首页 博客列表 精选博客 智能问答 chat-GPT 关于我
Filter
发布日期:2021-07-12 08:49:23 浏览次数:8 分类:技术文章

本文共 28833 字,大约阅读时间需要 96 分钟。

1.什么是Filter

① JavaWeb的一个重要组件,可以对发送到Servlet的请求进行拦截,并对响应也进行拦截。

② Filter是实现了Filter接口的Java类

③ Filter 需要在web.xml文件中进行配置和映射

2.如何创建一个Filter,并跑起来

①.创建一个Filter类:实现Filter接口:public class MyFilter implements Filter 

②.在web.xml文件中配置并映射该Filter

 

         
             
      
       firstFilter
              
      
       com.java.testFilter.MyFilter
          
         
         
             
      
       firstFilter
              
      
       /test.jsp

3.Filter的API

Filter接口:

@Override

public void destroy() 

释放当前Filter 所占用的资源的方法.在Filter被销毁之前调用,且只被调用一次.   

@Override

public void doFilter(ServletRequest arg0, ServletResponse arg1,
FilterChain filterChain) throws IOException, ServletException 

真正Filter的逻辑代码需要写在该方法中.每次拦截都会调用该方法.

*FilterChain : Filter链,多个Filter可以构成一个Filter链. 

                      filterChain.doFilter(ServletRequest arg0, ServletResponse arg1) 把请求传给Filter链的下一个

        Filter,若当前Filter是Filter链的最后一个Filter,将把请求给到目标Servlet(或JSP)

*多个Filter的拦截顺序和<filter-mapping>的配置顺序有关,靠前的先被调用.

@Override

public void init(FilterConfig arg0) throws ServletException {
System.out.println("init...");
}

//类似于Servlet的init方法.在创建Filter对象(Filter对象被web应用加载时立即被调用,

  且只被调用一次.该方法对于当前的Filter进行初始化操作.Filter实例是单例的)

*FilterConfig 类似于 ServletConfig

*可以在web.xml文件中配置当前Filter 的初始化参数.配置方式也和Servlet类似.

         
             
      
       firstFilter
              
      
       com.java.testFilter.MyFilter
              
                  
       
        name
                   
       
        java

 

*与开发Servlet不同的是,Filter 接口并没有相应的实现类可以继承,要开发过滤器只能实现接口 

同一个web.xml文件中可以为同一个Filter设置多个映射    

example:

一个登陆界面

${message }    
    
     
              UserName:
              
      
        Password :

 

两个过滤器

package com.java.testFilter;import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;/** * 拦截/hello.jsp,如果username 不是Tom 则转发到login.jsp,否则放行 */public class UserNameFilter implements Filter {    public UserNameFilter() {    }    public void destroy() {    }    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {        String initUser = filterConfig.getInitParameter("username");        String username = request.getParameter("username");        if(!initUser.equals(username)){            request.setAttribute("message", "用户名错误!");            request.getRequestDispatcher("/login.jsp").forward(request, response);            return;        }        chain.doFilter(request, response);    }        private FilterConfig filterConfig;    public void init(FilterConfig fConfig) throws ServletException {        this.filterConfig = fConfig;    }}
package com.java.testFilter;import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletContext;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;/** * 若密码不是1234,则把请求给login.jsp,否则给目标页面 */public class PasswordFilter implements Filter {    public PasswordFilter() {        // TODO Auto-generated constructor stub    }    public void destroy() {        // TODO Auto-generated method stub    }    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {        ServletContext servletContext = filterConfig.getServletContext();        String initPass = servletContext.getInitParameter("password");        String password = request.getParameter("password");        if(!initPass.equals(password)){            request.setAttribute("message", "密码错误!");            request.getRequestDispatcher("/login.jsp").forward(request, response);            return;        }        chain.doFilter(request, response);    }    /**     * @see Filter#init(FilterConfig)     */    private FilterConfig filterConfig;    public void init(FilterConfig fConfig) throws ServletException {        this.filterConfig = fConfig;    }}

 

web.xml配置

         
      
       password
          
      
       1234
        
     
         
      
       UserNameFilter
          
      
       UserNameFilter
          
      
       com.java.testFilter.UserNameFilter
          
            
       
        username
             
       
        Tom
           
        
       
