Filter過濾器API
Servlet過濾器API包含了3個接口,它們都在javax.servlet包中,分別是Filter接口、FilterChain接口和FilterConfig接口。
Filter接口(源碼)
public interface Filter { public void init(FilterConfig filterConfig) throws ServletException; public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException; public void destroy();}
所有的過濾器都必須實現Filter接口。該接口定義了init,doFilter0,destory()三個方法:
(1)init(FilterConfig filterConfig)
在web應用程序啟動時,web服務器將根據 web.xml文件中的配置信息來創建每個注冊的Filter實例對象,并將其保存在服務器的內存中。Web容器創建Filter對象實例后,將立即調用該Filter對象的init方法。Init方法在Filter生命周期中僅執行一次,web容器在調用init方法時,會傳遞一個包含Filter的配置和運行環境的FilterConfig對象(FilterConfig的用法和ServletConfig類似)。利用FilterConfig對象可以得到ServletContext對象,以及部署描述符中配置的過濾器的初始化參數。
(2)doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
doFilter()方法類似于Servlet接口的service()方法。當客戶端請求目標資源的時候,容器就會調用與這個目標資源相關聯的過濾器的 doFilter()方法。其中參數 request, response 為 web 容器或 Filter 鏈的上一個 Filter 傳遞過來的請求和相應對象;參數 chain 為代表當前 Filter 鏈的對象,在特定的操作完成后,可以在當前 Filter 對象的 doFilter 方法內部需要調用 FilterChain 對象的 chain.doFilter(request,response)方法才能把請求交付給 Filter 鏈中的下一個 Filter 或者目標 Servlet 程序去處理,也可以直接向客戶端返回響應信息,或者利用RequestDispatcher的forward()和include()方法,以及 HttpServletResponse的sendRedirect()方法將請求轉向到其他資源。這個方法的請求和響應參數的類型是 ServletRequest和ServletResponse,也就是說,過濾器的使用并不依賴于具體的協議。
(3)public void destroy()
在Web容器卸載 Filter 對象之前被調用。該方法在Filter的生命周期中僅執行一次。在這個方法中,可以釋放過濾器使用的資源。
FilterChain接口(源碼)
public interface FilterChain { public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException;}
(1)doFilter(ServletRequest request,ServletResponse response)
此方法是由Servlet容器提供給開發者的,用于對資源請求過濾鏈的依次調用,通過FilterChain調用過濾鏈中的下一個過濾 器,如果是最后一個過濾器,則下一個就調用目標資源。
FilterConfig接口(源碼) FilterConfig接口檢索過濾器名、初始化參數以及活動的Servlet上下文。
public interface FilterConfig { //返回web.xml部署文件中定義的該過濾器的名稱 public String getFilterName(); //返回調用者所處的servlet上下文 public ServletContext getServletContext(); //返回過濾器初始化參數值的字符串形式,當參數不存在時,返回nul1.name是初始化參數名 public String getInitParameter(String name); //以Enumeration形式返回過濾器所有初始化參數值,如果沒有初始化參數,返回為空 public Enumeration getInitParameterNames();}
了解了Filter的基本概念和源碼,下面具體使用下Filter過濾器來實現登錄過濾。
需求:訪問A頁面(登錄后才能訪問的頁面)-->未登錄-->跳轉到登錄頁面-->登陸成功后,跳轉到A頁面
自定義HttpFilter
import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;/** * HttpFilter */public abstract class HttpFilter implements Filter{ //保存filterConfig對象 PRivate FilterConfig filterConfig; /** * 直接返回filterConfig對象 * @return */ public FilterConfig getFilterConfig() { return filterConfig; } /** * 不建議子類直接覆蓋,若直接失敗,將可能導致filterConfig成員變量初始化失敗 */ @Override public void init(FilterConfig filterConfig) throws ServletException { this.filterConfig = filterConfig; init(); } /** * 供子類繼承的初始化方法,刻通過getFilterConfig()方法獲得filterConfig對象 */ private void init() {} /** * 原生的doFilter方法,在方法內部把ServletRequest和ServletResponse轉化化為了HttpServletRequest和HttpServletResponse, * 并調用了doFilter(HttpServletRequest request, HttpServletResponse response,FilterChain filterChain)方法 */ @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; doFilter(request, response, filterChain); } /** * 抽象方法,為http請求定制,必須實現的方法 * @param request * @param response * @param filterChain * @throws IOException * @throws ServletException */ public abstract void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException; @Override public void destroy() {}}
web.xml配置CommonFilter
<filter> <filter-name>commonFilter</filter-name> <filter-class>com.gcx.emall.Filter.CommonFilter</filter-class> </filter> <filter-mapping> <filter-name>commonFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
登錄過濾器CommonFilter
