1.使浏览器不缓存页面的过滤器:
有 3 个 HTTP 响应头字段都可以禁止浏览器缓存当前页面,它们在 Servlet 中的示例代码如下:
response.setDateHeader("Expires",-1);
response.setHeader("Cache-Control","no-cache");
response.setHeader("Pragma","no-cache");
并不是所有的浏览器都能完全支持上面的三个响应头,因此最好是同时使用上面的三个响应头
a.jsp
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <a href="b.html">TO BBB PAGE</a> <br><br> <img alt="" src="Hydrangeas.jpg"> </body> </html>
b.jsp
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <a href="a.html">TO AAA PAGE</a> <br><br> </body> </html>
NoCacheFilter
package com.aff.filter.cache; import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.aff.filter.HttpFilter; public class NoCacheFilter extends HttpFilter { @Override public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { response.setDateHeader("Expires",-1); response.setHeader("Cache-Control","no-cache"); response.setHeader("Pragma","no-cache"); chain.doFilter(request, response); } }
目录
2.字符编码的过滤器
通过配置参数encoding指明使用何种字符编码,以处理Html Form请求参数的中文问题
编写一个 EncodingFilter
①. 读取 web.xml 文件中配置的当前 WEB 应用的初始化参数 encoding
②. 指定请求的字符编码为 1 读取到的编码
③. 调用 chain.doFilter() 方法 "放行" 请求
request.setCharacterEncoding("UTF-8");
a.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <form action="b.jsp" method="post"> name: <input type="text" name="name"/> <input type="submit" value="Submit"/> </form> </body> </html>
b.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <%-- //编写一个 EncodingFilter //1. 读取 web.xml 文件中配置的当前 WEB 应用的初始化参数 encoding //2. 指定请求的字符编码为 1 读取到的编码 //3. 调用 chain.doFilter() 方法 "放行" 请求 request.setCharacterEncoding("UTF-8"); --%> Hello: ${param.name } </body> </html>
EncodingFilter
package com.aff.filter.encoding; import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.aff.filter.HttpFilter; public class EncodingFilter extends HttpFilter { private String encoding; @Override protected void init() { encoding = getFilterConfig().getServletContext().getInitParameter("encoding"); } @Override public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { request.setCharacterEncoding(encoding); chain.doFilter(request, response); } }
web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1"> <context-param> <param-name>password</param-name> <param-value>123456</param-value> </context-param> <context-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </context-param> <filter> <filter-name>EncodingFilter</filter-name> <filter-class>com.aff.filter.encoding.EncodingFilter</filter-class> </filter> <filter-mapping> <filter-name>EncodingFilter</filter-name> <url-pattern>/encoding/*</url-pattern> </filter-mapping> </web-app>
目录
3.检测用户是否登陆的过滤器:
情景:系统中的某些页面只有在正常登陆后才可以使用,用户请求这些页面时要检查 session 中有无该用户信息,
但在所有必要的页面加上session的判断相当麻烦的事情
解决方案:编写一个用于检测用户是否登陆的过滤器,如果用户未登录,则重定向到指的登录页面
要求:需检查的在 Session 中保存的关键字;
如果用户未登录,需重定向到指定的页面(URL不包括 ContextPath);
不做检查的URL列表(以分号分开,并且 URL 中不包括 ContextPath)都要采取可配置的方式
list.jsp
<body> <a href="a.jsp">AAA</a> <br><br> <a href="b.jsp">BBB</a> <br><br> <a href="c.jsp">CCC</a> <br><br> <a href="d.jsp">DDD</a> <br><br> <a href="e.jsp">EEE</a> </body>
a.jsp
<body> <h4>AAA PAGE</h4> <a href="list.jsp">Return...</a> </body>
b.jsp
<body> <%-- //检验用户是否登录. 若没有登录, 则直接重定向到 login.jsp Object user = session.getAttribute("user"); if(user == null){ response.sendRedirect("login.jsp"); } --%> <h4>BBB PAGE</h4> <a href="list.jsp">Return...</a> </body>
c.jsp
<body> <%-- //检验用户是否登录. 若没有登录, 则直接重定向到 login.jsp Object user = session.getAttribute("user"); if(user == null){ response.sendRedirect("login.jsp"); } --%> <h4>CCC PAGE</h4> <a href="list.jsp">Return...</a> </body>
d.jsp
<body> <%-- //检验用户是否登录. 若没有登录, 则直接重定向到 login.jsp Object user = session.getAttribute("user"); if(user == null){ response.sendRedirect("login.jsp"); } --%> <h4>DDD PAGE</h4> <a href="list.jsp">Return...</a> </body>
e.jsp
<body> <%-- //检验用户是否登录. 若没有登录, 则直接重定向到 login.jsp Object user = session.getAttribute("user"); if(user == null){ response.sendRedirect("login.jsp"); } --%> <h4>EEE PAGE</h4> <a href="list.jsp">Return...</a> </body>
login.jsp
<body> <form action="doLogin.jsp" method="post"> username: <input type="text" name="username"/> <input type="submit" value="Submit"/> </form> </body>
doLogin.jsp
<body> <% //1. 获取用户的登录信息 String username = request.getParameter("username"); //2. 若登录信息完整, 则把登录信息放到 HttpSession if (username != null && !username.trim().equals("")) { session.setAttribute(application.getInitParameter("userSessionKey"), username); //3. 重定向到 list.jsp response.sendRedirect("list.jsp"); } else { response.sendRedirect("login.jsp"); } %> </body>
web.xml
<!-- 用户信息放入到 session 中的键的名字 --> <context-param> <param-name>userSessionKey</param-name> <param-value>USERSESSIONKEY</param-value> </context-param> <!-- 若未登录, 需重定向的页面 --> <context-param> <param-name>rediretPage</param-name> <param-value>/login/login.jsp</param-value> </context-param> <!-- 不需要拦截(或检查)的 URL 列表 --> <context-param> <param-name>uncheckedUrls</param-name> <param-value>/login/a.jsp,/login/list.jsp,/login/login.jsp,/login/doLogin.jsp,/login/b.jsp</param-value> </context-param>
LoginFilter
package com.aff.filter.login; import java.io.IOException; import java.util.Arrays; import java.util.List; import javax.servlet.FilterChain; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.aff.filter.HttpFilter; public class LoginFilter extends HttpFilter { // 1. 从 web.xml 文件中获取 sessionKey, redirectUrl, uncheckedUrls private String sessionKey; private String redirectUrl; private String unchekcedUrls; @Override protected void init() { ServletContext servletContext = getFilterConfig().getServletContext(); sessionKey = servletContext.getInitParameter("userSessionKey"); redirectUrl = servletContext.getInitParameter("rediretPage"); /// login/a.jsp,/login/list.jsp,/login/login.jsp,/login/doLogin.jsp unchekcedUrls = servletContext.getInitParameter("uncheckedUrls"); } @Override public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { // 1. 获取请求的 servletPath // /login/b.jsp String servletPath = request.getServletPath(); // 2. 检查 1 获取的 servletPath 是否为不需要检查的 URL 中的一个, 若是, 则直接放行. 方法结束 List<String> urls = Arrays.asList(unchekcedUrls.split(",")); if (urls.contains(servletPath)) { filterChain.doFilter(request, response); return; } // 3. 从 session 中获取 sessionKey 对应的值, 若值不存在, 则重定向到 redirectUrl Object user = request.getSession().getAttribute(sessionKey); if (user == null) { response.sendRedirect(request.getContextPath() + redirectUrl); return; } // 4. 若存在, 则放行, 允许访问. filterChain.doFilter(request, response); } }
目录