         
      
       UserNameFilter
          
      
       /hello.jsp
        
       
         
      
       PasswordFilter
          
      
       PasswordFilter
          
      
       com.java.testFilter.PasswordFilter
        
       
         
      
       PasswordFilter
          
      
       /hello.jsp
        
       
         
          
      
       TestServlet2
          
      
       TestServlet2
          
      
       com.java.testFilter.TestServlet2
        
       
         
      
       TestServlet2
          
      
       /TestServlet2

 

hello.jsp

Hello Page
    Hello:${param.username }

 

 写一个HttpFilter类 实现Filter

1 package com.java.testFilter; 2  3 import java.io.IOException; 4  5 import javax.servlet.Filter; 6 import javax.servlet.FilterChain; 7 import javax.servlet.FilterConfig; 8 import javax.servlet.ServletException; 9 import javax.servlet.ServletRequest;10 import javax.servlet.ServletResponse;11 import javax.servlet.http.HttpServletRequest;12 import javax.servlet.http.HttpServletResponse;13 14 public abstract class HttpFilter implements Filter{15 16     @Override17     public void destroy() {18     }19 20     @Override21     public void doFilter(ServletRequest arg0, ServletResponse arg1,22             FilterChain filterChain) throws IOException, ServletException {23         HttpServletRequest request = (HttpServletRequest)arg0;24         HttpServletResponse response = (HttpServletResponse)arg1;25         doFilter(request,response,filterChain);26     }27     28     public abstract void doFilter(HttpServletRequest request,HttpServletResponse response,29             FilterChain filterChain);30 31     private FilterConfig filterConfig;32     @Override33     public void init(FilterConfig arg0) throws ServletException {34         this.filterConfig = arg0;35         init();36     }37 38     protected void init() {39     }40 }

下次写Filter可以直接继承HttpFiter

 

** 多个Filter 的代码执行顺序 理解Filter链

前边的例子 login.jsp --> hello.jsp  通过两个过滤器 UserNameFilter.java , PasswordFilter.java

在过滤器前后分别加上标记

1 public class UserNameFilter implements Filter { 2  3     public UserNameFilter() { 4     } 5  6     public void destroy() { 7     } 8  9     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {10         String initUser = filterConfig.getInitParameter("username");11         String username = request.getParameter("username");12         if(!initUser.equals(username)){13             request.setAttribute("message", "用户名错误!");14             request.getRequestDispatcher("/login.jsp").forward(request, response);15             return;16         }17         System.out.println("1...");18         chain.doFilter(request, response);19         System.out.println("2...");20     }21     22     private FilterConfig filterConfig;23     public void init(FilterConfig fConfig) throws ServletException {24         this.filterConfig = fConfig;25     }26 27 }
1 public class PasswordFilter implements Filter { 2  3     public PasswordFilter() { 4         // TODO Auto-generated constructor stub 5     } 6  7     public void destroy() { 8         // TODO Auto-generated method stub 9     }10 11     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {12         ServletContext servletContext = filterConfig.getServletContext();13         String initPass = servletContext.getInitParameter("password");14         String password = request.getParameter("password");15         if(!initPass.equals(password)){16             request.setAttribute("message", "密码错误!");17             request.getRequestDispatcher("/login.jsp").forward(request, response);18             return;19         }20         System.out.println("3...");21         chain.doFilter(request, response);22         System.out.println("4...");23     }24 25     /**26      * @see Filter#init(FilterConfig)27      */28     private FilterConfig filterConfig;29     public void init(FilterConfig fConfig) throws ServletException {30         this.filterConfig = fConfig;31     }32 33 }

hello.jsp 页面

1 <%@ page language="java" contentType="text/html; charset=UTF-8" 2     pageEncoding="UTF-8"%> 3  4  5  6 
      7 Insert title here 8  9 10 11     
Hello Page
12     Hello:${param.username }13     <%14         System.out.println("5...");15     %>16 17

执行后控制台输出为

1...3...5...4...2...

chain.doFilter()是放行当前过滤器,交给下个过滤器处理

 