import java.io.IOException;import javax.servlet.FilterChain;import javax.servlet.ServletException;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.slf4j.Logger;import org.slf4j.LoggerFactory;public class CommonFilter extends HttpFilter { private final Logger log = LoggerFactory.getLogger(CommonFilter.class); @Override public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { log.info("==============攔截get請求================"); if ("GET".equalsIgnoreCase(request.getMethod())) { RequestUtil.saveRequest(request); } String requestUri = request.getRequestURI(); String contextPath = request.getContextPath(); String url = requestUri.substring(contextPath.length()); if ("/login".equals(url)) { filterChain.doFilter(request, response); return; } else { String username = (String) request.getsession().getAttribute("user"); if (username == null) { log.info("被攔截:跳轉到login頁面!"); request.getRequestDispatcher("/page/index1.jsp").forward(request, response); } else filterChain.doFilter(request, response); } }}
RequestUtil 保存、獲取request并加密請求頁面
public class RequestUtil { private static final Logger logger = LoggerFactory.getLogger(RequestUtil.class); private static final Base64 base64 = new Base64(true); public static final String LAST_PAGE = "lastPage";//未登錄時訪問的頁面 public static final String REDIRECT_HOME = "/";//未登錄時跳轉到首頁 public static final String LOGIN_HOME = "/index.jsp";//登錄成功后進入的頁面 /** * 保存當前請求 */ public static void saveRequest(HttpServletRequest request) { request.getSession().setAttribute(LAST_PAGE, RequestUtil.hashRequestPage(request)); logger.debug("被攔截的url的sessionID:{}", request.getSession().getId()); logger.debug("save request for {}", request.getRequestURI()); } /** * 加密請求頁面 * @param request * @return */ public static String hashRequestPage(HttpServletRequest request) { String reqUri = request.getRequestURI(); String query = request.getQueryString(); if (query != null) { reqUri += "?" + query; } String targetPage = null; try { targetPage = base64.encodeAsString(reqUri.getBytes("UTF-8")); } catch (UnsupportedEncodingException ex) { //this does not happen } return targetPage; } /** * 取出之前保存的請求 * @return */ public static String retrieveSavedRequest(HttpServletRequest request) { HttpSession session = request.getSession(); if (session == null) { return REDIRECT_HOME; } String HashedlastPage = (String) session.getAttribute(LAST_PAGE); if (HashedlastPage == null) { return LOGIN_HOME; } else { return retrieve(HashedlastPage); } } /** * 解密請求的頁面 * @param targetPage * @return */ public static String retrieve(String targetPage) { byte[] decode = base64.decode(targetPage); try { String requestUri = new String(decode, "UTF-8"); int i = requestUri.indexOf("/", 1); return requestUri.substring(i); } catch (UnsupportedEncodingException ex) { //this does not happen return null; } }}
LoginCOntroller
@RequestMapping(value = "/hello",method = RequestMethod.GET)
public String testHello( String test) {
log.info("執行了Hello方法!");
return "loginSuccess";
}
@RequestMapping(value = "/login",method = RequestMethod.POST) public String login(HttpServletRequest request,String userName,String passWord){ log.info("執行了login方法!"); password = DigestUtils.md5Hex(password); User user = userService.findUser(userName,password); if(user!=null){ request.getSession().setAttribute("userId", user.getId()); request.getSession().setAttribute("user", userName); return "redirect:" + RequestUtil.retrieveSavedRequest(request);//跳轉至訪問頁面 }else{ log.info("用戶不存在"); request.getSession().setAttribute("message", "用戶名不存在,請重新登錄"); return "index"; } }
最后需要幾個jsp頁面login.jsp,index.jsp(首頁面,任何人都能訪問的),loginSuccess.jsp,還需要在controller中加上一個測試testHello方法用于滿足之前說的需求。
注意事項:我們過濾的是所有請求,但對于靜態資源CSS,js,image我們應該不攔截,對其放行。我們可以在web.xml中進行指定
<!-- 不攔截靜態文件 --> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>/js/*</url-pattern> <url-pattern>/css/*</url-pattern> <url-pattern>/image/*</url-pattern> <url-pattern>/fonts/*</url-pattern> </servlet-mapping>
寫在后面:本來想把Filter和SpringMVC的interceptor攔截器一起寫總結了,但感覺篇幅有些長打算下篇在介紹。
新聞熱點
疑難解答
