2.过滤器

1. 什么是过滤器

过滤器是一个运行在服务器端的程序，先于与之相关的servlet或JSP页面之前运行实现对请求资源的过滤的功能；

过滤器可附加到一个或多个servlet或jsp页面上，可以检查请求信息也可以处理相应信息；

filter的基本功能是对Servlet容器调用Servlet的过程进行拦截，从而在Servlet执行前后实现一些特殊的功能。

如图，浏览器发出的请求先递交给第一个filter进行过滤，符合规则则放行，递交给filter链中的下一个过滤器进行过滤。过滤器在链中的顺序与它在web.xml中配置的顺序有关，配置在前的则位于链的前端。当请求通过了链中所有过滤器后就可以访问资源文件了，如果不能通过，则可能在中间某个过滤器中被处理掉。

在doFilter（）方法中，chain.doFilter()前的一般是对request执行的过滤操作，chain.doFilter后面的代码一般是对response执行的操作。过滤链代码的执行顺序如下：

 过滤器一般用于登录权限验证、资源访问权限控制、敏感词汇过滤、字符编码转换等等操作，便于代码重用，不必每个servlet中还要进行相应的操作。

2. 过滤器的编写流程

• 实现类，需要实现接口javax.servlet.Filter；

package com.eagle.web;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class ServletFilter extends HttpServlet {

    private static final long serialVersionUID = 1L;

    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        String name = (String) request.getAttribute("name");
        System.out.println("servlet获取request域中的name属性="+name);
        response.getWriter().write("hello haohao...name="+name);
    }

    public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        doGet(request, response);
    }
}

package com.eagle.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

public class Demo1Filter implements Filter {

    public Demo1Filter() {

    }

    public void init(FilterConfig fConfig) throws ServletException {

    }

    public void destroy() {

    }

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        request.setAttribute("name", "filter");
        System.out.println("servlet之前进行调用，设置request域的name属性为filter");
        chain.doFilter(request, response);
    }
}

• 配置，在web.xml使用<filter>和<filter-mapping>进行配置。

<filter>
    <display-name>Demo1Filter</display-name>
    <filter-name>Demo1Filter</filter-name>
    <filter-class>com.eagle.filter.Demo1Filter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>Demo1Filter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

3. 配置web.xml详解

<filter>
　　<filter-name>loginFilter</filter-name>　　　　　　　　　　//过滤器名称
　　<filter-class>com.x.control.loginFilter</filter-class> 　　    //过滤器类的包路径
　　<init—param> 　　　　　　　　　　　　　　　　　　　　   //可选
　　　　<param—name>参数名</param-name>　　　　　　    //过滤器初始化参数
　　　　<param-value>参数值</param-value>
　　</init—pamm>
</filter>

<filter-mapping>　　　　　　　　　　　　　　　　　　　　　//过滤器映射
　　<filter-name>loginFilter</filter-name>
　　<url-pattern>指定过滤器作用的对象</url-pattern>

</filter-mapping>

在配置中需要注意的有两处：

• 一是<filter-class>指明过滤器类所在的包路径。
• 二是<url-pattren>处定义过滤器作用的对象。一般有以下规则：

    1：作用于所有web资源：<url—pattern>/*</url-pattern>。则客户端请求访问任意资源文件时都要经过过滤器过滤，通过则访问文件，否则拦截。

    2：作用于某一文件夹下所有文件：<url—pattern>/dir/*</url-pattern>

    3：作用于某一种类型的文件：<url—pattern>*.扩展名</url-pattern>。比如<url—pattern>*.jsp</url-pattern>过滤所有对jsp文件的访问请求。

    4：作用于某一文件夹下某一类型文件：<url—pattern>/dir/*.扩展名</url-pattern>

    如果一个过滤器需要过滤多种文件，则可以配置多个<filter-mapping>，一个mapping定义一个url-pattern来定义过滤规则。

4. 过滤器实现设置字符编码问题

• 编写测试jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="${ pageContext.request.contextPath }/Login" method="post">
    <table border="0px">
        <tr>
            <td>用户名：</td>
            <td><input type="text" name="username" id="username" placeholder="请输入用户名" /></td>
        </tr>
        <tr>
            <td>密码：</td>
            <td><input type="password" name="password" id="password" placeholder="请输入密码" /></td>
        </tr>
        <tr>
            <td colspan="2"><input type="submit" value="提交" /></td>
        </tr>
    </table>
</form>
</body>
</html>

• 编写测试servlet

package cn.eagle.web;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class Login extends HttpServlet {

    private static final long serialVersionUID = 1L;

    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        
        String username = request.getParameter("username");
        String password = request.getParameter("password");
        System.out.println("username="+username+";password"+password);
        response.getWriter().write("hello haohao..."+"username="+username+";password"+password+"张三");
    }

    public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        doGet(request, response);
    }
}

• 编写filter

package cn.eagle.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

public class MyRequestCharacterFilter implements Filter {

    public MyRequestCharacterFilter() {

    }

    public void init(FilterConfig fConfig) throws ServletException {

    }

    public void destroy() {

    }

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        request.setCharacterEncoding("utf-8");
        response.setCharacterEncoding("utf-8");
        response.setContentType("text/html;charset=utf-8");
        chain.doFilter(request, response);
    }
}

• web.xml配置filter

  <filter>
    <display-name>MyRequestCharacterFilter</display-name>
    <filter-name>MyRequestCharacterFilter</filter-name>
    <filter-class>cn.eagle.filter.MyRequestCharacterFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>MyRequestCharacterFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

5. 解决post和get方式乱码问题

• 编写自己的request类，该类实现HttpServletRequestWrapper，并重写getParameter()方法；

package cn.eagle.domain;

import java.io.UnsupportedEncodingException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

public class MyRequest extends HttpServletRequestWrapper {

    public MyRequest(HttpServletRequest request) {
        super(request);

    }

    @Override
    public String getParameter(String name) {

        String value = super.getParameter(name);
        try {
            if ("GET".equalsIgnoreCase(this.getMethod())) {
                value = new String(value.getBytes("ISO8859-1"), "UTF-8");
            }
        } catch (Exception e) {
            throw new RuntimeException();
        }
        return value;
    }

}

• 编写filter，传递自己的request对象；

package cn.eagle.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.eagle.domain.MyRequest;

public class EncodingFilter implements Filter {

    public EncodingFilter() {

    }

    public void init(FilterConfig fConfig) throws ServletException {

    }

    public void destroy() {

    }

    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) resp;
        // 设置编码
        request.setCharacterEncoding("utf-8");
        response.setCharacterEncoding("utf-8");
        response.setContentType("text/html;charset=utf-8");
        // 创建自定义request
        MyRequest myRequest = new MyRequest(request);
        chain.doFilter(myRequest, response);
    }
}

• 编写servlet进行测试。

package cn.eagle.web;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class Encoding extends HttpServlet {

    private static final long serialVersionUID = 1L;

    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        String username = request.getParameter("username");
        System.out.println(username);
        response.getWriter().write("hello haohao..."+username);
    }

    public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        doGet(request, response);
    }
}