02 过滤器

Posted 2021-03-02 alichengxuyuan

过滤器常用于servlet中非法请求的过滤。本节将阐述过滤器的用法。

1、环境约束

• idea2018.1.5
• maven-3.0.5
• jdk-8u162-windows-x64
• servlet3.0

2、前提约束

• 完成servlet的三种实现方式，假设该项目的名称为为servlet-test
  https://www.jianshu.com/p/c209b439c951

3、操作步骤

• 在servlet-test/src/main/java文件夹下创建net.wanho.filter，net.wanho.servlet包
• 在net.wanho.filter包下面创建MyFilter.java

package net.wanho.filter;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebFilter("/*")
public class MyFilter implements Filter {
    public void init(FilterConfig filterConfig) throws ServletException {
        System.out.println("这是初始化方法，系统启动之时被执行");
    }

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        System.out.println("每一个请求都会进到这里");
        //这里不应该拦截所有请求，应该放行index.jsp,login.jsp页面和/login API，因为它们必然不携带用户信息；
        //如果拦截它们，则永远登录不上
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        String requestPath = httpServletRequest.getServletPath();
        if(requestPath.endsWith("index.jsp")||requestPath.endsWith("login.jsp")||requestPath.endsWith("/login"))
        {
            chain.doFilter(request,response);
            return;
        }
        //在登录之时用户的信息被放到了session之中，key值为USER，假设value中存储的就是用户名称
        String userName = (String) httpServletRequest.getSession().getAttribute("USER");
        if(userName==null)//用户没有登录过，直接跳转到登录界面
        {
            ((HttpServletResponse) response).sendRedirect("/login.jsp");
        }
        else
        {
            //用户已经登录过，放行
            chain.doFilter(request,response);
        }
    }

    public void destroy() {
        System.out.println("这是销毁方法，系统关闭之时被执行");
    }
}

• 在net.wanho.servlet包下面创建LoginServlet.java

package net.wanho.servlet;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@WebServlet("/login")
public class LoginServlet extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        String userName = req.getParameter("userName");
        String password = req.getParameter("password");
        if("ali".equals(userName)&&"123456".equals(password))
        {
            req.getSession().setAttribute("USER",userName);
            resp.sendRedirect("/show");
        }
        else
        {
            System.out.println("账号或者密码错误");
            resp.sendRedirect("/login.jsp");
        }
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        doGet(req, resp);
    }
}

• 在net.wanho.servlet包下面创建LoginOutServlet.java

package net.wanho.servlet;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@WebServlet("/loginout")
public class LoginOutServlet extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        req.getSession().removeAttribute("USER");
        resp.sendRedirect("/login.jsp");

    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        doGet(req, resp);
    }
}

• 在net.wanho.servlet包下面创建ShowServlet.java

package net.wanho.servlet;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@WebServlet("/show")
public class ShowServlet extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        resp.sendRedirect("/show.jsp");
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        doGet(req, resp);
    }
}

• 在servlet-test/src/main/webapp文件夹下创建login.jsp

<%--
  Created by IntelliJ IDEA.
  User: zhangli
  Date: 2020/4/1
  Time: 16:14
  To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>Title</title>
</head>
<body>
登录页面
<a href="/login?userName=ali&password=123456">登录</a>
</body>
</html>

• 在servlet-test/src/main/webapp文件夹下创建show.jsp

<%--
  Created by IntelliJ IDEA.
  User: zhangli
  Date: 2020/4/1
  Time: 16:30
  To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>Title</title>
</head>
<body>
用户信息   <a href="/loginout">退出</a>
</body>
</html>

• 启动，测试
  （1）直接访问http://localhost:8088/show.jsp，跳转到了登录界面，这就是过滤器起的作用
  （2）点击登录，验证之后，跳转到了show.jsp，因为已经登陆过，所以正常显示。
  以上就是过滤器在用户登录和验证模块的使用。