JavaWeb---过滤器Filter---

Posted 夏小弥

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了JavaWeb---过滤器Filter---相关的知识,希望对你有一定的参考价值。

过滤器的一个应用实例:自动登录

这里我从前端往后面写,这个例子里面我没有使用到数据库,即dao层暂且忽略,账号密码我用他们相等来验证

这个例子自动登录的实现本质上就是将信息暂时存储到cookie中去,每次访问时都到cookie中去看是都存在user对象,有的话就自动登录,没有的话就进行账号密码登录。


前台页面index.jsp

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <title>演示利用Filter实现自动登录</title>
  </head>
  
  <body>
      <h2>这是主页</h2>
      <c:if test="$!empty sessionScope.error">
         $sessionScope.error
         <c:remove var="error" scope="session"/>
      </c:if>
      
      <c:if test="$empty sessionScope.user" var="boo">
          <form action="<c:url value='/LoginServlet'/>" method="post">
            Name:<input type="text" name="name"><br/>
            Pwd:<input type="text" name="pwd"><br/>
                         自动登录:
            <input type="radio" name="time" value="0" checked="checked">不自动登录
            <input type="radio" name="time" value="1" >1天
            <input type="radio" name="time" value="7" >7天  <br/>
            <input type="submit" value="登录">
         </form>
      </c:if>
      <c:if  test="$!boo">
         $user.name,欢迎你!
         <a href="<c:url value='/jsps/show.jsp'/>">浏览商品</a><br/>
         <a href="<c:url value='/CancelAutoLoginServlet'/>">取消自动登录</a>
      </c:if>
  </body>
</html>


过滤器:AutoLoginFilter.java用于验证登录

package cn.hncu.filter;

import java.io.IOException;
import java.net.URLDecoder;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;

import cn.hncu.domain.User;
public class AutoLoginFilter implements Filter 
    public AutoLoginFilter() 
    
	public void destroy() 
	
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException 
		HttpServletRequest req = (HttpServletRequest)request;
		if(req.getSession().getAttribute("user")==null)//还没登录,帮你自动登录
			Cookie cs[] = req.getCookies();
			if(cs!=null)
				for(Cookie c:cs)//找"autoLogin"这个cookie
					if(c.getName().equals("autoLogin"))
						String str = c.getValue();
						String vals[] = str.split(",");
						String name = URLDecoder.decode(vals[0], "utf-8");
						String pwd = URLDecoder.decode(vals[1], "utf-8");
						
						//...//到后台验证登录是否成功(这里偷懒了,直接以两者相等来判断)
						if(name.equals(pwd))//如果成功则返回一个user对象
							User user = new User();
							user.setName(name);
							user.setPwd(pwd);
							req.getSession().setAttribute("user", user);
							break;
						
					
				
			
		
		chain.doFilter(req, response);
	
	public void init(FilterConfig fConfig) throws ServletException 
	

CharacterFilter.java判断是否被拉入黑名单

package cn.hncu.pubs;

import java.io.IOException;
import java.util.HashSet;
import java.util.Set;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

public class CharacterFilter implements Filter
    private String charset;
    //黑名单
    private Set<String> set = new HashSet<String>();
    
	@Override
	public void init(FilterConfig filterConfig) throws ServletException 
		charset = filterConfig.getInitParameter("charset");
		
		//到数据库中把黑名单加载进来,这里简单模拟一下
		set.add("127.0.0.1");
		set.add("192.168.31.168");
		
	
	@Override
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException 
		request.setCharacterEncoding(charset);
		
		//以下演示黑名单过滤技术
		String ip = request.getRemoteAddr();
		if(set.contains(ip))
			HttpServletResponse resp = (HttpServletResponse) response;
			resp.setContentType("text/html;charset=utf-8");
			resp.getWriter().println("你已被列入黑名单,不能访问!");
		else
			chain.doFilter(request, response);//放行
		
	
	@Override
	public void destroy() 
	

