「这是我参与2022首次更文挑战的第10天,活动详情查看:2022首次更文挑战」
1. Filter:过滤器
通过Filter技术,对web服务器管理的所有web资源:例如Jsp, Servlet, 静态图片文件或静态 html 文件等进行拦截,从而实现一些特殊的功能。例如实现URL级别的权限访问控制、过滤敏感词汇、压缩响应信息等一些高级功能。
Filter的流程:Filter对用户请求进行预处理,接着将请求交给Servlet进行处理并生成响应,最后Filter再对服务器响应进行后处理。
==注意:过滤器是用来拦截请求和响应的,不能产生响应,而servlet是用来处理请求并产生响应的。==
2. Filter开发步骤
-
导包
<dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>4.0.1</version> </dependency> <dependency> <groupId>javax.servlet.jsp</groupId> <artifactId>javax.servlet.jsp-api</artifactId> <version>2.3.3</version> </dependency> <dependency> <groupId>javax.servlet.jsp.jstl</groupId> <artifactId>jstl-api</artifactId> <version>1.2</version> </dependency> <dependency> <groupId>taglibs</groupId> <artifactId>standard</artifactId> <version>1.1.2</version> </dependency> <!--连接数据库--> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.1.47</version> </dependency> -
编写字符集编码过滤器
-
实现类,实现Filter的接口,注意是javax.servlet包下的
-
重写对应的方法
package com.cheng.filter; import javax.servlet.*; import java.io.IOException; public class CharacterEncodingFilter implements Filter { //初始化 web服务器启动,就初始化,随时等待过滤对象的出现 public void init(FilterConfig filterConfig) throws ServletException { System.out.println("CharacterEncodingFilter已经初始化"); } //chain 链 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { request.setCharacterEncoding("utf-8"); response.setCharacterEncoding("utf-8"); response.setContentType("text/html;charset=utf-8"); System.out.println("CharacterEncodingFilter执行前。。。。。。"); chain.doFilter(request,response);//让请求继续往下走,如果不写,程序到这里就会被拦截停止 System.out.println("CharacterEncodingFilter执行后。。。。。。"); } //销毁 web服务器关闭。过滤器销毁 public void destroy() { System.out.println("CharacterEncodingFilter已经销毁"); } } -
注册filter
<!--注册filter--> <filter> <filter-name>CharacterEncodingFilter</filter-name> <filter-class>com.cheng.filter.CharacterEncodingFilter</filter-class> </filter> <filter-mapping> <filter-name>CharacterEncodingFilter</filter-name> <!--只要是/servlet下的任何请求都会经过这个过滤器--> <url-pattern>/servlet/*</url-pattern> </filter-mapping>
测试filter
测试类
package com.cheng.servlet; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; public class ShowServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { //请求的时候有乱码 resp.getWriter().write("万里顾一程"); } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { doGet(req, resp); } }注册servlet
<servlet> <servlet-name>ShowServlet</servlet-name> <servlet-class>com.cheng.servlet.ShowServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>ShowServlet</servlet-name> <!--第一条路径,会经过filter--> <url-pattern>/servlet/show</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>ShowServlet</servlet-name> <!--第二条路径,不会经过filter--> <url-pattern>/show</url-pattern> </servlet-mapping>启动服务器测试:
经过过滤器
-
未经过过滤器
3. Filter实现权限拦截
用户登录界面login.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<form action="/servlet/login" method="post">
用户名<input type="text" name="username">
<input type="submit" value="登录">
</form>
</body>
</html>
登录用的Servlet,LoginServlet
package com.cheng.servlet;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class LoginServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
//获取前端请求的参数
String username = req.getParameter("username");
if (username.equals("admin")){//登陆成功
//在session里面保存一个数据,
req.getSession().setAttribute("USER_SESSION",req.getSession().getId());
resp.sendRedirect("/sys/success.jsp");//重定向
}else{ //登录失败
resp.sendRedirect("/error.jsp");
}
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
注销用的Servlet,LogoutServlet
package com.cheng.servlet;
import com.cheng.util.Constant;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class LogoutServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
Object user_session = req.getSession().getAttribute(Constant.USER_SESSION);
