一个过滤器是一个可以传送请求或者修改相应的对象。
过滤器并不是Servlet,它们并不实际创建一个请求。它们是请求到达一个Servlet前的预处理程序,在相应离开Servlet后的后处理程序。
一个过滤器能够做如下的工作:
(1)在一个servlet被调用前截获该调用
(2)在一个servlet被调用前检查请求
(3)修改在实际请求中提供了可定制请求对象的请求头和请求数据
(4)修改在实际响应中提供了可定制响应对象的响应头和响应数据
(5)在一个servlet被调用之后截获该调用
一个过滤器实现java.servlet.Filter接口
init: 在过滤器执行service前被调用,以设置过滤器的配置对象
destroy: 在过滤器执行service后被调用
doFilter: 执行实际的过滤工作
下面给个例子,使用这个过滤器来计算执行某个servlet所用时间并记录在日志内:
1. import java.io.*;
2. import javax.servlet.*;
3. import.servlet.http.*;
4. //实现一个过滤器
5. public class TimerFilter implements Filter{
6. private FilterConfig config = null;
7.
8. public void init(FilterConfig config) throws ServletException{
9. this.config = config;
10. }
11. public void destroy(){
12. null;
13. }
14. public void doFilter(ServletRequest request,ServletResponse response,FilterChain chain)throws IOException,ServletException{
15. long before = System.currentTimeMillis();
16. chain.doFilter(request,response);
17. long after = System.currentTimeMillis();
18. "";
19. if(request instanceof HttpServletRequset){
20. name = ((HttpServletRequest)request).getRequestURI();
21. }
22. //记录时间
23. ": "+(after-before) + "ms");
24. }
25. }
使用此过滤器,还需要在web.xml文件中用<filter>标签部署它
<filter>
<filter-name>timerFilter</filter-name>
<filter-class>TimerFilter</filter-class>
</filter>
1. 一、使浏览器不缓存页面的过滤器
2. import javax.servlet.*;
3. import javax.servlet.http.HttpServletResponse;
4. import java.io.IOException;
5.
6. /**
7. * 用于的使 Browser 不缓存页面的过滤器
8. */
9. public class ForceNoCacheFilter implements Filter {
10.
11. public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException
12. {
13. "Cache-Control","no-cache");
14. "Pragma","no-cache");
15. "Expires", -1);
16. filterChain.doFilter(request, response);
17. }
18.
19. public void destroy()
20. {
21. }
22.
23. public void init(FilterConfig filterConfig) throws ServletException
24. {
25. }
26. }
2.
3. 二、检测用户是否登陆的过滤器
4.
5. import javax.servlet.*;
6. import javax.servlet.http.HttpServletRequest;
7. import javax.servlet.http.HttpServletResponse;
8. import javax.servlet.http.HttpSession;
9. import java.util.List;
10. import java.util.ArrayList;
11. import java.util.StringTokenizer;
12. import java.io.IOException;
13.
14. /**
15. * 用于检测用户是否登陆的过滤器,如果未登录,则重定向到指的登录页面
16.
17.
18. * 配置参数
19.
20.
21. * checkSessionKey 需检查的在 Session 中保存的关键字
22.
23. * redirectURL 如果用户未登录,则重定向到指定的页面,URL不包括 ContextPath
24.
25. * notCheckURLList 不做检查的URL列表,以分号分开,并且 URL 中不包括 ContextPath
26.
27. */
28. public class CheckLoginFilter
29. implements Filter
30. {
31. protected FilterConfig filterConfig = null;
32. private String redirectURL = null;
33. private List notCheckURLList = new ArrayList();
34. private String sessionKey = null;
35.
36. public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException
37. {
38. HttpServletRequest request = (HttpServletRequest) servletRequest;
39. HttpServletResponse response = (HttpServletResponse) servletResponse;
40.
41. HttpSession session = request.getSession();
42. if(sessionKey == null)
43. {
44. filterChain.doFilter(request, response);
45. return;
46. }
47. if((!checkRequestURIIntNotFilterList(request)) && session.getAttribute(sessionKey) == null)
48. {
49. response.sendRedirect(request.getContextPath() + redirectURL);
50. return;
51. }
52. filterChain.doFilter(servletRequest, servletResponse);
53. }
54.
55. public void destroy()
56. {
57. notCheckURLList.clear();
58. }
59.
60. private boolean checkRequestURIIntNotFilterList(HttpServletRequest request)
61. {
62. null ? "" : request.getPathInfo());
63. return notCheckURLList.contains(uri);
64. }
65.
