以前一直有用过滤器,但是一直没有仔细看过,前几天在看完一本jsp设计的时候才真正有了点体会,这是一本比较基础的书,在这里我只是记录下原代码,目的很简单,只是记录一下,也没有想要解释什么(相信大家一看就会明白了,其实我也不是什么髙手,只是看到了记录下来,当成笔记),我想大家感兴趣的话还是要买本有此类介绍的书认真看一下,
*/
public class AccessControlFilter implements Filter {
private FilterConfig config = null;
private String loginPage;
/**
* Reads the "loginPage" filter init parameter and saves the
* value in an instance variable.
*
* @exception ServletException if the "loginPage" parameter is
* not set.
*/
public void init(FilterConfig config) throws ServletException {
this.config = config;
loginPage = config.getInitParameter("loginPage");
if (loginPage == null) {
throw new ServletException("loginPage init parameter missing");
}
}
/**
* Resets the instance variable.
*/
public void destroy() {
config = null;
}
/**
* Looks for the authentication token in the session and forwards
* to the login page if not found.
*/
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpReq = (HttpServletRequest) request;
HttpServletResponse httpResp = (HttpServletResponse) response;
if (!isAuthenticated(httpReq)) {
String forwardURI = getForwardURI(httpReq);
// Forward to the login page and stop further processing
ServletContext context = config.getServletContext();
RequestDispatcher rd = context.getRequestDispatcher(forwardURI);
if (rd == null) {
httpResp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
"Login page doesn't exist");
}
rd.forward(request, response);
return;
}
/*
* Process the rest of the filter chain, if any, and ultimately
* the requested servlet or JSP page.
*/
chain.doFilter(request, response);
}
/**
* Returns true if the session contains the authentication token.
*/
private boolean isAuthenticated(HttpServletRequest request) {
boolean isAuthenticated = false;
HttpSession session = request.getSession();
if (session.getAttribute("user") != null) {
isAuthenticated = true;
}
return isAuthenticated;
}
/**
* Returns the context-relative path to the login page, with the
* parameters used by the login page.
*/
private String getForwardURI(HttpServletRequest request) {
StringBuffer uri = new StringBuffer(loginPage);
uri.append("?errorMsg=Please+log+in+first&origURL=").
append(URLEncoder.encode(getContextRelativeURI(request)));
return uri.toString();
}
/**
* Returns a context-relative path for the request, including
* the query string, if any.
*/
private String getContextRelativeURI(HttpServletRequest request) {
int ctxPathLength = request.getContextPath().length();
String requestURI = request.getRequestURI();
StringBuffer uri =
new StringBuffer(requestURI.substring(ctxPathLength));
String query = request.getQueryString();
if (query != null) {
uri.append("?").append(query);
}
return uri.toString();
}
}
上面的代码是从书上摘要下来的,主要是用来实现,保护一些得资源不被非法用户访问,这里说的非法访问是指用户在没有登录的情况下直接访问系统的资源。,我相信大家可以从上面得到一些过滤器的基本知道,当然在使用的时候还要在web中配置一下的
具本配置如下
<filter>
<filter-name>accessControl</filter-name>
<filter-class>
com.zou.servlet.AccessControlFilter
</filter-class>
<init-param>
<param-name>loginPage</param-name>
<param-value>/page/login.jsp</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>accessControl</filter-name>
<url-pattern>/page/*</url-pattern>
</filter-mapping>
*/
public class AccessControlFilter implements Filter {
private FilterConfig config = null;
private String loginPage;
/**
* Reads the "loginPage" filter init parameter and saves the
* value in an instance variable.
*
* @exception ServletException if the "loginPage" parameter is
* not set.
*/
public void init(FilterConfig config) throws ServletException {
this.config = config;
loginPage = config.getInitParameter("loginPage");
if (loginPage == null) {
throw new ServletException("loginPage init parameter missing");
}
}
/**
* Resets the instance variable.
*/
public void destroy() {
config = null;
}
/**
* Looks for the authentication token in the session and forwards
* to the login page if not found.
*/
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpReq = (HttpServletRequest) request;
HttpServletResponse httpResp = (HttpServletResponse) response;
if (!isAuthenticated(httpReq)) {
String forwardURI = getForwardURI(httpReq);
// Forward to the login page and stop further processing
ServletContext context = config.getServletContext();
RequestDispatcher rd = context.getRequestDispatcher(forwardURI);
if (rd == null) {
httpResp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
"Login page doesn't exist");
}
rd.forward(request, response);
return;
}
/*
* Process the rest of the filter chain, if any, and ultimately
* the requested servlet or JSP page.
*/
chain.doFilter(request, response);
}
/**
* Returns true if the session contains the authentication token.
*/
private boolean isAuthenticated(HttpServletRequest request) {
boolean isAuthenticated = false;
HttpSession session = request.getSession();
if (session.getAttribute("user") != null) {
isAuthenticated = true;
}
return isAuthenticated;
}
/**
* Returns the context-relative path to the login page, with the
* parameters used by the login page.
*/
private String getForwardURI(HttpServletRequest request) {
StringBuffer uri = new StringBuffer(loginPage);
uri.append("?errorMsg=Please+log+in+first&origURL=").
append(URLEncoder.encode(getContextRelativeURI(request)));
return uri.toString();
}
/**
* Returns a context-relative path for the request, including
* the query string, if any.
*/
private String getContextRelativeURI(HttpServletRequest request) {
int ctxPathLength = request.getContextPath().length();
String requestURI = request.getRequestURI();
StringBuffer uri =
new StringBuffer(requestURI.substring(ctxPathLength));
String query = request.getQueryString();
if (query != null) {
uri.append("?").append(query);
}
return uri.toString();
}
}
上面的代码是从书上摘要下来的,主要是用来实现,保护一些得资源不被非法用户访问,这里说的非法访问是指用户在没有登录的情况下直接访问系统的资源。,我相信大家可以从上面得到一些过滤器的基本知道,当然在使用的时候还要在web中配置一下的
具本配置如下
<filter>
<filter-name>accessControl</filter-name>
<filter-class>
com.zou.servlet.AccessControlFilter
</filter-class>
<init-param>
<param-name>loginPage</param-name>
<param-value>/page/login.jsp</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>accessControl</filter-name>
<url-pattern>/page/*</url-pattern>
</filter-mapping>
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