**<dispatcher>节点  指定过滤器所拦截资源被Servlet容器调用的方式

可以是 REQUEST(直接请求的方式,包括GET或POST),INCLUDE,FORWARD(请求转发的方式),ERROR

 <filter-mapping>

  <dispatcher>

</filter-mapping>

 
一个跳转test.jsp的页面,通过过滤器
  
Test
public class MyFilter implements Filter {        @Override    public void destroy() {        System.out.println("destroy...");    }    @Override    public void doFilter(ServletRequest arg0, ServletResponse arg1,            FilterChain arg2) throws IOException, ServletException {        System.out.println("doFilter...");    }    @Override    public void init(FilterConfig arg0) throws ServletException {        System.out.println("init...");    }}
          
       
        firstFilter
           
       
        com.java.testFilter.MyFilter
           
             
        
         name
              
        
         java
            
         
        
          
       
        firstFilter
           
       
        /test.jsp

在<filter-mapping>中如果不配置<dispatcher>,默认是请求的方式,即get或post的方式,直接请求

若修改页面为

index.jsp

Test

dispatcher.jsp

则拦截器会不起作用,如果需要拦截转发的方式,需要配置

  
          
       
        firstFilter
           
       
        /test.jsp
           
       
        FORWARD

配置<dispatcher>FORWARD</dispatcher>后,默认的请求方式会无法拦截,若需同时起作用需啊哟两个同时配置

          
       
        firstFilter
           
       
        /test.jsp
           
       
        FORWARD
           
       
        REQUEST

配置<dispatcher>INCLUDE</dispatcher>道理相同

<dispatcher>ERROR</dispatcher>:

 如果目标资源是通过生命式异常处理机制调用时,那么该过滤器将被调用.除此之外过滤器不会被调用
 
 如果页面报错,有两种方式跳转到 错误页面
1.<%@ page errorPage="test.jsp" %>
指定页面出错后去往test.jsp页面,这种方式不会被默认的过滤器拦截,会被配置了
<dispatcher>FORWARD</dispatcher>拦截到.
 
2.在 web.xml中配置了 
            
       
        java.lang.ArithmeticException
             
       
        /test.jsp

此时需要在过滤器中配置

          
       
        firstFilter
           
       
        /test.jsp
           
       
        FORWARD
           
       
        REQUEST
           
       
        ERROR

才能正确跳转到定义的错误页面

 

应用1:禁用浏览器缓存的过滤器

有3个HTTP响应头字段都可以禁止浏览器缓存当前页面,他们在Servlet中的示例代码如下:

response.setDateHeader("Expires", -1);

response.setHeader("Cache-Control", "no-cache");
response.setHeader("Pragma", "no-cache");

并不是所有浏览器都能完全支持上面的三个响应头,因此最好是同时使用上面的三个响应头

cache目录中有

a.html  ,  b.html    ,  a.jpg,   b.jpg

a.html

<a href="b.html">To BBB Page</a>

<img alt="" src="b.jpg">

b.html

<a href="a.html">To AAA Page</a>

在ie中运行a.html后,修改src="a.jpg",不刷新浏览器再次点击跳转链接时,由于缓存原因,显示的图片

没有刷新过来,在配置 禁用浏览器缓存后可以 可以禁止缓存

public class NoCacheFilter extends HttpFilter {    @Override    public void doFilter(HttpServletRequest request,            HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {        response.setDateHeader("Expires", -1);        response.setHeader("Cache-Control", "no-cache");        response.setHeader("Pragma", "no-cache"); filterChain.doFilter(request, response); } }

其中HttpFilter是自己实现Filter的一个抽象类,为了简便直接使用,在之前已经说过。

            
       
        noCacheFilter
             
       
        com.java.testNoCache.NoCacheFilter
         
        
            
       
        noCacheFilter
             
       
        /cache/*

 

典型应用2:自己写一个字符编码过滤器(虽然Spring已经提供了),为了更好的理解

两个jsp页面跳转时,如果没有字符编码的处理,传递中文会出现乱码问题

login.jsp

      
               Hello:

hello.jsp

Hello:${param.username }

输入中文时会出现乱码:

