Filter就像一个一个哨卡,用户的请求需要经过Filter,并且可以有多个过滤器 . 开发一个简单的FirstFilter,用来打印用户访问ip地址和访问的页面
HttpServletRequest request = (HttpServletRequest) req;doFilter()方法中的req参数的类型是ServletRequest,需要转换为HttpServletRequest类型方便调用某些方法 (request常见方法)
String ip = request.getRemoteAddr();获取来路用户的ip地址
String url = request.getRequestURL().toString();获取用户访问的页面地址
System.out.printf("%s %s 访问了 %s%n", date, ip, url);在控制台打印出来
chain.doFilter(request, response);过滤器放行,表示继续运行下一个过滤器,或者最终访问的某个servlet,jsp,html等等
package filter; import java.io.IOException; import java.text.SimpleDateFormat; import java.util.Date; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class FirstFilter implements Filter { @Override public void destroy() { } @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; String ip = request.getRemoteAddr(); String url = request.getRequestURL().toString(); SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); Date d = new Date(); String date = sdf.format(d); System.out.printf("%s %s 访问了 %s%n", date, ip, url); chain.doFilter(request, response); } @Override public void init(FilterConfig arg0) throws ServletException { //System.out.println("First Filter init()"); } }配置web.xml(设置过滤) 在web.xml中进行filter的配置,和servlet的配置很类似
<url-pattern>/*</url-pattern>表示所有的访问都会过滤 如果配置成
<url-pattern>*.jsp</url-pattern>就表示只过滤jsp
<filter> <filter-name>FirstFilter</filter-name> <filter-class>filter.FirstFilter</filter-class> </filter> <filter-mapping> <filter-name>FirstFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>重启tomcat,所有用户的访问信息,都可以打印出来 init() 方法 与Servlet需要配置自启动才会随着tomcat的启动而执行init()方法不一样。 Filter一定会随着tomcat的启动自启动
public void init(FilterConfig arg0) throws ServletException { System.out.println("First Filter init()"); }Filter启动失败,如果Filter启动失败,或者本身有编译错误,不仅这个Filter不能使用,整个web应用会启动失败,导致用户无法访问页面 如果启动失败,在启动tomcat过程中,也会看到这样的字样:
严重: Context [] startup failed due to previous errors在通过Servlet获取中文参数 的章节中知道,可以通过
request.setCharacterEncoding("UTF-8");正确获取UTF-8编码的中文,但是如果有很多servlet都需要获取中文,那么就必须在每个Servlet中增加这段代码。 有一个简便的办法,那就是通过Filter过滤器进行中文处理 ,那么所有的Servlet都不需要单独处理了。 创建一个 EncodingFilter ,设置如下代码
HttpServletRequest request = (HttpServletRequest) req; request.setCharacterEncoding("UTF-8");doFilter方法的第一个参数req,是ServletRequest 类型的,不支持setCharacterEncoding,所以要先强制转换为HttpServletRequest
package filter; import java.io.IOException; import java.text.SimpleDateFormat; import java.util.Date; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class EncodingFilter implements Filter { @Override public void destroy() { } @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; request.setCharacterEncoding("UTF-8"); chain.doFilter(request, response); } @Override public void init(FilterConfig arg0) throws ServletException { } }然后配置web.xml,配置EncodingFilter<url-pattern>/*</url-pattern>,对所有访问都使用改Filter
<filter> <filter-name>EncodingFilter</filter-name> <filter-class>filter.EncodingFilter</filter-class> </filter> <filter-mapping> <filter-name>EncodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>在用户是否登陆的验证中,我们可以通过在HeroListServlet中增加对session的判断代码来做到登陆验证。 但是按照这样的做法,所有的Servlet都要加上一样的代码,就会显得比较累赘。 与通过Filter处理中文问题一样,也可以通过Filter一次性解决所有的登陆验证问题
创建一个AuthFilter 类
String uri = request.getRequestURI(); if (uri.endsWith("login.html") || uri.endsWith("login")) { chain.doFilter(request, response); return; }首先判断是否是访问的login.html和loginHero,因为这两个页面就是在还没有登陆之前就需要访问的
String userName = (String) request.getSession().getAttribute("userName"); if (null == userName) { response.sendRedirect("login.html"); return; }从Session中获取userName,如果没有,就表示不曾登陆过,跳转到登陆页面。
package filter; import java.io.IOException; import java.text.SimpleDateFormat; import java.util.Date; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class AuthFilter implements Filter { @Override public void destroy() { } @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; String uri = request.getRequestURI(); if (uri.endsWith("login.html") || uri.endsWith("login")) { chain.doFilter(request, response); return; } String userName = (String) request.getSession().getAttribute("userName"); if (null == userName) { response.sendRedirect("login.html"); return; } chain.doFilter(request, response); } @Override public void init(FilterConfig arg0) throws ServletException { } }配置AuthFilter
<filter> <filter-name>AuthFilter</filter-name> <filter-class>filter.AuthFilter</filter-class> </filter> <filter-mapping> <filter-name>AuthFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>因为这个过滤器的存在,在登陆之前所有的资源都不能访问。 所以在login.jsp上如果有图片,js和css,也不能够正常显示和工作。 可以对.css/.js/img进行过滤和放行
String uri = request.getRequestURI(); if (uri.endsWith(".css") || uri.endsWith(".js")) { //通过则放行 chain.doFilter(request, response); return; }