66. public void init(FilterConfig filterConfig) throws ServletException
67. {
68. this.filterConfig = filterConfig;
69. "redirectURL");
70. "checkSessionKey");
71.
72. "notCheckURLList");
73.
74. if(notCheckURLListStr != null)
75. {
76. new StringTokenizer(notCheckURLListStr, ";");
77. notCheckURLList.clear();
78. while(st.hasMoreTokens())
79. {
80. notCheckURLList.add(st.nextToken());
81. }
82. }
83. }
84. }
85.
86. 三、字符编码的过滤器
87.
88. import javax.servlet.*;
89. import java.io.IOException;
90.
91. /**
92. * 用于设置 HTTP 请求字符编码的过滤器,通过过滤器参数encoding指明使用何种字符编码,用于处理Html Form请求参数的中文问题
93. */
94. public class CharacterEncodingFilter
95. implements Filter
96. {
97. protected FilterConfig filterConfig = null;
98. protected String encoding = "";
99.
100. public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException
101. {
102. if(encoding != null)
103. servletRequest.setCharacterEncoding(encoding);
104. filterChain.doFilter(servletRequest, servletResponse);
105. }
106.
107. public void destroy()
108. {
109. null;
110. null;
111. }
112.
113. public void init(FilterConfig filterConfig) throws ServletException
114. {
115. this.filterConfig = filterConfig;
116. this.encoding = filterConfig.getInitParameter("encoding");
117.
118. }
119. }
120.
121. 四、资源保护过滤器
122.
123.
124. package catalog.view.util;
125.
126. import javax.servlet.Filter;
127. import javax.servlet.FilterConfig;
128. import javax.servlet.ServletRequest;
129. import javax.servlet.ServletResponse;
130. import javax.servlet.FilterChain;
131. import javax.servlet.ServletException;
132. import javax.servlet.http.HttpServletRequest;
133. import java.io.IOException;
134. import java.util.Iterator;
135. import java.util.Set;
136. import java.util.HashSet;
137. //
138. import org.apache.commons.logging.Log;
139. import org.apache.commons.logging.LogFactory;
140.
141. /**
142. * This Filter class handle the security of the application.
143. *
144. * It should be configured inside the web.xml.
145. *
146. * @author Derek Y. Shen
147. */
148. public class SecurityFilter implements Filter {
149. //the login page uri
150. private static final String LOGIN_PAGE_URI = "login.jsf";
151.
152. //the logger object
153. private Log logger = LogFactory.getLog(this.getClass());
154.
155. //a set of restricted resources
156. private Set restrictedResources;
157.
158. /**
159. * Initializes the Filter.
160. */
161. public void init(FilterConfig filterConfig) throws ServletException {
162. this.restrictedResources = new HashSet();
163. this.restrictedResources.add("/createProduct.jsf");
164. this.restrictedResources.add("/editProduct.jsf");
165. this.restrictedResources.add("/productList.jsf");
166. }
167.
168. /**
169. * Standard doFilter object.
170. */
171. public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
172. throws IOException, ServletException {
173. this.logger.debug("doFilter");
174.
175. String contextPath = ((HttpServletRequest)req).getContextPath();
176. String requestUri = ((HttpServletRequest)req).getRequestURI();
177.
178. this.logger.debug("contextPath = " + contextPath);
179. this.logger.debug("requestUri = " + requestUri);
180.
181. if (this.contains(requestUri, contextPath) && !this.authorize((HttpServletRequest)req)) {
182. this.logger.debug("authorization failed");
183. ((HttpServletRequest)req).getRequestDispatcher(LOGIN_PAGE_URI).forward(req, res);
184. }
185. else {
186. this.logger.debug("authorization succeeded");
187. chain.doFilter(req, res);
188. }
189. }
190.
191. public void destroy() {}
192.
193. private boolean contains(String value, String contextPath) {
194. this.restrictedResources.iterator();
195.
196. while (ite.hasNext()) {
197. String restrictedResource = (String)ite.next();
198.
199. if ((contextPath + restrictedResource).equalsIgnoreCase(value)) {
200. return true;
201. }
202. }
203.
204. return false;
205. }
206.
207. private boolean authorize(HttpServletRequest req) {
208.
209. //处理用户登录
210. /* UserBean user = (UserBean)req.getSession().getAttribute(BeanNames.USER_BEAN);
211.
