基本概念
1、What-- 过滤器什么?
Java中servlet过滤器是动态拦截请求和响应,以便变换或使用请求和响应中的信息。当客户端请求服务器上的某些资源时,过滤器可以对这些请求进行拦截,先执行过滤器中的一段代码,然后再将请求交给相应的servlet或jsp去处理。
比如我们每次从request对象中读取数据时,都要设置request的字符编码,这时,我们可以将这些频繁使用的公共代码,放在过滤器中,这样在被每个请求处理之前先执行过滤器中的代码。
2、Why--为什么要使用过滤器
因为过滤器将公共代码放入其中,这样可以减少代码的冗余,也便于更新和维护。
3、How--怎样使用过滤器
Servlet过滤器实际上是servlet编程的Java类,我们只要建立一个实现Filter接口的类并指定要拦截的url规则,并重写doFilter()方法就可以了。
一、配置文件web.xml
说明:servlet3.0有了注解(annotation),就不必使用配置文件配置filter和路由的映射了。
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd" id="WebApp_ID" version="4.0"> <display-name>lessons</display-name> <welcome-file-list> <welcome-file>index.jsp</welcome-file> <welcome-file>index.html</welcome-file> </welcome-file-list> <!-- 存储用户信息session的键 --> <context-param> <param-name>userSessionKey</param-name> <param-value>user</param-value> </context-param> <!-- 登录页面 --> <context-param> <param-name>loginPage</param-name> <param-value>/Login.jsp</param-value> </context-param> <filter> <filter-name>LoginFilter</filter-name> <filter-class>com.zyz.util.LoginFilter</filter-class> </filter> <!-- 对/admin/*的请求进行过滤 --> <filter-mapping> <filter-name>LoginFilter</filter-name> <url-pattern>/admin/*</url-pattern> </filter-mapping> </web-app>
二、登录验证过滤器LoginFilter.java
package com.zyz.util; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.zyz.user.User; @WebFilter("/LoginFilter") public class LoginFilter implements Filter { private String userSessionKey;//存储用户的session键名 private String loginPage;//登录页面 public LoginFilter() { } public void destroy() { } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest=(HttpServletRequest)request; HttpServletResponse httpResponse=(HttpServletResponse)response; User user=(User)httpRequest.getSession().getAttribute(userSessionKey); //如果没有登录,或登录的用户角色不是管理员 if(user==null || user.getRole()==0) { String servletPath=httpRequest.getServletPath(); if(servletPath.endsWith(".jsp")) { //session记下当前请求的jsp文件的url,以便登录时跳转至该文件 httpRequest.getSession().setAttribute("url",httpRequest.getContextPath()+servletPath); } //跳转到登录页面 httpResponse.sendRedirect(httpRequest.getContextPath()+loginPage); return; } //如果已经登录,且是角色是管理员,放行。 chain.doFilter(httpRequest, httpResponse); } public void init(FilterConfig fConfig) throws ServletException { ServletContext context=fConfig.getServletContext(); userSessionKey=context.getInitParameter("userSessionKey");//从配置文件web.xml获取该参数 loginPage=context.getInitParameter("loginPage");//从配置文件web.xml获取该参数 } }
三、登录处理LoginHandlerServlet.java
package com.zyz.user; import java.io.IOException; import java.util.Enumeration; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; @WebServlet("/LoginHandlerServlet") public class LoginHandlerServlet extends HttpServlet { private static final long serialVersionUID = 1L; public LoginHandlerServlet() { super(); } protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { this.doPost(request, response); } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); String name = request.getParameter("name"); String password = request.getParameter("password"); if (name!=null && !name.equals("") && password!=null && !password.equals("")) { User u = UserService.getInstance().loginCheck(name, password); if (u == null) { response.getWriter().println("用户名或密码不对,3秒后将跳转<a href='Login.jsp'>登录</a>页面..."); response.setHeader("refresh", "3;url=Login.jsp"); return; } else { HttpSession session=request.getSession(); //跳转前清空所有的session Enumeration<String> em=session.getAttributeNames(); while(em.hasMoreElements()){ String attributeName=em.nextElement(); if(!attributeName.equals("url")) { session.removeAttribute(attributeName); } } session.setAttribute("user", u); String url; if(session.getAttribute("url")!=null){ url=session.getAttribute("url").toString(); }else{ url="index.jsp"; } response.sendRedirect(url); } } } }
四、登录页面Login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <% String name=""; String password=""; Cookie[] cookies=request.getCookies(); for(Cookie c:cookies){ if(c.getName().equals("name")){ name=c.getValue(); } if(c.getName().equals("password")){ password=c.getValue(); } } %> <!doctype html> <html lang="en"> <head> <meta charset="UTF-8"> <title>用户登录</title> <meta name="renderer" content="webkit|ie-comp|ie-stand"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <meta name="viewport" content="width=device-width,user-scalable=yes, minimum-scale=0.4, initial-scale=0.8,target-densitydpi=low-dpi" /> <meta http-equiv="Cache-Control" content="no-siteapp" /> <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" /> <link rel="stylesheet" href="./admin/css/font.css"> <link rel="stylesheet" href="./admin/css/xadmin.css"> <script type="text/javascript" src="https://cdn.bootcss.com/jquery/3.2.1/jquery.min.js"></script> <script src="./lib/layui/layui.js" charset="utf-8"></script> <script type="text/javascript" src="./admin/js/xadmin.js"></script> </head> <body class="login-bg"> <div class="login layui-anim layui-anim-up"> <div class="message">用户登录</div> <div id="darkbannerwrap"></div> <form method="post" class="layui-form" action="LoginHandlerServlet"> <input name="name" placeholder="用户名" type="text" lay-verify="required|username" class="layui-input" value="<%= name %>" > <hr class="hr15"> <input name="password" lay-verify="required|password" placeholder="密码" type="password" class="layui-input" value=<%= password %>> <hr class="hr15"> <input value="登录" lay-submit lay-filter="login" style="100%;" type="submit"> <hr class="hr20" > </form> </div> <script> $(function () { layui.use('form', function(){ var form = layui.form; // layer.msg('玩命卖萌中', function(){ // //关闭后的操作 // }); //监听提交 /* form.on('submit(login)', function(data){ // alert(888) layer.msg(JSON.stringify(data.field),function(){ location.href='index.html' }); return false; }); */ /* form.verify({ 'username':[/w{6,20}/,'用户名必须是6到20位字母、数字或下划线'], 'password':[/w{6,12}/,'密码必须是6到12位字母、数字或下划线'] }) */ }); }) </script> <!-- 底部结束 --> </body> </html>