资源描述
第四次课(Filter)
一. 什么是Filter
过滤器是用于过滤Servlet的请求和响应,过滤器是在客户端和Servlet之间。当客户端请求某一个Servlet
的时候,请求会先进入Filter的doFilter(),开始处理,处理完成以后,调用chain.doFilter(request, response)
把request,response继续传递,让请求继续往下走,进入Servlet,在Servlet处理完成以后,又重回Filter的
doFilter(),执行chain.doFilter(request, response)下面的语句,完成以后,响应给客户端.
注意:Filter不会产生request和response对象,只是对request和response的值进行修改,起到一个过滤的
request
作用
原理图:
客户端
service()
servlet
doFilter()
filter
doFilter()
response
二. 测试Filter和servlet的生命周期
(1)写一个MyServlet(实现Servlet接口),实现destroy() ,init(),service()和构造方法
(2)写一个MyFilter(实现Filte接口),实现destroy() ,init(),doFilter()和构造方法
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException{
System.out.println("过滤之前");
//进到过滤,开始处理,处理完成以后,让请求继续往下走,进入Servlet
chain.doFilter(request, response);
//在Servlet完成以后,又重回过滤器响应给客户端
System.out.println("过滤之后");
}
(3) web.xml配置
<servlet>
<servlet-name>MyServlet</servlet-name>
<servlet-class>com.accp.servlet.MyServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>MyServlet</servlet-name>
<url-pattern>/MyServlet</url-pattern>
</servlet-mapping>
<filter>
<!--过滤器的类 -->
<filter-name>MyFilter</filter-name>
<filter-class>com.accp.filter.MyFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>MyFilter</filter-name>
<!-- 表示只过滤MyServlet这一个servlet,其他Servlet不管 -->
<servlet-name>MyServlet</servlet-name>
<!-- 表示所有的请求都被过滤-->
<url-pattern>/*</url-pattern>
</filter-mapping>
注意:filter是服务器启动就产生了,并且进行初始化,而servlet一定是有了请求才会出生和初 始化,从打印的结果可以看到请求先进入filter,回去的时候又从过滤器经过.
当服务器重启或者关闭,servlet先死,filter后死
二. Filter应用
(1).解决中文乱码问题(request和response)
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)req;
HttpServletResponse response = (HttpServletResponse)res;
if(request.getMethod().equalsIgnoreCase("post")){
request.setCharacterEncoding("gb18030");
}else{
Enumeration enum = request.getParameterNames();
while(enum.hasMoreElements()){
String key = (String)enum.nextElement();
String[] values = request.getParameterValues(key);
for(int i=0;i<values.length;i++){
values[i]=newString(values[i].getBytes("iso8859-1"),"gb18030");
}
}
}
//必须写在过滤之前,写在之后就会失效
response.setContentType("text/html;charset=gb18030");
chain.doFilter(request, response);
}
(2) .解决权限问题
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)req;
HttpServletResponse response = (HttpServletResponse)resp;
//得到session的值
String role = (String)request.getSession().getAttribute("role");
//拿到项目的路径,相当于"/项目名"
System.out.println("-------------"+request.getContextPath());
if(role==null || !role.equals("admin")){
response.sendRedirect(request.getContextPath()+"/error.jsp");
}
chain.doFilter(request, response);
}
<filter>
<filter-name>AdminFilter</filter-name>
<filter-class>com.accp.filter.AdminFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AdminFilter</filter-name>
<!-- 注意路径-->
<url-pattern>/admin/*</url-pattern>
</filter-mapping>
(3)过滤掉非法文字
a.准备一个str.properties文件,把要过滤掉的字符,准备在里面
\u738b\u516b=***
\u65e5\u672c=****
\u6740\u624b=*****
注意这里要转码
\u738b\u516b-->王八
\u65e5\u672c-->日本
\u6740\u624b-->杀手
b.过滤器代码
Properties ps = null;
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)req;
HttpServletResponse response = (HttpServletResponse)resp;
//注意中文乱码的设置
request.setCharacterEncoding("gb18030");
Enumeration enum = request.getParameterNames();
while(enum.hasMoreElements()){
String key = (String)enum.nextElement();
String[] values = request.getParameterValues(key);
for (int i = 0; i < values.length; i++) {
//根据key,从properties中拿到值,如果不为空,则证明一定有非法字符
//然后替换掉
if(ps.get(values[i])!=null){
values[i] = ps.getProperty(values[i]);
}
}
}
chain.doFilter(request, response);
}
//初始化中读取str.properties文件
public void init(FilterConfig filterConfig) throws ServletException {
try {
//读取str.properties文件
InputStream in = filterConfig.getServletContext().getResourceAsStream("/WEB-INF/str.properties");
ps = new Properties();
ps.load(in);//加载配置文件
in.close();
} catch (IOException e) {
e.printStackTrace();
}
}
展开阅读全文
浙ICP备2021020529号-1 | 浙B2-20240490 