Servlet层

LoginServlet.java

package cn.hncu.servlet;

import java.io.IOException;
import java.net.URLEncoder;

import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.hncu.domain.User;

public class LoginServlet extends HttpServlet 

	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException 
		doPost(request, response);
	

	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException 
		//从页面接收登录信息
		String name = request.getParameter("name");
		String pwd = request.getParameter("pwd");
		String time = request.getParameter("time");
		
		User user = new User();
		user.setName(name);
		user.setPwd(pwd);
		
		if(name!=null && name.trim().length()!=0 && pwd!=null)
			if(name.equals(pwd))//按理应该到后台去验证登录是否成功,这里偷懒了--直接以用户名和密码相同为登录成功
				request.getSession().setAttribute("user", user);
				//登录成功,就往客户端写一个cookie,将用户名和密码存到cookie中
				//为了能够兼容中文,要进行编码
				name = URLEncoder.encode(name, "utf-8");
				pwd = URLEncoder.encode(pwd, "utf-8");
				Cookie cookie = new Cookie("autoLogin",name+","+pwd);
				cookie.setPath(request.getContextPath());//权限:本项目中的类都可以访问该cookie
				//有效期
				cookie.setMaxAge( 60*60*24* Integer.parseInt(time) );
				response.addCookie(cookie);//存储到客户端
				
			else
				request.getSession().setAttribute("error", "密码错误!");
			
		else
			request.getSession().setAttribute("error", "请输入用户名!");
		
		response.sendRedirect(request.getContextPath()+"/index.jsp");
	

CancelAutoLoginServlet.java取消自动登录

package cn.hncu.servlet;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class CancelAutoLoginServlet extends HttpServlet 
	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException 
		doPost(request, response);
	

	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException 
		System.out.println("取消自动登录.....");
		//取消自动登录,其实就是删除cookie
		Cookie cookie = new Cookie("autoLogin","");
		cookie.setPath(request.getContextPath());
		cookie.setMaxAge(0);//有效期为0即是删除
		response.addCookie(cookie);
		response.sendRedirect(request.getContextPath()+"/index.jsp");
	

值对象:User.java

package cn.hncu.domain;

public class User 
	private String name;
	private String pwd;

	public User() 
		super();
	

	public String getName() 
		return name;
	

	public void setName(String name) 
		this.name = name;
	

	public String getPwd() 
		return pwd;
	

	public void setPwd(String pwd) 
		this.pwd = pwd;
	

顺便附带上web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
  <display-name></display-name>
  <filter>
    <filter-name>charset</filter-name>
    <filter-class>cn.hncu.pubs.CharacterFilter</filter-class>
    <init-param>
      <param-name>charset</param-name>
      <param-value>utf-8</param-value>
    </init-param>
  </filter>
  <filter>
    <filter-name>autoLogin</filter-name>
    <filter-class>cn.hncu.filter.AutoLoginFilter</filter-class>
  </filter>
  
  <filter-mapping>
    <filter-name>charset</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>autoLogin</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  
  <servlet>
    <servlet-name>LoginServlet</servlet-name>
    <servlet-class>cn.hncu.servlet.LoginServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>CancelAutoLoginServlet</servlet-name>
    <servlet-class>cn.hncu.servlet.CancelAutoLoginServlet</servlet-class>
  </servlet>

  <servlet-mapping>
    <servlet-name>LoginServlet</servlet-name>
    <url-pattern>/LoginServlet</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>CancelAutoLoginServlet</servlet-name>
    <url-pattern>/CancelAutoLoginServlet</url-pattern>
  </servlet-mapping>
  <welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
  </welcome-file-list>
</web-app>



以上是关于JavaWeb---过滤器Filter---的主要内容,如果未能解决你的问题,请参考以下文章

JavaWeb_Filter过滤器篇

JavaWeb_Filter过滤器篇

javaweb-Servlet过滤器Filter

JavaWeb的过滤器Filter

JavaWeb--Filter(过滤器)学习

javaweb学习总结(四十六)——Filter(过滤器)常见应用