1. Filter简介
Filter也称之为过滤器,WEB开发人员通过Filter技术,对web服务器管理的所有web资源:例如Jsp ,Servlet ,静态图片文件或静态html文件等进行拦截,从而实现一些特殊的功能。
Servlet API中提供了一个Filter接口 ,开发web应用时,如果编写的类实现了这个接口,则把这个java类称之为过滤器Filter。通过Filter技术 ,开发人员可以实现用户在访问某个目标资源之前,对访问的请求和响应进行拦截,如下所示:
image.png
image.png
Filter开发入门
Filter开发步骤
Filter开发分为二个步骤:
- 编写java类实现Filter接口,并实现其doFilter方法。
- 在web.xml(不使用注解方式)文件中使用<filter>和<filter-mapping>元素对编写的filter类进行注册,并设置它所能拦截的资源。(了解即可,百度)
2. Filter是如何实现拦截的?
Filter接口中有一个doFilter方法, 当我们编写好Filter,并配置对哪个web资源进行拦截后,WEB服务器每次在调用web资源的service方法之前,都会先调用一下filter的doFilter方法,因此,在该方法内编写代码可达到如下目的:
调用目标资源之前,让一段代码执行。
是否调用目标资源(即是否让用户访问web资源)
web服务器在调用doFilter方法时,会传递一个filterChain对象进来 ,filterChain对象是filter接口中最重要的一个对象,它也提供了一个doFilter方法,开发人员可以根据需求决定是否调用此方法,调用该方法,则web服务器就会调用web资源的service方法,即web资源就会被访问,否则web资源不会被访问。
调用目标资源之后,让一段代码执行。
3. 过滤器简单代码
主页面 index.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>$Title$</title>
</head>
<body>
<a href="a.do?username=zhangsan">访问Aservlet</a>
<a href="b.do?username=lisi">访问Bservlet</a>
<a href="c.action?username=lisi">访问Cservlet</a>
</body>
</html>
a.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
放行了.... a.jsp
</body>
</html>
b.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
过滤器打回了... b.jsp
</body>
</html>
过滤器
package com.lty.filter;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import java.io.IOException;
@WebFilter(filterName = "TestFilter" , urlPatterns = "*.do")
public class TestFilter implements Filter {
public void destroy() {
System.out.println("TestFilter destroy");
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
String username = req.getParameter("username");
System.out.println("doFilter before");
if(username.equals("zhangsan")){
chain.doFilter(req, resp); //放行了
}else{
req.getRequestDispatcher("b.jsp").forward(req,resp);
}
System.out.println("doFilter after");
}
public void init(FilterConfig config) throws ServletException {
System.out.println("TestFilter init");
}
}
servlet
package com.lty.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebServlet(name = "AServlet" , urlPatterns = "/a.do")
public class AServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
System.out.println("AServlet");
request.getRequestDispatcher("a.jsp").forward(request,response);
}
}
package com.lty.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebServlet(name = "BServlet" , urlPatterns = "/b.do")
public class BServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
System.out.println("BServlet");
}
}
package com.lty.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebServlet(name = "CServlet" , urlPatterns = "/c.action")
public class CServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
System.out.println("CServlet");
request.getRequestDispatcher("a.jsp").forward(request,response);
}
}
4. 过滤器的生命周期
Filter对象何时被创建?
服务器一启动的时候,就会针对这个web应用将所有的Filter对象(拦截器)创建出来,并且以后访问的时候,都是使用同一个拦截器进行拦截。也即一个拦截器会被所有的请求所共享,每一次请求来了之后,都会导致doFilter()方法被调用一次,Filter对象只有一个,而doFilter()方法会被多次调用。
问: Filter对象在内存里面有几个?
答:一个。服务器并不会针对请求创建新的Filter对象(拦截器)。
Filter对象何时被摧毁?
移除掉web服务器里面这个web应用(或停掉服务器),就会摧毁这个web应用对应的拦截器。
使用过滤器技术解决中文乱码问题(统一全站的编码)
package com.lty.filter;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import java.io.IOException;
@WebFilter(filterName = "CoderFilter" , urlPatterns = "*.do")
public class CoderFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
req.setCharacterEncoding("utf-8");
resp.setCharacterEncoding("utf-8");
resp.setContentType("text/html;charset=utf-8");
chain.doFilter(req, resp);
}
public void init(FilterConfig config) throws ServletException {
}
}
image.png
5. 过滤器应用
主页面 index.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>$Title$</title>
</head>
<body>
<a href="login.do">登录</a>
<a href="admin.admin">进入管理后台界面</a>
</body>
</html>
登录页面 login.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<form action="login.do" method="post">
<input type="text" name="username">
<input type="submit" value="登录">
</form>
</body>
</html>
admin.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
我是整个网站的后台管理员页面首页
</body>
</html>
student.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
我是整个网站的后台学生信息管理页面
</body>
</html>
监听器
package com.lty.filter;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
@WebFilter(filterName = "AuthFilter" , urlPatterns = "*.admin")
public class AuthFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
HttpServletRequest request = (HttpServletRequest)req;
Object obj = request.getSession().getAttribute("user");
if(obj != null){
chain.doFilter(req, resp);
}else{
request.getRequestDispatcher("login.jsp").forward(request,resp);
}
}
public void init(FilterConfig config) throws ServletException {
}
}
servlet
package com.lty.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebServlet(name = "LoginServlet" , urlPatterns = "/login.do")
public class LoginServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
request.getSession().setAttribute("user",username);
request.getRequestDispatcher("/WEB-INF/admin.jsp").forward(request,response);
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
request.getRequestDispatcher("login.jsp").forward(request,response);
}
}
package com.lty.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebServlet(name = "AdminServlet" , urlPatterns = "/admin.admin")
public class AdminServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
request.getRequestDispatcher("/WEB-INF/admin.jsp").forward(request,response);// WEB-INF前面的 / 代表该项目中的web文件
}
}
package com.lty.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebServlet(name = "StudentServlet" , urlPatterns = "/student.admin")
public class StudentServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
request.getRequestDispatcher("/WEB-INF/student.jsp").forward(request,response);// WEB-INF前面的 / 代表该项目中的web文件
}
}
image.png
6. 过滤器其它
当一个项目使用多个过滤器的时候,默认项目中第一个(靠前的)过滤器进行首次拦截
image.png
凡是放到WEB-INF目录下的文件,Tomcat服务器规定用户无法在浏览器上进行访问(用户通过输入网址的方式进行访问)
image.png
