与Filter相关的接口
FilterConfig接口
getInitParamter():获取初始化参数,
getFilterName():获取过滤器名称,
getServletContext():获取application,
FilterChain接口
doFilter(ServletRequest,ServletResponse):放行,相当于调用了目标Servlet的service()方法。
过滤器的四种拦截方式
1拦截请求REQUEST(默认)
2拦截转发FOWARD
3拦截包含INCLUDE
4拦截错误ERROR
在<filter-mapping>中进行配置。例如:<dispatcher>FOWARD</dispatcher>
当然也可以在注解中进行配置。
过滤器分类
Servlet2.5
REQUEST——用户直接访问页面时,Web容器将会调用该过滤器
FORWARD——目标资源是通过RequestDispatcher的forward访问时,该过滤器将被调用
INCLUDE——目标资源是通过RequestDispatcher的include方法调用时,该过滤器将被调用
ERROR——目标资源是通过声明式异常处理机制时,过滤器将被调用
Servlet3.0在Servlet2.5基础上加了下面的一项:
ASYNC——支持异步处理
@WebFilter
@WebFilter用于将一个类声明为过滤器,该注解将会在部署时被容器处理,容器将会根据具体的属性配置将相应
的类部署为过滤器。
使用注解和配置web.xml的对比:
@WebFilter的常用属性:
使用注解的例子:
@WebFilter(filterName="LoginFilter",urlPatterns={"/success.jsp"})
@WebFilter(filterName="FilterDemo",urlPatterns={"/*"},dispatcherTypes={DispatcherType.REQUEST})
过滤器在实际项目中的应用场景
1对用户请求进行统一认证
2编码转换
3对用户发送的数据进行过滤替换
4转换图像格式
5对响应的内容进行压缩
简单登录认证和编码转换实例
LoginServlet.java源代码:
package com.servlet; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; /** * Servlet implementation class LoginServlet */ @WebServlet(name="LoginServlet",urlPatterns={"/LoginServlet"}) public class LoginServlet extends HttpServlet { private static final long serialVersionUID = 1L; /** * @see HttpServlet#HttpServlet() */ public LoginServlet() { super(); } /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request, response); } /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.setCharacterEncoding("UTF-8");//防止中文乱码 String username = request.getParameter("username"); String password = request.getParameter("password"); System.out.println(username); if("李思思".equals(username) && "123456".equals(password)){ //校验通过 HttpSession session = request.getSession(); session.setAttribute("username", username); //请求重定向 response.sendRedirect(request.getContextPath()+"/success.jsp"); }else{ //校验失败 response.sendRedirect(request.getContextPath()+"/failure.jsp"); } } }
LoginFilter.java源代码:
package com.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; /** * Servlet Filter implementation class FilterDemo */ @WebFilter(filterName="LoginFilter",urlPatterns={"/success.jsp"}) public class LoginFilter implements Filter { private FilterConfig config; /** * Default constructor. */ public LoginFilter() { // TODO Auto-generated constructor stub } /** * @see Filter#destroy() */ public void destroy() { // TODO Auto-generated method stub } /** * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) */ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { // TODO Auto-generated method stub HttpServletRequest hrequest = (HttpServletRequest)request; HttpServletResponse hresponse = (HttpServletResponse) response; HttpSession session = hrequest.getSession(); String noLoginPaths = config.getInitParameter("noLoginPaths"); //字符编码 String charset = config.getInitParameter("charset"); if(charset==null){ charset = "UTF-8"; } hrequest.setCharacterEncoding(charset); if(noLoginPaths!=null){ String[] strArray = noLoginPaths.split(";"); for (int i = 0; i < strArray.length; i++) { if(strArray[i]==null || "".equals(strArray[i])){ continue; } if(hrequest.getRequestURI().indexOf(strArray[i])!=-1 ){ chain.doFilter(request, response); return; } } } if(session.getAttribute("username")!=null){ chain.doFilter(request, response); }else{ hresponse.sendRedirect(hrequest.getContextPath()+"/login.jsp"); } } /** * @see Filter#init(FilterConfig) */ public void init(FilterConfig fConfig) throws ServletException { // TODO Auto-generated method stub config = fConfig; } }
login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>登录页面</title> </head> <body> <form action="<%=request.getContextPath() %>/LoginServlet" method="post"> 用户名:<input type="text" name="username"><br/> 密码:<input type="password" name="password"><br/> <input type="submit" value="提交"> </form> </body> </html>
success.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>成功页面</title> </head> <body> <h1>登录成功,欢迎您<font color="red">${username}</font></h1> </body> </html>
failure.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>失败页面</title> </head> <body> <h1>登录失败,请检查用户名和密码!</h1> </body> </html>
运行结果:
粗粒度的权限控制
RBAC->基于角色的权限控制说明
我们给出三个页面default.jsp、user.jsp、admin.jsp
default.jsp:谁都可以访问,没有限制
user.jsp:只有登录用户才可以访问
admin.jsp:只有管理员才可以访问
代码实现:
LoginServlet1.java源代码:
