与Filter相关的接口
FilterConfig接口
getInitParamter():获取初始化参数,
getFilterName():获取过滤器名称,
getServletContext():获取application,
FilterChain接口
doFilter(ServletRequest,ServletResponse):放行,相当于调用了目标Servlet的service()方法。
过滤器的四种拦截方式
1拦截请求REQUEST(默认)
2拦截转发FOWARD
3拦截包含INCLUDE
4拦截错误ERROR
在<filter-mapping>中进行配置。例如:<dispatcher>FOWARD</dispatcher>
当然也可以在注解中进行配置。
过滤器分类
Servlet2.5
REQUEST——用户直接访问页面时,Web容器将会调用该过滤器
FORWARD——目标资源是通过RequestDispatcher的forward访问时,该过滤器将被调用
INCLUDE——目标资源是通过RequestDispatcher的include方法调用时,该过滤器将被调用
ERROR——目标资源是通过声明式异常处理机制时,过滤器将被调用
Servlet3.0在Servlet2.5基础上加了下面的一项:
ASYNC——支持异步处理
@WebFilter
@WebFilter用于将一个类声明为过滤器,该注解将会在部署时被容器处理,容器将会根据具体的属性配置将相应
的类部署为过滤器。
使用注解和配置web.xml的对比:
@WebFilter的常用属性:
使用注解的例子:
@WebFilter(filterName="LoginFilter",urlPatterns={"/success.jsp"})
@WebFilter(filterName="FilterDemo",urlPatterns={"/*"},dispatcherTypes={DispatcherType.REQUEST})
过滤器在实际项目中的应用场景
1对用户请求进行统一认证
2编码转换
3对用户发送的数据进行过滤替换
4转换图像格式
5对响应的内容进行压缩
简单登录认证和编码转换实例
LoginServlet.java源代码:
package com.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* Servlet implementation class LoginServlet
*/
@WebServlet(name="LoginServlet",urlPatterns={"/LoginServlet"})
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public LoginServlet() {
super();
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request, response);
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
request.setCharacterEncoding("UTF-8");//防止中文乱码
String username = request.getParameter("username");
String password = request.getParameter("password");
System.out.println(username);
if("李思思".equals(username) && "123456".equals(password)){
//校验通过
HttpSession session = request.getSession();
session.setAttribute("username", username);
//请求重定向
response.sendRedirect(request.getContextPath()+"/success.jsp");
}else{
//校验失败
response.sendRedirect(request.getContextPath()+"/failure.jsp");
}
}
}
LoginFilter.java源代码:
package com.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* Servlet Filter implementation class FilterDemo
*/
@WebFilter(filterName="LoginFilter",urlPatterns={"/success.jsp"})
public class LoginFilter implements Filter {
private FilterConfig config;
/**
* Default constructor.
*/
public LoginFilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletRequest hrequest = (HttpServletRequest)request;
HttpServletResponse hresponse = (HttpServletResponse) response;
HttpSession session = hrequest.getSession();
String noLoginPaths = config.getInitParameter("noLoginPaths");
//字符编码
String charset = config.getInitParameter("charset");
if(charset==null){
charset = "UTF-8";
}
hrequest.setCharacterEncoding(charset);
if(noLoginPaths!=null){
String[] strArray = noLoginPaths.split(";");
for (int i = 0; i < strArray.length; i++) {
if(strArray[i]==null || "".equals(strArray[i])){
continue;
}
if(hrequest.getRequestURI().indexOf(strArray[i])!=-1 ){
chain.doFilter(request, response);
return;
}
}
}
if(session.getAttribute("username")!=null){
chain.doFilter(request, response);
}else{
hresponse.sendRedirect(hrequest.getContextPath()+"/login.jsp");
}
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
// TODO Auto-generated method stub
config = fConfig;
}
}
login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>登录页面</title> </head> <body> <form action="<%=request.getContextPath() %>/LoginServlet" method="post"> 用户名:<input type="text" name="username"><br/> 密码:<input type="password" name="password"><br/> <input type="submit" value="提交"> </form> </body> </html>
success.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>成功页面</title>
</head>
<body>
<h1>登录成功,欢迎您<font color="red">${username}</font></h1>
</body>
</html>
failure.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>失败页面</title> </head> <body> <h1>登录失败,请检查用户名和密码!</h1> </body> </html>
运行结果:
粗粒度的权限控制
RBAC->基于角色的权限控制说明
我们给出三个页面default.jsp、user.jsp、admin.jsp
default.jsp:谁都可以访问,没有限制
user.jsp:只有登录用户才可以访问
admin.jsp:只有管理员才可以访问
代码实现:
LoginServlet1.java源代码:
package com.servlet;
import java.io.IOException;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class LoginServlet1
*/
@WebServlet(name="LoginServlet1",urlPatterns={"/LoginServlet1"})
public class LoginServlet1 extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public LoginServlet1() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see Servlet#init(ServletConfig)
*/
public void init(ServletConfig config) throws ServletException {
// TODO Auto-generated method stub
}
/**
* @see Servlet#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doPost(request, response);
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
response.setContentType("text/html;charset=UTF-8");
//1获取用户名
String username = request.getParameter("username");
//2判断用户名中时候包含admin,如果包含就是管理员,如果不包含,则是普通会员
//3要把登录的用户名保存到session中
if(username.contains("guanliyuan")){
request.getSession().setAttribute("admin", username);
}else {
request.getSession().setAttribute("username", username);
}
//4转发到default.jsp
request.getRequestDispatcher("/default.jsp").forward(request, response);
}
}
UserFilter.java源代码:
package com.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
/**
* Servlet Filter implementation class LoginFilter1
*/
@WebFilter(filterName="UserFilter",urlPatterns={"/user/*"})
public class UserFilter implements Filter {
/**
* Default constructor.
