Filter简介
Filter(过滤器)的基本功能就是对与url匹配的所有的请求进行拦截,从而在 Servlet 进行响应处理的前后实现一些特殊的功能。
Filter 程序可以拦截 Jsp, Servlet, 静态图片文件和静态 html 文件。
Filter 程序是一个实现了 Filter 接口的 Java 类,与 Servlet 程序相似,它由 Servlet 容器进行调用和执行。
在 Servlet API 中定义了三个Filter, FilterChain, FilterConfig接口类来供开发人员编写 Filter 程序。
Filter 的基本工作原理:- 当注册了一个 Filter 来对某个 Servlet 程序进行拦截处理时,这个 Filter 就成了 Servlet 容器与该 Servlet 程序的通信线路上的一道关卡,该 Filter 可以对 Servlet 容器发送给Servlet 程序的请求和 Servlet 程序回送给 Servlet 容器的相应进行拦截,可以决定是否将请求继续传递给 Servlet 程序,以及对请求和相应信息是否进行修改。
- 在一个 web 应用程序中可以注册多个 Filter 程序,每个 Filter 程序都可以对一个或一组 Servlet 程序进行拦截。
- 若有多个 Filter 程序对某个 Servlet 程序的访问过程进行拦截,当针对该 Servlet 的访问请求到达时,web 容器将把这多个 Filter 程序组合成一个 Filter 链(过滤器链)。
拦截所有的请求,比如:http://localhost:8080/bb/fds、http://localhost:8080/b、http://localhost:8080/a.jsp……
@WebFilter(urlPatterns = "/*")
public class AuthFilter implements Filter {
public void destroy() {
System.out.println("destroy");
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
System.out.println("do11");
chain.doFilter(req, resp);
System.out.println("do22");
}
public void init(FilterConfig config) throws ServletException {
System.out.println("init");
}
}
拦截以aa开始的所有的请求,比如:http://localhost:8080/aa/fds、http://localhost:8080/aa/b.jsp,但不能拦截http://localhost:8080/bb/aa
@WebFilter(urlPatterns = "/aa/*")
public class AuthFilter implements Filter {
public void destroy() {
System.out.println("destroy");
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
System.out.println("do11");
chain.doFilter(req, resp);
System.out.println("do22");
}
public void init(FilterConfig config) throws ServletException {
System.out.println("init");
}
}
拦截以aa或bb开始的所有的请求,比如:http://localhost:8080/aa/fds、http://localhost:8080/bb/b.jsp
@WebFilter(urlPatterns = {"/aa/*","/bb/*"})
public class AuthFilter implements Filter {
public void destroy() {
System.out.println("destroy");
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
System.out.println("do11");
chain.doFilter(req, resp);
System.out.println("do22");
}
public void init(FilterConfig config) throws ServletException {
System.out.println("init");
}
}
-
项目目录结构
-
aa.html
机密文件 登录之后才能访问的页面 -
bb.png 一张普通的图片
-
login.jsp
login 用户名: 密码: -
LoginServlet.java
@WebServlet(urlPatterns = "/loginServlet") public class LoginServlet extends HttpServlet { protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String uname = request.getParameter("uname"); String upwd = request.getParameter("upwd"); if ("zhangsan".equals(uname) && "1234".equals(upwd)) {//如果登录成功 HttpSession session = request.getSession(); //获取Session session.setMaxInactiveInterval(30*60); //设置session的有效时间为60s session.setAttribute("user",uname);//将用户信息放到Session中 Object aim = request.getSession().getAttribute("aim");//Filter拦截的url System.out.println("*** "+aim); request.getRequestDispatcher(aim.toString()).forward(request, response); } } } -
AuthFilter.java
@WebFilter(urlPatterns = "/sec/*") public class AuthFilter implements Filter { public void destroy() { } public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) resp; String aim = request.getRequestURI(); String queryString = request.getQueryString(); if (queryString != null) { aim += "?" + queryString; } HttpSession session = request.getSession(); session.setAttribute("aim", aim); Object user = session.getAttribute("user"); if (user == null) { //如果用户没有登录,跳转到登录页面 request.getRequestDispatcher("/login.jsp").forward(request, response); return; //如果有过滤器链,不再执行后面的过滤器 } chain.doFilter(req, resp); System.out.println("haha"); } public void init(FilterConfig config) throws ServletException { } } -
DemoServlet.java
@WebServlet(urlPatterns = "/sec/demoServlet") public class DemoServlet extends HttpServlet { @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { doGet(req,resp); } @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.getRequestDispatcher("/WEB-INF/sec/aa.html").forward(request,response); } } -
DemoServlet2.java
@WebServlet(urlPatterns = "/sec/demoServlet2") public class DemoServlet2 extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.getRequestDispatcher("/WEB-INF/sec/bb.png").forward(request,response); } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { doGet(req,resp); } } -
运行
- 请求http://localhost:8080/sec/demoServlet2,进入用户登录页面
- 输入用户名密码,单击按钮,结果:
-
EmojiFilter
@WebFilter(urlPatterns = "/*") public class EmojiFilter implements Filter { public void destroy() { System.out.println("EmojiFilter destroy"); } public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException { System.out.println("EmojiFilter doFilter before"); chain.doFilter(req, resp); System.out.println("EmojiFilter doFilter after"); } public void init(FilterConfig config) throws ServletException { System.out.println("EmojiFilter init"); } } -
HtmlFilter
@WebFilter(urlPatterns = "/*") public class HtmlFilter implements Filter { public void destroy() { System.out.println("HtmlFilter destroy"); } public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException { System.out.println("HtmlFilter doFilter before"); chain.doFilter(req, resp); System.out.println("HtmlFilter doFilter after"); } public void init(FilterConfig config) throws ServletException { System.out.println("HtmlFilter init"); } } -
SensitiveFilter
@WebFilter(urlPatterns = "/*") public class SensitiveFilter implements Filter { public void destroy() { System.out.println("SensitiveFilter destroy"); } public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException { System.out.println("SensitiveFilter doFilter before"); chain.doFilter(req, resp); System.out.println("SensitiveFilter doFilter after"); } public void init(FilterConfig config) throws ServletException { System.out.println("SensitiveFilter init"); } } -
DemoServlet
@WebServlet(urlPatterns = "/demoServlet") public class DemoServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { System.out.println("hahaha......"); } }
运行:在浏览器中请求http://localhost:8080/demoServlet,控制台输出结果: 
