Filter可以认为是一种Servlet的加强版,有如下作用:
- 在HttpServletRequest到达Servlet之前将其拦截
- 检查或修改HttpServletRequest头和数据
- 在HttpServletResponse到达客户端之前将其拦截
- 检查或修改HttpServletResponse头和数据
创建Filter######
实现看java.servlet.Filter接口,该接口定义了3个方法
- void init(FilterConfig config):完成Filter初始化
- void destory() :Filter销毁前回收资源
- void doFilter(ServletRequest request, ServletResponse response, FilterChain chain): 实现过滤功能,即对每个请求和响应增加的额外处理
例如下面这个日志Filter,它拦截所有用户请求并输出日志
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
@WebFilter(filterName = "log", urlPatterns = "/*")
public class LogFilter implements Filter{
//FilterConfig可用于访问Filter的配置信息
private FilterConfig config;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
this.config = config;
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
//对用户请求进行预处理
//获取ServletContext对象 ,用于记录日志
ServletContext context = this.config.getServletContext();
long before = System.currentTimeMillis();
System.out.println("开始过滤...");
//将请求转换成HttpServletRequest请求
HttpServletRequest hrequest = (HttpServletRequest)servletRequest;
//输出提示信息
System.out.println("Filter截取请求的地址:" + hrequest.getServletPath());
//将请求放行到目的地址
filterChain.doFilter(servletRequest,servletResponse);
//对服务器响应做后处理
long after = System.currentTimeMillis();
System.out.println("过滤结束。");
System.out.println("请求被定位到" + hrequest.getRequestURI() + " 花费时间 " + (after - before));
}
@Override
public void destroy() {
this.config = null;
}
}
在执行chain.doFilter()之前的对用户请求进行预处理,执行chain.doFilter()之后就是对服务器响应进行后处理,chain.doFilter()是分水岭。
配置Filter######
与Servlet类似,Filter既可以通过@WebFilter注释配置,也可以在web.xml中配置
Filter的实际应用######
doFilter()通常是从多个Servlet的service()方法中提取相同代码,提高代码复用性。
下面的Filter将设置request的编码字符集(避免每个JSP和Servlet都要设置一次),并验证用户是否登录,否则跳转到登录页
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.annotation.WebInitParam;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.io.IOException;
/**
* 1.设置request编码的字符集,避免每个JSP和Servlet都要设置
* 2.验证用户是否登录,如果没有登录,则跳转到登录页面
*/
@WebFilter(filterName = "aythorrity", urlPatterns = {"/*"}, initParams = {
@WebInitParam(name="encoding", value="GBK"),
@WebInitParam(name="loginPage", value="/login.jsp"),
@WebInitParam(name="proLogin", value="/proLogin.jsp")})
public class AuthorityFilter implements Filter{
//FilterConfig可用于访问Filter的配置信息
private FilterConfig config;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
this.config = config;
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
//获取配置参数
String encoding = config.getInitParameter("encoding");
String loginPage = config.getInitParameter("loginPage");
String proLogin = config.getInitParameter("proLogin");
//设置request编码的字符集
servletRequest.setCharacterEncoding(encoding);
HttpServletRequest httpServletRequest = (HttpServletRequest)servletRequest;
HttpSession session = httpServletRequest.getSession(true);
//获取客户请求的页面
String requestPath = httpServletRequest.getServletPath();
//如果session范围的user为null,则表示未登录
//如果用户请求的既不是登录页面,也不是处理登录的页面
if (session.getAttribute("user") == null && !requestPath.endsWith(loginPage) && !requestPath.endsWith(proLogin)){
//forward到登录页面
servletRequest.setAttribute("tip","还未登陆");
servletRequest.getRequestDispatcher(loginPage).forward(servletRequest,servletResponse);
}
//放行请求
else {
filterChain.doFilter(servletRequest,servletResponse);
}
}
@Override
public void destroy() {
this.config = null;
}
}
