过滤器的概念
- Servlet过滤器是在Java Servlet规范2.3中定义的,它能够对Servlet容器的请求和响应对象进行检查和修改。
- Servlet过滤器本身并不生成请求和响应对象,它只提供过滤作用。
- Servlet过滤器能够在Servlet被调用之前检查Request对象,修改Request Header和Request内容;
- 在Servlet被调用之后检查Response对象,修改Response Header和Response内容。Servlet过滤器负责过滤的Web组件可以是Servlet、JSP或HTML文件。
Servlet过滤器的过滤过程
Filter接口
-
所有的 Servlet 过 滤 器 类 都 必 须 实 现javax.servlet.Filter接口。这个接口含有3个过滤器类必须实现的方法:
– init()
– doFilter()
– destroy() -
init(FilterConfig):这是Servlet过滤器的初始化方法,Servlet容器创建Servlet过滤器实例后将调用这个方法。在这个方法中可以读取web.xml 文件中Servlet过滤器的初始化参数。
-
doFilter(ServletRequest, ServletResponse,FilterChain): 这个方法完成实际的过滤操作。当客户请求访问与过滤器关联的URL时,Servlet容器将先调用过滤器的doFilter方法。FilterChain参数用于访问后续过滤器
过滤器的链式请求处理过程(FilterChain)
- destroy():Servlet容器在销毁过滤器实例前调用该方法,在这个方法中可以释放Servlet过滤器占用的资源
- 在web.xml配置中filter要配置在servlet的上面,而url-parttern写的是要过滤的servlet,写/*是过滤web应用下的所有的请求
- Filter会在服务器启动的时候就初始化,如果在init启动失败服务器就无法启动,例如在init中抛出异常。
package learn.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
public class LoginFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
System.out.println("doFilter invoked!");
}
public void init(FilterConfig fConfig) throws ServletException {
System.out.println("init invoked!");
}
}
<filter>
<description>
</description>
<display-name>LoginFilter</display-name>
<filter-name>LoginFilter</filter-name>
<filter-class>learn.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
init invoked!
一月 31, 2019 4:54:15 下午 org.apache.coyote.AbstractProtocol start
信息: Starting ProtocolHandler [“http-nio-8080”]
一月 31, 2019 4:54:15 下午 org.apache.coyote.AbstractProtocol start
信息: Starting ProtocolHandler [“ajp-nio-8009”]
一月 31, 2019 4:54:15 下午 org.apache.catalina.startup.Catalina start
信息: Server startup in 251 ms
doFilter invoked!
doFilter invoked!
过滤器的例子
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<base href="<%=basePath%>">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="CommentServlet" method="post">
username:<input type="text" name="username"><br>
comments:<textarea name="comment" row="7" cols="20"></textarea><br>
<input type="submit" value="submit">
</form>
</body>
</html>
package learn.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class CommentFilter implements Filter {
public void destroy() {
// TODO Auto-generated method stub
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse resp = (HttpServletResponse)response;
req.setCharacterEncoding("UTF-8");
resp.setCharacterEncoding("UTF-8");
String username = req.getParameter("username");
String comment = req.getParameter("comment");
username = username.replace("zhang", "li");
comment = comment.replace("大连交通大学", "****");
req.setAttribute("username", username);
req.setAttribute("comment", comment);
chain.doFilter(request, response);
}
public void init(FilterConfig fConfig) throws ServletException {
// TODO Auto-generated method stub
}
}
package learn.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class CommentServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
request.getRequestDispatcher("commentResult.jsp").forward(request, response);
}
}
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<base href="<%=basePath%>">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
uesrname:<%= request.getAttribute("username") %><br>
comments:<%= request.getAttribute("comment") %>
</body>
</html>
改进session中的例子
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<% String authority = request.getParameter("authority");
String username = request.getParameter("username");
%>
<form action="${pageContext.request.contextPath}/MyLoginServlet" method="post">
username:<input type="text" name="username" value="<%= null == username?"":username %>"><br>
password:<input type="password" name="password"><br>
authority:
<select name="authority">
<option value="1" <%= "1".equals(authority)?"selected='selected'":""%>>common user</option>
<option value="2" <%= "2".equals(authority)?"selected='selected'":""%>>administrator</option>
</select>
<br>
<input type="submit" value="submit">
</form>
</body>
</html>
package learn.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import learn.bean.User;
public class MyLoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
this.doPost(request, response);
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
User user = new User();
HttpSession session = request.getSession();
String username = request.getParameter("username");
String password = request.getParameter("password");
String authority = request.getParameter("authority");
if ("1".equals(authority)) {
// 登录的是普通用户
if ("zhangsan".equals(username) && "123".equals(password)) {
// 将用户的信息放置到session当中
user.setUsername(username);
user.setPassword(password);
user.setAuthority(authority);
session.setAttribute("user", user);
