（七）Servlet过滤器

时间 2019-11-11

原文原文链接

Servlet过滤器简介javascript

过滤器经过Web部署描述符（web.xml）中XML标签来声明，这样就能够容许添加和删除过滤器而无需改动如何应用代码或JSP页面。它可以对Servlet容器的请求和响应对象进行检查和修改，预防非法或不合理的请求和响应，即：css

在客户端的请求访问后端资源以前，拦截这些请求。
在服务器的响应发送回客户端以前，处理这些响应。

Java中的Filter 并非一个标准的Servlet ，它不能处理用户请求，也不能对客户端生成响应。主要用于对HttpServletRequest 进行预处理，也能够对HttpServletResponse 进行后处理，是个典型的处理链。html

根据规范建议的各类类型的过滤器：java

身份验证过滤器（Authentication Filters）。
数据压缩过滤器（Data compression Filters）。
加密过滤器（Encryption Filters）。
触发资源访问事件过滤器。
图像转换过滤器（Image Conversion Filters）。
日志记录和审核过滤器（Logging and Auditing Filters）。
MIME-TYPE 链过滤器（MIME-TYPE Chain Filters）。
标记化过滤器（Tokenizing Filters）。
XSL/T 过滤器（XSL/T Filters），转换 XML 内容。

Servlet 过滤器方法

一个执行过滤器的java类必须实现 javax.servlet.Filter 接口。javax.servlet.Filter 接口包含有三个方法：mysql

public void init(FilterConfig filterConfig)
初始化方法，web容器调用过滤器首先执行的方法。

public void doFilter (ServletRequest, ServletResponse, FilterChain)
该方法由 Web 容器调用，指示一个过滤器被放入服务。

public void destroy()
容器在销毁过滤器实例前，doFilter()中全部活动都被该实例终止后，调用该方法

实例代码：web

下面实现一个登陆过滤器sql

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
		<title>登陆页面</title>
		<style>
			#form-groud{
				padding: 5px;
			}
			
			label{
				display:inline-block;
				padding: 5px;
				width: 5em;
				text-align: center;
			}
			
			input{
				padding: 5px;
			}
			
			#submit{
				display:inline-block;
				width: 10em;
				margin: 0 5em;
			}
		</style>
	</head>
	<body>
		<%
			//String loginerror = session.getAttribute("loginerror");
			if(session.getAttribute("loginerror") == "0"){
				out.println("<script type='text/javascript'>alert('登陆失败!!!');</script>");
				session.removeAttribute("loginerror");
			} else if(session.getAttribute("loginerror") == "1"){
				out.println("<script type='text/javascript'>alert('您尚未登陆!!!');</script>");
			}
		%>
		<form action="login" method="post">
			<div id="form-groud">
				<label for="userName">用户名:</label>
				<input type="text" name="userName" id="userName"/>
			</div>
			<div id="form-groud">
				<label for="password">密码:</label>
				<input type="password" name="password" id="password"/>
			</div>
			<div id="form-groud">
				<input type="submit" name="submit" value="登陆" id="submit"/>
			</div>	
		</form>
	</body>
</html>

package cn.iborder.admin;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import cn.iborder.util.Dbutil;
import cn.iborder.util.MD5Util;
/**
 * Servlet implementation class Login
 */
@WebServlet("/login")
public class Login extends HttpServlet {
	private static final long serialVersionUID = 1L;
       
    /**
     * @see HttpServlet#HttpServlet()
     */
    public Login() {
        super();
        // TODO Auto-generated constructor stub
    }
	/**
	 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		// TODO Auto-generated method stub
		request.setCharacterEncoding("UTF-8");
		response.setContentType("text/html;charset=UTF-8");
		
		String dbUrl = "jdbc:mysql://localhost:3306/test";
		String dbUser = "root";
		String dbPassword = "root";
		String userName = request.getParameter("userName");
		String password = null;
		try {
			password = MD5Util.md5Encode(request.getParameter("password"));
		} catch (Exception e1) {
			// TODO Auto-generated catch block
			e1.printStackTrace();
		}
		System.out.println("username : "+userName);
		System.out.println("password : "+password);
		System.out.println("=======================");
		