Hello:è¿æ»¤å¨

------------------------------

第1种做法:之前的做法是在目标页面写一个字符编码处理

<%

request.setCharacterEncoding("UTF-8");
%>

Hello:${param.username }

如果是通过Servlet处理,则这句可以再Servlet里写,若一个工程有100个页面,则这种办法行不通

第二种做法通过过滤器处理:

package com.java.encoding;import java.io.IOException;import javax.servlet.FilterChain;import javax.servlet.ServletException;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse; import com.java.testFilter.HttpFilter; public class EncodingFilter extends HttpFilter { private String encoding; @Override protected void init() { encoding = getFilterConfig().getServletContext().getInitParameter("encoding"); } @Override public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { request.setCharacterEncoding(encoding); filterChain.doFilter(request, response); } }

这里依旧使用之前写的HttpFilter,并且这里从web.xml中获取web应用的初始化参数

web.xml中过滤器的配置

            
       
        encoding
             
       
        UTF-8
         
          
            
       
        encodingFilter
             
       
        com.java.encoding.EncodingFilter
         
        
            
       
        encodingFilter
             
       
        /encoding/*

如果使用Spring,可以直接使用Spring提供的Filter

 

典型应用3:检查用户是否登录的过滤器

需求:系统中的某些页面登录后才能访问,用户请求这些页面时要检查session中有无该用户信息,但在所有的页面上添加session判断太麻烦.

解决方案:写一个检测用户是否登录的过滤器,如果用户未登录,则重定向到指定的登录页面

要求:需检查在Session中保存的关键字、如果用于未登录需重定向到指定的页面、不做检查的URL列表(URL不包括ContextPath)都要采取可配置的方式;

有些页面只用用户登录后才能访问,有些页面用户没有登录不能访问

不用过滤器最直接的做法:

不需要登录可以访问的页面

a.jsp

AAA Page
    
        List Page

需要登录才能访问的页面:(不使用过滤器,所有的目标页面都要做出session的判断)

b.jsp

<%        //检查用户是否登录,若没有登录则重定向到login.jsp        Object user = session.getAttribute("user"); if(null == user){ response.sendRedirect("login.jsp"); } %> 
BBB Page
 
 List Page

登录页面(写的简单) login.jsp

      
               username:

需要将用户信息写入到sesison的处理,简单用jsp代替servlet,  doLogin.jsp

<%        //1.获取用户登录信息        String username = request.getParameter("username"); //2.将用户登录信息写入session session.setAttribute("user", username); //3.重定向到list.jsp response.sendRedirect("list.jsp"); %>

用户访问的首页  list.jsp

AAA    
        BBB    
        CCC    
        DDD    
        EEE

 

使用过滤器

修改b.jsp

<%--        //检查用户是否登录,若没有登录则重定向到login.jsp        Object user = session.getAttribute("user"); if(null == user){ response.sendRedirect("login.jsp"); } --%> 
BBB Page
 
 List Page

LoginFilter.java

package com.java.login;import java.io.IOException;import java.util.Arrays;import java.util.List;import javax.servlet.FilterChain;import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.java.testFilter.HttpFilter; public class LoginFilter extends HttpFilter { private String sessionKey; private String redirectURL; private String uncheckURLs; @Override protected void init() { ServletContext servletContext = getFilterConfig().getServletContext(); sessionKey = servletContext.getInitParameter("sessionKey"); redirectURL = servletContext.getInitParameter("redirectURL"); uncheckURLs = servletContext.getInitParameter("uncheckURLs"); } @Override public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { String requestURL = request.getRequestURL().toString(); String requestURI = request.getRequestURI(); String servletPath1 = request.getServletPath(); System.out.println(requestURL); System.out.println(requestURI); System.out.println(servletPath1); /*http://localhost:8080/testFilter/login/a.jsp /testFilter/login/a.jsp /login/a.jsp*/ //1.获取请求的ServletPath String servletPath = request.getServletPath(); //2.判断uncheckURLs里是否包含ServletPath,若包含,则直接放行,方法结束 List
      
        urls = Arrays.asList(uncheckURLs.split(",")); if(urls.contains(servletPath)){ filterChain.doFilter(request, response); return; } //3.从session中获取sessionKey对应的值,若不存在,则重定向到redirectURL Object user = request.getSession().getAttribute(sessionKey); if(null == user){ response.sendRedirect(request.getContextPath()+redirectURL); return; } //4.若存在,放行  filterChain.doFilter(request, response); } }

web.xml

        
        