request.getRequestDispatcher("/filter/index.jsp").forward(request, response);
}
else {
response.sendRedirect("filter/login.jsp?username=" + username + "&authority=" + authority);
}
} else if ("2".equals(authority)) {
// 登录的是系统管理员
if ("lisi".equals(username) && "456".equals(password)) {
user.setUsername(username);
user.setPassword(password);
user.setAuthority(authority);
session.setAttribute("user", user);
request.getRequestDispatcher("/filter/index.jsp").forward(request, response);
}
else {
response.sendRedirect("filter/login.jsp?username=" + username + "&authority=" + authority);
}
}
// 登录失败
else {
response.sendRedirect("filter/login.jsp?username=" + username + "&authority=" + authority);
}
}
}
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8" import="learn.bean.User"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<base href="<%=basePath%>">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<a href="MyQueryServlet">query</a><br>
<% if(((User)session.getAttribute("user")).getAuthority().equals("2")){%>
<a href="MyUpdateServlet">update</a>
<%}%>
</body>
</html>
package learn.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest r = (HttpServletRequest)request;
String requestURI = r.getRequestURI();
if(requestURI.endsWith("login.jsp") || requestURI.endsWith("MyLoginServlet")){
chain.doFilter(request, response);
return;
}
HttpSession session = r.getSession();
if(null == session.getAttribute("user")){
((HttpServletResponse)response).sendRedirect("login.jsp");
return;
}
chain.doFilter(request, response);
}
public void init(FilterConfig fConfig) throws ServletException {
System.out.println("init invoked!");
}
}
串联Servlet过滤器的工作流程
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<base href="<%=basePath%>">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="InfoServlet" method="post">
username:<input type="text" name="username"><br>
<input type="submit" value="submit">
</form>
</body>
</html>
package learn.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class InfoServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
System.out.println(request.getParameter("username"));
request.getRequestDispatcher("infoResult.jsp").forward(request, response);
}
}
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<base href="<%=basePath%>">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
username:<%=request.getParameter("username") %>
</body>
</html>
package learn.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
public class MyFilter1 implements Filter {
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
System.out.println("myFilter1 before chain.doFilter");
chain.doFilter(request, response);
System.out.println("myFilter1 after chain.doFilter");
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
// TODO Auto-generated method stub
}
}
package learn.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
public class MyFilter2 implements Filter {
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
System.out.println("myFilter2 before chain.doFilter");
chain.doFilter(request, response);
System.out.println("myFilter2 after chain.doFilter");
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
// TODO Auto-generated method stub
}
}
<filter>
<description>
</description>
<display-name>MyFilter1</display-name>
<filter-name>MyFilter1</filter-name>
<filter-class>learn.filter.MyFilter1</filter-class>
</filter>
<filter>
<description>
</description>
<display-name>MyFilter2</display-name>
<filter-name>MyFilter2</filter-name>
<filter-class>learn.filter.MyFilter2</filter-class>
</filter>
<filter-mapping>
<filter-name>MyFilter1</filter-name>
<url-pattern>/InfoServlet</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>MyFilter2</filter-name>
<url-pattern>/InfoServlet</url-pattern>
</filter-mapping>
结果是:
myFilter1 before chain.doFilter
myFilter2 before chain.doFilter
zhangsan
myFilter2 after chain.doFilter
myFilter1 after chain.doFilter
问题
- 问题:在Servlet过滤器中能否访问application范围内的共享数据?
• 答案:可以的,先调用FilterConfig的getServletContext()方法获得ServletContext,再调用ServletContext的getAttribute()方法来获得application范围内的共享数据。
public void init(FilterConfig fConfig) throws ServletException {
String value1 = fConfig.getInitParameter("hello");
String value2 = fConfig.getInitParameter("zhangsan");
System.out.println(value1 + ":" + value2);
}
<filter>
<description>
</description>
<display-name>CommentFilter</display-name>
<filter-name>CommentFilter</filter-name>
<filter-class>learn.filter.CommentFilter</filter-class>
<init-param>
<param-name>hello</param-name>
<param-value>world</param-value>
</init-param>
<init-param>
<param-name>zhangsan</param-name>
<param-value>li</param-value>
</init-param>
</filter>
结果是:
world:li
- 问题:“Servlet过滤器只能对Servlet进行过滤”,这句
话是否正确?
• 答案:不正确。Servlet过滤器可以对Servlet、JSP和HTML文件过滤。