212. if (user != null && user.getLoggedIn()) {
213. //user logged in
214. return true;
215. }
216. else {
217. return false;
218. }*/
219. }
220. }
过滤器并不是Servlet,它们并不实际创建一个请求。它们是请求到达一个Servlet前的预处理程序,在相应离开Servlet后的后处理程序。
一个过滤器能够做如下的工作:
(1)在一个servlet被调用前截获该调用
(2)在一个servlet被调用前检查请求
(3)修改在实际请求中提供了可定制请求对象的请求头和请求数据
(4)修改在实际响应中提供了可定制响应对象的响应头和响应数据
(5)在一个servlet被调用之后截获该调用
一个过滤器实现java.servlet.Filter接口
init: 在过滤器执行service前被调用,以设置过滤器的配置对象
destroy: 在过滤器执行service后被调用
doFilter: 执行实际的过滤工作
下面给个例子,使用这个过滤器来计算执行某个servlet所用时间并记录在日志内:
1. import java.io.*;
2. import javax.servlet.*;
3. import.servlet.http.*;
4. //实现一个过滤器
5. public class TimerFilter implements Filter{
6. private FilterConfig config = null;
7.
8. public void init(FilterConfig config) throws ServletException{
9. this.config = config;
10. }
11. public void destroy(){
12. null;
13. }
14. public void doFilter(ServletRequest request,ServletResponse response,FilterChain chain)throws IOException,ServletException{
15. long before = System.currentTimeMillis();
16. chain.doFilter(request,response);
17. long after = System.currentTimeMillis();
18. "";
19. if(request instanceof HttpServletRequset){
20. name = ((HttpServletRequest)request).getRequestURI();
21. }
22. //记录时间
23. ": "+(after-before) + "ms");
24. }
25. }
使用此过滤器,还需要在web.xml文件中用<filter>标签部署它
<filter>
<filter-name>timerFilter</filter-name>
<filter-class>TimerFilter</filter-class>
</filter>
1. 一、使浏览器不缓存页面的过滤器
2. import javax.servlet.*;
3. import javax.servlet.http.HttpServletResponse;
4. import java.io.IOException;
5.
6. /**
7. * 用于的使 Browser 不缓存页面的过滤器
8. */
9. public class ForceNoCacheFilter implements Filter {
10.
11. public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException
12. {
13. "Cache-Control","no-cache");
14. "Pragma","no-cache");
15. "Expires", -1);
16. filterChain.doFilter(request, response);
17. }
18.
19. public void destroy()
20. {
21. }
22.
23. public void init(FilterConfig filterConfig) throws ServletException
24. {
25. }
26. }
27.
28. 二、检测用户是否登陆的过滤器
29.
30. import javax.servlet.*;
31. import javax.servlet.http.HttpServletRequest;
32. import javax.servlet.http.HttpServletResponse;
33. import javax.servlet.http.HttpSession;
34. import java.util.List;
35. import java.util.ArrayList;
36. import java.util.StringTokenizer;
37. import java.io.IOException;
38.
39. /**
40. * 用于检测用户是否登陆的过滤器,如果未登录,则重定向到指的登录页面
41.
42.
43. * 配置参数
44.
45.
46. * checkSessionKey 需检查的在 Session 中保存的关键字
47.
48. * redirectURL 如果用户未登录,则重定向到指定的页面,URL不包括 ContextPath
49.
50. * notCheckURLList 不做检查的URL列表,以分号分开,并且 URL 中不包括 ContextPath
51.
52. */
53. public class CheckLoginFilter
54. implements Filter
55. {
56. protected FilterConfig filterConfig = null;
57. private String redirectURL = null;
58. private List notCheckURLList = new ArrayList();
59. private String sessionKey = null;
60.
61. public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException
62. {
63. HttpServletRequest request = (HttpServletRequest) servletRequest;
64. HttpServletResponse response = (HttpServletResponse) servletResponse;
65.
66. HttpSession session = request.getSession();
67. if(sessionKey == null)
68. {
69. filterChain.doFilter(request, response);
70. return;
71. }
72. if((!checkRequestURIIntNotFilterList(request)) && session.getAttribute(sessionKey) == null)
73. {
74. response.sendRedirect(request.getContextPath() + redirectURL);
75. return;
76. }
77. filterChain.doFilter(servletRequest, servletResponse);
78. }
79.
80. public void destroy()
81. {
82. notCheckURLList.clear();
83. }
84.
85. private boolean checkRequestURIIntNotFilterList(HttpServletRequest request)
86. {
87. null ? "" : request.getPathInfo());
88. return notCheckURLList.contains(uri);
89. }
90.