package com.servlet; import java.io.IOException; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * Servlet implementation class LoginServlet1 */ @WebServlet(name="LoginServlet1",urlPatterns={"/LoginServlet1"}) public class LoginServlet1 extends HttpServlet { private static final long serialVersionUID = 1L; /** * @see HttpServlet#HttpServlet() */ public LoginServlet1() { super(); // TODO Auto-generated constructor stub } /** * @see Servlet#init(ServletConfig) */ public void init(ServletConfig config) throws ServletException { // TODO Auto-generated method stub } /** * @see Servlet#destroy() */ public void destroy() { // TODO Auto-generated method stub } /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub doPost(request, response); } /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub response.setContentType("text/html;charset=UTF-8"); //1获取用户名 String username = request.getParameter("username"); //2判断用户名中时候包含admin,如果包含就是管理员,如果不包含,则是普通会员 //3要把登录的用户名保存到session中 if(username.contains("guanliyuan")){ request.getSession().setAttribute("admin", username); }else { request.getSession().setAttribute("username", username); } //4转发到default.jsp request.getRequestDispatcher("/default.jsp").forward(request, response); } }
UserFilter.java源代码:
package com.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; /** * Servlet Filter implementation class LoginFilter1 */ @WebFilter(filterName="UserFilter",urlPatterns={"/user/*"}) public class UserFilter implements Filter { /** * Default constructor. */ public UserFilter() { // TODO Auto-generated constructor stub } /** * @see Filter#destroy() */ public void destroy() { // TODO Auto-generated method stub } /** * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) */ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { // TODO Auto-generated method stub // place your code here //1得到session HttpServletRequest req = (HttpServletRequest)request; String name = (String)req.getSession().getAttribute("admin"); //2判断session域中是否存在admin,如果存在,放行 //3判断session域中是否存在username。如果存在,放行,否则重定向到login1.jsp if(name!=null){ chain.doFilter(request, response); return; } name = (String)req.getSession().getAttribute("username"); if(name!=null){ chain.doFilter(request, response); }else { req.setAttribute("info", "你是游客!"); req.getRequestDispatcher("/login1.jsp").forward(request, response); } } /** * @see Filter#init(FilterConfig) */ public void init(FilterConfig fConfig) throws ServletException { // TODO Auto-generated method stub } }
AdminFilter.java源代码:
package com.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; /** * Servlet Filter implementation class FilterDemo */ @WebFilter(filterName="AdminFilter",urlPatterns={"/admin/*"}) public class AdminFilter implements Filter { /** * Default constructor. */ public AdminFilter() { // TODO Auto-generated constructor stub } /** * @see Filter#destroy() */ public void destroy() { // TODO Auto-generated method stub } /** * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) */ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { // TODO Auto-generated method stub //1得到session HttpServletRequest req = (HttpServletRequest)request; String name = (String)req.getSession().getAttribute("admin"); //2判断session域中是否存在admin,如果存在,放行 //3判断session域中是否存在username。如果存在,放行,否则打会到login1.jsp if(name!=null){ chain.doFilter(request, response); }else { req.setAttribute("info", "你是会员!"); req.getRequestDispatcher("/login1.jsp").forward(request, response); } } /** * @see Filter#init(FilterConfig) */ public void init(FilterConfig fConfig) throws ServletException { // TODO Auto-generated method stub } }
login1.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!-- 导入JSTL标签库 --> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <!-- 导入JSTL函数库 --> <%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>登录界面</title> </head> <body> <h1>登录</h1> ${info} <form action="<c:url value=‘/LoginServlet1‘ />" method="post"> 用户名:<input type="text" name="username" /> <input type="submit" value="登录" /> </form> </body> </html>
default.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!-- 导入JSTL标签库 --> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <!-- 导入JSTL函数库 --> <%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>游客界面</title> </head> <body> <h1>欢迎游客!</h1> <a href="<c:url value=‘/default.jsp‘ />">游客入口</a> <a href="<c:url value=‘/user/user.jsp‘ />">会员入口</a> <a href="<c:url value=‘/admin/admin.jsp‘ />">管理员入口</a> </body> </html>
admin.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!-- 导入JSTL标签库 --> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <!-- 导入JSTL函数库 --> <%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>管理员界面</title> </head> <body> <h1>欢迎管理员!</h1> <a href="<c:url value=‘/default.jsp‘ />">游客入口</a> <a href="<c:url value=‘/user/user.jsp‘ />">会员入口</a> <a href="<c:url value=‘/admin/admin.jsp‘ />">管理员入口</a> </body> </html>
user.jap:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!-- 导入JSTL标签库 --> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <!-- 导入JSTL函数库 --> <%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>会员界面</title> </head> <body> <h1>欢迎会员!</h1> <a href="<c:url value=‘/default.jsp‘ />">游客入口</a> <a href="<c:url value=‘/user/user.jsp‘ />">会员入口</a> <a href="<c:url value=‘/admin/admin.jsp‘ />">管理员入口</a> </body> </html>
结果:
我们从default.jsp页面开始测试:只能点击游客入口,不能进入会员和管理员入口
点击会员入口,我们输入用户名:这一次我们进不去管理员入口,能进入游客和会员入口
点击管理员入口,我们输入管理员账户:三个入口都可以进去。