if (user_session!=null){//如果user_session不为空,这说明处于登录状态
req.getSession().removeAttribute("USER_SESSION");//移除这个数据,sessionID就被移除了
resp.sendRedirect("/login.jsp");//重新回到登录页面
}
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req, resp);
}
}
注册servlet
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>com.cheng.servlet.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/servlet/login</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>LogoutServlet</servlet-name>
<servlet-class>com.cheng.servlet.LogoutServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LogoutServlet</servlet-name>
<url-pattern>/servlet/logout</url-pattern>
</servlet-mapping>
用户主页面(登录成功后的页面)success.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<h1>欢迎来到主页面</h1>
<p><a href="/servlet/logout">注销</a></p>
</body>
</html>
登录错误页面error.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<h1>错误页面</h1>
<p>错误情况:用户名,密码错误或权限不足</p>
</body>
</html>
过滤器Filter,保证只能通过登录的方式进入主页面
package com.cheng.filter;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class SysFilter implements Filter {
public void init(FilterConfig filterConfig) throws ServletException {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
//ServletRequest转化为HttpServletRequest,通过HttpServletRequest才能拿到session
HttpServletRequest request1 = (HttpServletRequest) request;
HttpServletResponse response1 = (HttpServletResponse) response;
Object user_session = request1.getSession().getAttribute("USER_SESSION");
if (user_session==null){//如果USER_SESSION里的值为空,则重定向到错误页面,不能再进入用户主页面
response1.sendRedirect("/error.jsp");
}
chain.doFilter(request,response);
}
public void destroy() {
}
}
注册过滤器
<filter>
<filter-name>SysFilter</filter-name>
<filter-class>com.cheng.filter.SysFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SysFilter</filter-name>
<url-pattern>/sys/*</url-pattern>
</filter-mapping>
启动服务器测试
1.通过登录界面登录到主页,输入admin
-
登陆成功
-
如果输入的不是admin,则登录失败
2.注销页面,在主页面点击注销,自动返回登录页面
3.尝试在登录页面直接访问主页面,结果直接返回到错误页面,说明权限拦截成功
4. session监听器
监听器就是一个实现特定接口(接口有N中)的普通java程序,这个程序专门用于监听另一个java对象的方法调用或属性改变,当被监听对象发生上述事件后,监听器某个方法将立即被执行。
实现在线人数监听器
实现类,实现了session监听器的接口,重写方法
package com.cheng.listener;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
public class OnlineCountListener implements HttpSessionListener {
//创建session的监听
//一旦创建一个session就会触发一次下面的事件
public void sessionCreated(HttpSessionEvent se) {
//HttpSessionEvent代表触发事件的对象
HttpSession session = se.getSession();
ServletContext servletContext = session.getServletContext();//获得上下文
System.out.println(se.getSession().getId());
//设置在线人数
Integer onlineCount = (Integer) servletContext.getAttribute("OnlineCount");
//判断,当在线人数为0时,让在线人数为1
if (onlineCount==null){
onlineCount = new Integer(1);
}else{//当在线人数不为0时,count+1
int count = onlineCount.intValue();
onlineCount = new Integer(count+1);
}
servletContext.setAttribute("OnlineCount",onlineCount);
}
//销毁session的监听
//一旦销毁一个session就会触发一次下面的事件
public void sessionDestroyed(HttpSessionEvent se) {
HttpSession session = se.getSession();
ServletContext servletContext = session.getServletContext();//获得上下文
Integer onlineCount = (Integer) servletContext.getAttribute("OnlineCount");
if (onlineCount==null){
onlineCount = new Integer(0);
}else{
int count = onlineCount.intValue();
onlineCount = new Integer(count-1);
}
servletContext.setAttribute("OnlineCount",onlineCount);
}
}
注册监听器
<!--注册监听器-->
<listener>
<listener-class>com.cheng.listener.OnlineCountListener</listener-class>
</listener>
访问的页面
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>$Title$</title>
</head>
<body>
<h1>当前有<span style="color:blue"><%= this.getServletConfig().getServletContext().getAttribute("OnlineCount")%></span>人在线</h1>
</body>
</html>
启动服务器测试,每打开一个浏览器访问该页面,在线人数就+1
