作用:对web服务器管理的所有web资源:例如Jsp, Servlet, 静态图片文件或静态 html 文件等进行拦截,从而实现一些特殊的功能。例如实现URL级别的权限访问控制、过滤敏感词汇、压缩响应信息等一些高级功能。
使用方法:
一、做类
建一个实现javax.servlet.Filter接口的类
在doFilter()方法中编写过滤逻辑
二、做配置
在web.xml中配置<filter>和<filter-mapping>元素
实例一:
验证页面是否登录,没登录跳转到登录页面。
1.建一个实现javax.servlet.Filter接口的类
2.在doFilter()方法中编写过滤逻辑
import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; import javax.servlet.*; import javax.servlet.http.*; public class StateFilter implements Filter { private ArrayList<String> list=new ArrayList<>();//建立一个集合,放可以不必验证身份的页面或action @Override public void destroy() { // TODO 自动生成的方法存根 } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req=(HttpServletRequest) request; HttpServletResponse rep=(HttpServletResponse) response; HttpSession session=req.getSession(); String path1=req.getRequestURI();//长路径 /Demo0213/login.jsp String path2=req.getContextPath();//短路径 /Demo0213 String target=path1.substring(path2.length()); if(list.contains(target)==false){//要请求的不是登录页,需要验证session if(session.getAttribute("user")==null){//没有登陆则跳转到登陆界面 rep.sendRedirect("login.jsp"); }else{ chain.doFilter(req, rep); } }else{ chain.doFilter(req, rep); } } @Override public void init(FilterConfig cfg) throws ServletException { String val=cfg.getInitParameter("allowpage"); //web.xml配置中的init-param的value String[] arr=val.split(",");//用split分开放到数组中 list.addAll(Arrays.asList(arr));//把数组放到集合里 } }
3.在web.xml中配置<filter>和<filter-mapping>元素
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1"> <display-name>Demo0213_guolvqi</display-name> <filter> <filter-name>loginfilter</filter-name><!-- 自定义名字,跟下文要一致 --> <filter-class>am.StateFilter</filter-class><!-- 过滤器的包名和类名 --> <init-param> <param-name>allowpage</param-name><!--在过滤器类中的 init(FilterConfig arg0)方法调用,获取下面的value值--> <param-value>/login.jsp,/login,/register.jsp,/register</param-value> </init-param> </filter> <filter-mapping> <filter-name>loginfilter</filter-name><!-- 自定义名字,跟上文要一致 --> <url-pattern>/*</url-pattern><!--要过滤的页面/*代表全部--> </filter-mapping> <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>index.jsp</welcome-file> <welcome-file>default.html</welcome-file> <welcome-file>default.htm</welcome-file> <welcome-file>default.jsp</welcome-file> </welcome-file-list> </web-app>
3.运行没有登录的页面,就会跳转到登录页面。
实例二:
过滤敏感词,替换成***
2.在doFilter()方法中编写过滤逻辑,需要用内部类自己定义一request
package com.itnba.maya.filter; import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; import javax.servlet.http.HttpServletResponse; public class Filter implements javax.servlet.Filter { private ArrayList<String> list =new ArrayList<>(); @Override public void destroy() { // TODO 自动生成的方法存根 } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req=(HttpServletRequest) request; HttpServletResponse res=(HttpServletResponse) response; HttpServletRequest mreq=new MyRequest(req); //向下一个链条放行,不能用原来的request; chain.doFilter(mreq, res); } @Override public void init(FilterConfig arg0) throws ServletException { //把敏感词放到集合里 String val=arg0.getInitParameter("minganci"); String[] ss = val.split(","); list.addAll(Arrays.asList(ss)); } //内部类,自己定义request class MyRequest extends HttpServletRequestWrapper{ private HttpServletRequest request; public MyRequest(HttpServletRequest request) { super(request); this.request=request; } @Override //重写getParameter public String getParameter(String name) { //获取提交内容 String txt=this.request.getParameter("txt"); //改集合里的敏感词 for(String s:list){ txt=txt.replaceAll(s, "***"); } return txt; } } }
3.在web.xml中配置<filter>和<filter-mapping>元素
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1"> <filter> <filter-name>Filter</filter-name> <filter-class>com.itnba.maya.filter.Filter</filter-class><!--过滤器类的包名和类名--> <init-param> <param-name>minganci</param-name><!--在过滤器类中的 init(FilterConfig arg0)方法调用,获取下面的value值--> <param-value>sb,cnm,tmd</param-value> </init-param> </filter> <filter-mapping> <filter-name>Filter</filter-name> <url-pattern>/*</url-pattern><!--要过滤的页面/*代表全部--> </filter-mapping> <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>index.jsp</welcome-file> </welcome-file-list> </web-app>
jsp页面
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Insert title here</title> </head> <body> <form action="test.jsp" method="post"> <textarea name="txt" rows="5" cols="10"> sbdfdsfscnmdfdsfsdtmdfdsfsdfcnmsbtmd </textarea> <input type="submit" value="提交"> </form> </body> </html>
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>Insert title here</title> </head> <body> ${param.txt } </body> </html>
敏感词汇都变成了***
参考:http://www.cnblogs.com/hq233/p/6395041.html