            
       
        sessionKey
             
       
        SESSIONKEY
         
        
        
            
       
        redirectURL
             
       
        /login/login.jsp
         
        
        
            
       
        uncheckURLs
             
       
        /login/a.jsp,/login/list.jsp,/login/login.jsp,/login/doLogin.jsp
         
          
        
            
       
        loginFilter
             
       
        com.java.login.LoginFilter
         
        
            
       
        loginFilter
             
       
        /login/*

修改doLogin.jsp

<%        //1.获取用户登录信息        String username = request.getParameter("username"); //3.若登录信息完整重定向到list.jsp if(null != username && !username.trim().equals("")){ //2.将用户登录信息写入session session.setAttribute(application.getInitParameter("sessionKey"), username); response.sendRedirect("list.jsp"); }else{ response.sendRedirect("login.jsp"); } %>

通过测试

 
典型应用4:权限管理及过滤
1.权限管理:
权限管理的页面:authority-manager.jsp
 
 
输入用户名后,提交 即可查看AAA用户的权限
 
authority-manager.jsp 
<%@ page language="java" contentType="text/html; charset=UTF-8"    pageEncoding="UTF-8"%><%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
      Insert title here    
      
        
       
                    name:
                    
                
       
    
      
    
        
      
    
       
                ${requestScope.user.userName }的权限是:        
        
        
        
        
            
                     
                         
                          
                              
            
             
                           
                          
                              
           ${auth.authorityName }
           
           
                
                          
                              
           ${auth.authorityName }

AuthorityServlet.java

package com.java.authority.servlet;import java.io.IOException;import java.lang.reflect.Method;import java.util.List;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import com.java.authority.dao.AuthorityDao;import com.java.authority.entity.Authority;import com.java.authority.entity.User;public class AuthorityServlet extends HttpServlet {    private static final long serialVersionUID = 1L;        AuthorityDao authorityDao = new AuthorityDao();    protected void doPost(HttpServletRequest request,            HttpServletResponse response) throws ServletException, IOException {        String methodName = request.getParameter("method");                try {            Method method = getClass().getMethod(methodName,                    HttpServletRequest.class,HttpServletResponse.class);            method.invoke(this, request,response);        } catch (Exception e) {            e.printStackTrace();        }    }        public void getAuthority(HttpServletRequest request,            HttpServletResponse response) throws ServletException, IOException {        String userName = request.getParameter("userName");        User user = authorityDao.getUser(userName);        request.setAttribute("user", user);                List
      
        authorities = authorityDao.getAuthority();        request.setAttribute("authorities", authorities);                request.getRequestDispatcher("/authority/authority-manager.jsp").forward(request, response);    }        public void updateAuthority(HttpServletRequest request,            HttpServletResponse response) throws IOException{        String userName = request.getParameter("userName");        String [] urls = request.getParameterValues("authorities");        List
       
         auths = authorityDao.getAuthorities(urls);        authorityDao.update(userName, auths);        response.sendRedirect(request.getContextPath()+"/authority/authority-manager.jsp");    }}
这里的两个entity
User.java 
package com.java.authority.entity;import java.util.List;public class User {    private String userName;    private List
      
        authorities;    public String getUserName() {        return userName;    }    public void setUserName(String userName) {        this.userName = userName;    }    public List
       
         getAuthorities() {        return authorities;    }    public void setAuthorities(List
        
          authorities) {        this.authorities = authorities;    }    public User(String userName, List
         
           authorities) {        super();        this.userName = userName;        this.authorities = authorities;    }    public User() {        super();    }}

Authority.java

package com.java.authority.entity;public class Authority {    private String authorityName;    private String url;    public String getAuthorityName() {        return authorityName;    }    public void setAuthorityName(String authorityName) {        this.authorityName = authorityName;    }    public String getUrl() {        return url;    }    public void setUrl(String url) {        this.url = url;    }    public Authority(String authorityName, String url) {        super();        this.authorityName = authorityName;        this.url = url;    }    public Authority() {        super();    }    @Override    public int hashCode() {        final int prime = 31;        int result = 1;        result = prime * result + ((url == null) ? 0 : url.hashCode());        return result;    }    @Override    public boolean equals(Object obj) {        if (this == obj)            return true;        if (obj == null)            return false;        if (getClass() != obj.getClass())            return false;        Authority other = (Authority) obj;        if (url == null) {            if (other.url != null)                return false;        } else if (!url.equals(other.url))            return false;        return true;    }        }