*/
public UserFilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
// place your code here
//1得到session
HttpServletRequest req = (HttpServletRequest)request;
String name = (String)req.getSession().getAttribute("admin");
//2判断session域中是否存在admin,如果存在,放行
//3判断session域中是否存在username。如果存在,放行,否则重定向到login1.jsp
if(name!=null){
chain.doFilter(request, response);
return;
}
name = (String)req.getSession().getAttribute("username");
if(name!=null){
chain.doFilter(request, response);
}else {
req.setAttribute("info", "你是游客!");
req.getRequestDispatcher("/login1.jsp").forward(request, response);
}
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
// TODO Auto-generated method stub
}
}
AdminFilter.java源代码:
package com.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
/**
* Servlet Filter implementation class FilterDemo
*/
@WebFilter(filterName="AdminFilter",urlPatterns={"/admin/*"})
public class AdminFilter implements Filter {
/**
* Default constructor.
*/
public AdminFilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
//1得到session
HttpServletRequest req = (HttpServletRequest)request;
String name = (String)req.getSession().getAttribute("admin");
//2判断session域中是否存在admin,如果存在,放行
//3判断session域中是否存在username。如果存在,放行,否则打会到login1.jsp
if(name!=null){
chain.doFilter(request, response);
}else {
req.setAttribute("info", "你是会员!");
req.getRequestDispatcher("/login1.jsp").forward(request, response);
}
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
// TODO Auto-generated method stub
}
}
login1.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!-- 导入JSTL标签库 -->
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!-- 导入JSTL函数库 -->
<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>登录界面</title>
</head>
<body>
<h1>登录</h1>
${info}
<form action="<c:url value=‘/LoginServlet1‘ />" method="post">
用户名:<input type="text" name="username" />
<input type="submit" value="登录" />
</form>
</body>
</html>
default.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!-- 导入JSTL标签库 --> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <!-- 导入JSTL函数库 --> <%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>游客界面</title> </head> <body> <h1>欢迎游客!</h1> <a href="<c:url value=‘/default.jsp‘ />">游客入口</a> <a href="<c:url value=‘/user/user.jsp‘ />">会员入口</a> <a href="<c:url value=‘/admin/admin.jsp‘ />">管理员入口</a> </body> </html>
admin.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!-- 导入JSTL标签库 --> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <!-- 导入JSTL函数库 --> <%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>管理员界面</title> </head> <body> <h1>欢迎管理员!</h1> <a href="<c:url value=‘/default.jsp‘ />">游客入口</a> <a href="<c:url value=‘/user/user.jsp‘ />">会员入口</a> <a href="<c:url value=‘/admin/admin.jsp‘ />">管理员入口</a> </body> </html>
user.jap:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!-- 导入JSTL标签库 --> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <!-- 导入JSTL函数库 --> <%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>会员界面</title> </head> <body> <h1>欢迎会员!</h1> <a href="<c:url value=‘/default.jsp‘ />">游客入口</a> <a href="<c:url value=‘/user/user.jsp‘ />">会员入口</a> <a href="<c:url value=‘/admin/admin.jsp‘ />">管理员入口</a> </body> </html>
结果:
我们从default.jsp页面开始测试:只能点击游客入口,不能进入会员和管理员入口
点击会员入口,我们输入用户名:这一次我们进不去管理员入口,能进入游客和会员入口
点击管理员入口,我们输入管理员账户:三个入口都可以进去。
时间: 2024-10-10 02:36:19