录的表单页面
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>login</title>
</head>
<body>
<c:if test="${cuowu!=null}">
${cuowu}
</c:if>
<form action="${pageContext.request.contextPath}/login" method="post">
用户名:<input name="username" type="text">
密码:<input name="password" type="password">
<input type="submit" value="Login">
</form>
</body>
</html>
User类(用户类)
/**
* @author crush
*/
@Data /** get set 方法 */
@AllArgsConstructor /** 全参构造 */
@NoArgsConstructor /** 无参构造 */
@ToString /** toString方法 */
public class User {
private String username;
private String password;
}
此处使用了Lombok,类上面的几个注解代替了原来的几个方法。看起来比较简洁。
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.io.PrintWriter;
/**
* @author crush
*/
@WebServlet("/login")
public class Login extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doPost(req,resp);
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
// 开启session
HttpSession session = req.getSession();
// 获取登录的参数
String username = req.getParameter("username");
String password=req.getParameter("password");
PrintWriter writer = resp.getWriter();
// 判断用户名和密码是否正确
if(username.equals("user")&&password.equals("123456")){
// 存session
session.setAttribute("user",new User(username,password));
// 设置session的时间
session.setMaxInactiveInterval(200);
writer.print(username+" 恭喜你登录成功!!!");
}
else{
System.out.println("账号或密码错误");
resp.sendRedirect("/login.jsp");
}
}
}
过滤器:
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.io.IOException;
/**
* @author Adimi
* @WebFilter("/user/*")
* /user/* 的意思是过滤/user/下的所有请求
* 例如:/user/1 、/user/main2 .... /user/xxx 等等 都会经过这个过滤器
*/
@WebFilter("/user/*")
public class UserFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("初始化");
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpServletRequest=(HttpServletRequest)request;
HttpSession session = ((HttpServletRequest) request).getSession();
User user =(User) session.getAttribute("user");
if(user!=null){
chain.doFilter(request,response);
}
else{
request.setAttribute("cuowu","检测到您还没有登录,无法访问,请登录后再访问!!!");
request.getRequestDispatcher("/login.jsp").forward(request,response);
}
}
@Override
public void destroy() {
System.out.println("销毁");
}
}
测试的Servlet:
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
/**
* @author crush
*/
@WebServlet("/user/main")
public class Main extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
PrintWriter writer = resp.getWriter();
writer.print("恭喜你做出了登录过滤的小Demo!!!");
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
super.doPost(req, resp);
}
}
自言自语
简单的一次记录。
看完不给我点给赞,你还想逃吗?不存在的。
留下你来过的足迹,一起学习。