 

这里不连接数据库,数据初始化在AuthorityDao.java里
AuthorityDao.java 
package com.java.authority.dao;import java.util.ArrayList;import java.util.HashMap;import java.util.List;import java.util.Map;import com.java.authority.entity.Authority;import com.java.authority.entity.User;public class AuthorityDao {        private static Map
      
        users;    private static List
       
         authorities;        static{        users = new HashMap<>();        authorities = new ArrayList<>();        authorities.add(new Authority("article-1", "/authority/article-1.jsp"));        authorities.add(new Authority("article-2", "/authority/article-2.jsp"));        authorities.add(new Authority("article-3", "/authority/article-3.jsp"));        authorities.add(new Authority("article-4", "/authority/article-4.jsp"));                users.put("AAA", new User("AAA", authorities.subList(0, 2)));        users.put("BBB", new User("BBB", authorities.subList(2, 4)));    }        public List
        
          getAuthority(){        return authorities;    }        public User getUser(String userName){        return users.get(userName);    }        public void update(String userName,List
         
           authorities){        users.get(userName).setAuthorities(authorities);    }    public List
          
            getAuthorities(String[] urls) {        List
           
             authorities2 = new ArrayList<>(); for(Authority authority : authorities){ for(String url:urls){ if(authority.getUrl().equals(url)){ authorities2.add(authority); } } } return authorities2; }}

servlet 的配置

          
           
       
        AuthorityServlet
           
       
        AuthorityServlet
           
       
        com.java.authority.servlet.AuthorityServlet
         
        
          
       
        AuthorityServlet
           
       
        /authority/authorityServlet

 

 

以上是权限管理,以下是权限的过滤结合权限管理

文件结构目录:

入口login.jsp
 
登录页面直接到LoginServlet.java 
package com.java.authority.servlet;import java.io.IOException;import java.lang.reflect.Method;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import com.java.authority.dao.AuthorityDao;import com.java.authority.entity.User;public class LoginServlet extends HttpServlet {    private static final long serialVersionUID = 1L;    private AuthorityDao authorityDao = new AuthorityDao();        protected void doGet(HttpServletRequest request,            HttpServletResponse response) throws ServletException, IOException {        doPost(request, response);    }    protected void doPost(HttpServletRequest request,            HttpServletResponse response) throws ServletException, IOException {        String methodName = request.getParameter("method");        try {            Method method = getClass().getMethod(methodName,                     HttpServletRequest.class,HttpServletResponse.class);            method.invoke(this,request, response);        } catch (Exception e) {            e.printStackTrace();        }    }        public void login(HttpServletRequest request,            HttpServletResponse response) throws ServletException, IOException {        String username = request.getParameter("username");        User user = authorityDao.getUser(username);        request.getSession().setAttribute("user", user);        //重定向到articles.jsp        response.sendRedirect(request.getContextPath()+"/authority/articles.jsp");            }    public void logout(HttpServletRequest request,            HttpServletResponse response) throws ServletException, IOException {        request.getSession().invalidate();        response.sendRedirect(request.getContextPath()+"/authority/login.jsp");    }}

在Servlet之前会有一个过滤器

AuthorityFilter.java

package com.java.authority;import java.io.IOException;import java.util.Arrays;import java.util.List;import javax.servlet.FilterChain;import javax.servlet.ServletException;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import com.java.authority.entity.Authority;import com.java.authority.entity.User;import com.java.testFilter.HttpFilter;public class AuthorityFilter extends HttpFilter {    @Override    public void doFilter(HttpServletRequest request,            HttpServletResponse response, FilterChain filterChain)            throws IOException, ServletException {        String servletPath = request.getServletPath();        List
      