		Connection connection = new Dbutil(dbUrl, dbUser, dbPassword).getConn();
		PreparedStatement statement=null;
		ResultSet rs=null;
		HttpSession session = request.getSession();
		try {
			String sql = "select * from user where username=? and password=?";
			statement = connection.prepareStatement(sql);
			statement.setString(1, userName);
			statement.setString(2, password);
			
			rs = statement.executeQuery();
			if(!rs.next()){
				System.out.println("登陆失败");
				System.out.println("=======================");
				session.setAttribute("loginerror", "0");
				response.sendRedirect("login.jsp");
			} else{
				System.out.println("登陆成功");
				rs.beforeFirst();
				while (rs.next()) {
					System.out.println(rs.getString("username"));
					System.out.println(rs.getString("password"));
				}
				System.out.println("=======================");
				session.setAttribute("username", userName);				
				response.sendRedirect("main.jsp");
			}
		} catch (SQLException e) {
			// TODO Auto-generated catch block
			System.out.println("建立Statement对象失败");
			System.out.println(e.getMessage());
			//System.out.println(e.getSQLState());
			System.out.println("=======================");
		} catch (NullPointerException e) {
			// TODO: handle exception
			System.out.println("空指针异常");
			System.out.println(e.getMessage());
			System.out.println("=======================");
		}finally {
			try {
				if (rs != null) {
					rs.close();
				}
				if (statement != null) {
					statement.close();
				}
				if (connection != null) {
					connection.close();
				}				
			} catch (SQLException e) {
				// TODO Auto-generated catch block
				e.printStackTrace();
			}
		}
		
	}
	/**
	 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		// TODO Auto-generated method stub
		doGet(request, response);
	}
}

main.jspsession

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
		<title>用户管理</title>
		<style type="text/css">
			input {
				padding: 5px;
			}
		</style>
	</head>
	<body>
		<p>欢迎回来 <%=session.getAttribute("username") %></p>
		<div>
			<form action="logout" method="post">
				<input type="submit" name="logout" id="logout" value="退出登陆"/>
			</form>			
		</div>
	</body>
</html>

logout.java

package cn.iborder.admin;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
 * Servlet implementation class Logout
 */
@WebServlet("/logout")
public class Logout extends HttpServlet {
	private static final long serialVersionUID = 1L;
       
    /**
     * @see HttpServlet#HttpServlet()
     */
    public Logout() {
        super();
        // TODO Auto-generated constructor stub
    }
	/**
	 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		// TODO Auto-generated method stub
		request.setCharacterEncoding("UTF-8");
		response.setContentType("text/html;charset=UTF-8");
		
		HttpSession session = request.getSession();
		PrintWriter out = response.getWriter();
		
		session.removeAttribute("username");
		out.println("退出登陆成功。。。<br/>");
		out.println("即将跳转到登陆界面。。。<br/>");
		out.println("<script type='text/javascript'>setTimeout(window.location.href = '/prj8-3/login.jsp', 15000);</script>");
	}
	/**
	 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		// TODO Auto-generated method stub
		doGet(request, response);
	}
}

loginfilter.java

package cn.iborder.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
 * Servlet Filter implementation class loginfilter
 */
@WebFilter(filterName="loginfilter",urlPatterns="/main.jsp")
public class loginfilter implements Filter {
    /**
     * Default constructor. 
     */
    public loginfilter() {
        // TODO Auto-generated constructor stub
    }
	/**
	 * @see Filter#destroy()
	 */
	public void destroy() {
		// TODO Auto-generated method stub
	}
	/**
	 * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
	 */
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
		// TODO Auto-generated method stub
		// place your code here
		System.out.println("-----------------filter-----------------");
		HttpServletRequest newRequest = (HttpServletRequest) request;
		HttpServletResponse newResponse = (HttpServletResponse) response;
		HttpSession session = newRequest.getSession();
		System.out.println(session.getAttribute("username"));
		if(session.getAttribute("username") != null){
			chain.doFilter(request, response);
		} else {
			session.setAttribute("loginerror", "1");
			newResponse.sendRedirect("login.jsp");
		}
		// pass the request along the filter chain	
	}
	/**
	 * @see Filter#init(FilterConfig)
	 */
	public void init(FilterConfig fConfig) throws ServletException {
		// TODO Auto-generated method stub
	}
}