91. public void init(FilterConfig filterConfig) throws ServletException
92. {
93. this.filterConfig = filterConfig;
94. "redirectURL");
95. "checkSessionKey");
96.
97. "notCheckURLList");
98.
99. if(notCheckURLListStr != null)
100. {
101. new StringTokenizer(notCheckURLListStr, ";");
102. notCheckURLList.clear();
103. while(st.hasMoreTokens())
104. {
105. notCheckURLList.add(st.nextToken());
106. }
107. }
108. }
109. }
110.
111. 三、字符编码的过滤器
112.
113. import javax.servlet.*;
114. import java.io.IOException;
115.
116. /**
117. * 用于设置 HTTP 请求字符编码的过滤器,通过过滤器参数encoding指明使用何种字符编码,用于处理Html Form请求参数的中文问题
118. */
119. public class CharacterEncodingFilter
120. implements Filter
121. {
122. protected FilterConfig filterConfig = null;
123. protected String encoding = "";
124.
125. public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException
126. {
127. if(encoding != null)
128. servletRequest.setCharacterEncoding(encoding);
129. filterChain.doFilter(servletRequest, servletResponse);
130. }
131.
132. public void destroy()
133. {
134. null;
135. null;
136. }
137.
138. public void init(FilterConfig filterConfig) throws ServletException
139. {
140. this.filterConfig = filterConfig;
141. this.encoding = filterConfig.getInitParameter("encoding");
142.
143. }
144. }
145.
146. 四、资源保护过滤器
147.
148.
149. package catalog.view.util;
150.
151. import javax.servlet.Filter;
152. import javax.servlet.FilterConfig;
153. import javax.servlet.ServletRequest;
154. import javax.servlet.ServletResponse;
155. import javax.servlet.FilterChain;
156. import javax.servlet.ServletException;
157. import javax.servlet.http.HttpServletRequest;
158. import java.io.IOException;
159. import java.util.Iterator;
160. import java.util.Set;
161. import java.util.HashSet;
162. //
163. import org.apache.commons.logging.Log;
164. import org.apache.commons.logging.LogFactory;
165.
166. /**
167. * This Filter class handle the security of the application.
168. *
169. * It should be configured inside the web.xml.
170. *
171. * @author Derek Y. Shen
172. */
173. public class SecurityFilter implements Filter {
174. //the login page uri
175. private static final String LOGIN_PAGE_URI = "login.jsf";
176.
177. //the logger object
178. private Log logger = LogFactory.getLog(this.getClass());
179.
180. //a set of restricted resources
181. private Set restrictedResources;
182.
183. /**
184. * Initializes the Filter.
185. */
186. public void init(FilterConfig filterConfig) throws ServletException {
187. this.restrictedResources = new HashSet();
188. this.restrictedResources.add("/createProduct.jsf");
189. this.restrictedResources.add("/editProduct.jsf");
190. this.restrictedResources.add("/productList.jsf");
191. }
192.
193. /**
194. * Standard doFilter object.
195. */
196. public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
197. throws IOException, ServletException {
198. this.logger.debug("doFilter");
199.
200. String contextPath = ((HttpServletRequest)req).getContextPath();
201. String requestUri = ((HttpServletRequest)req).getRequestURI();
202.
203. this.logger.debug("contextPath = " + contextPath);
204. this.logger.debug("requestUri = " + requestUri);
205.
206. if (this.contains(requestUri, contextPath) && !this.authorize((HttpServletRequest)req)) {
207. this.logger.debug("authorization failed");
208. ((HttpServletRequest)req).getRequestDispatcher(LOGIN_PAGE_URI).forward(req, res);
209. }
210. else {
211. this.logger.debug("authorization succeeded");
212. chain.doFilter(req, res);
213. }
214. }
215.
216. public void destroy() {}
217.
218. private boolean contains(String value, String contextPath) {
219. this.restrictedResources.iterator();
220.
221. while (ite.hasNext()) {
222. String restrictedResource = (String)ite.next();
223.
224. if ((contextPath + restrictedResource).equalsIgnoreCase(value)) {
225. return true;
226. }
227. }
228.
229. return false;
230. }
231.
232. private boolean authorize(HttpServletRequest req) {
233.
234. //处理用户登录
235. /* UserBean user = (UserBean)req.getSession().getAttribute(BeanNames.USER_BEAN);
236.
237. if (user != null && user.getLoggedIn()) {
238. //user logged in
239. return true;
240. }
241. else {
242. return false;
243. }*/
244. }
245. }