        uncheckURL = Arrays.asList("/authority/login.jsp", "/authority/logout.jsp",                "/authority/articles.jsp", "/authority/authority-manager.jsp", "/authority/403.jsp");        // 检查不过滤的页面        if (uncheckURL.contains(servletPath)) {            filterChain.doFilter(request, response);            return;        }        User user = (User) request.getSession().getAttribute("user");        //若用户没有登录,重定向到login.jsp        if (user == null) {            response.sendRedirect(request.getContextPath()                    + "/authority/login.jsp");            return;        }        //获取用户拥有的 权限        List
       
         authorities = user.getAuthorities();        //检查用户是否有请求servletPath的权限,遍历以外的方法        Authority authority = new Authority(null, servletPath);        if(authorities.contains(authority)){            filterChain.doFilter(request, response);            return;        }        //没有权限        response.sendRedirect(request.getContextPath()+"/authority/403.jsp");        return;    }}

web.xml配置

          
       
        AuthorityFilter
           
       
        AuthorityFilter
           
       
        com.java.authority.AuthorityFilter
         
        
          
       
        AuthorityFilter
           
       
        *.jsp

 

 
登录后显示所有的链接和页面
有的页面AAA用户可以访问,有的没有权限访问
 
ariticle1-ariticle4.jsp页面类似 
<%@ page language="java" contentType="text/html; charset=UTF-8"    pageEncoding="UTF-8"%>
      Insert title here    
Ariticle-1 Page
    
    返回

403.jsp页面

<%@ page language="java" contentType="text/html; charset=UTF-8"    pageEncoding="UTF-8"%>
      Insert title here    
您没有权限访问,
返回

 

 

典型应用5:论坛中关键字的拦截及过滤(例如 fuck... 等)

可以使用 过滤器+HttpServletRequestWrapper
 
 
 
 
 
 
 
 
 
 
 
 
 
 

转载于:https://www.cnblogs.com/wq3435/p/5194144.html

转载地址:https://blog.csdn.net/ankan7400/article/details/102088945 如侵犯您的版权,请留言回复原文章的地址,我们会给您删除此文章,给您带来不便请您谅解!

上一篇:JSTL
下一篇:oracle数据库开启的时候 是先开监听还是先开主服务,关数据库的时候呢???...

发表评论

最新留言

感谢大佬
[***.8.128.20]2024年04月07日 05时45分17秒

关于作者

    喝酒易醉,品茶养心,人生如梦,品茶悟道,何以解忧?唯有杜康!
-- 愿君每日到此一游!

推荐文章

FD.io/VPP — QoS — DPDK Hqos 2019-04-27
Kubernetes — Kubespray 开箱即用的部署工具 2019-04-27
Ansible — Inventory 清单文件 2019-04-27
CentOS7 通过 YUM 升级 VIM8 2019-04-27
Python3 configparser模块的安装、基础读写ini文件和字典的互转 2019-04-27
A. Donut Shops(分类模拟) 2019-04-27
C. Maximal Intersection(贪心) 2019-04-27
JS简单应用... Jquery 作一个抽奖(老婆)机~ 2019-04-27
CF1457 D. XOR-gun(猜结论题) 2019-04-27
2021牛客寒假算法基础集训营1 红和蓝(二分图染色) 2019-04-27
P3825 [NOI2017] 游戏(构造2-SAT模型) 2019-04-27
Codeforces Round #717 (Div. 2) 1516 D. Cut(区间互质+倍增思想) 2019-04-27
gym/103049/problem G - Great Expectations(期望+二分) 2019-04-27
2019牛客国庆集训派对day2 J.Vertex Cover(思维,组合数学算贡献) 2019-04-27
PyPI的注册与模块发布 2019-04-27
Spring Boot笔记-Java控制台程序及JPA映射Mysql 2019-04-27
Arduino笔记-Rouch Sensor的使用 2019-04-27
Qt文档阅读笔记-构造WebSocket服务端 2019-04-27
Java|C++工作笔记-控制台带参数运行程序 2019-04-27
C++|Java工作笔记-google protobuf基本使用 2019-04-27
白红宇的个人博客 - 记录点点滴滴的事 - 您是第 307310253 位访客
访问时间: 2024-04-23 22:04:29 访问IP: 18.116.63.236     Copyright © 2020 - 2023 blog.css8.cn 京ICP备2021015314号-1 手机版