javaweb中Filter(过滤器)的常见应用
一、统一全站字符编码
通过配置参数charset指明使用何种字符编码,以处理HtmlForm请求参数的中文问题
packageme.gacl.web.filter;
importjava.io.IOException;
importjavax.servlet.Filter;
importjavax.servlet.FilterChain;
importjavax.servlet.FilterConfig;
importjavax.servlet.ServletException;
importjavax.servlet.ServletRequest;
importjavax.servlet.ServletResponse;
importjavax.servlet.http.HttpServletRequest;
importjavax.servlet.http.HttpServletRequestWrapper;
importjavax.servlet.http.HttpServletResponse;
/**
*@ClassName:CharacterEncodingFilter
*@Description:此过滤器用来解决全站中文乱码问题
*/
publicclassCharacterEncodingFilterimplementsFilter{
privateFilterConfigfilterConfig=null;
//设置默认的字符编码
privateStringdefaultCharset="UTF-8";
publicvoiddoFilter(ServletRequestreq,ServletResponseresp,
FilterChainchain)throwsIOException,ServletException{
HttpServletRequestrequest=(HttpServletRequest)req;
HttpServletResponseresponse=(HttpServletResponse)resp;
Stringcharset=filterConfig.getInitParameter("charset");
if(charset==null){
charset=defaultCharset;
}
request.setCharacterEncoding(charset);
response.setCharacterEncoding(charset);
response.setContentType("text/html;charset="+charset);
MyCharacterEncodingRequestrequestWrapper=newMyCharacterEncodingRequest(request);
chain.doFilter(requestWrapper,response);
}
publicvoidinit(FilterConfigfilterConfig)throwsServletException{
//得到过滤器的初始化配置信息
this.filterConfig=filterConfig;
}
publicvoiddestroy(){
}
}
/*
1.实现与被增强对象相同的接口
2、定义一个变量记住被增强对象
3、定义一个构造器,接收被增强对象
4、覆盖需要增强的方法
5、对于不想增强的方法,直接调用被增强对象(目标对象)的方法
*/
classMyCharacterEncodingRequestextendsHttpServletRequestWrapper{
privateHttpServletRequestrequest;
publicMyCharacterEncodingRequest(HttpServletRequestrequest){
super(request);
this.request=request;
}
/*重写getParameter方法
*@seejavax.servlet.ServletRequestWrapper#getParameter(java.lang.String)
*/
@Override
publicStringgetParameter(Stringname){
try{
//获取参数的值
Stringvalue=this.request.getParameter(name);
if(value==null){
returnnull;
}
//如果不是以get方式提交数据的,就直接返回获取到的值
if(!this.request.getMethod().equalsIgnoreCase("get")){
returnvalue;
}else{
//如果是以get方式提交数据的,就对获取到的值进行转码处理
value=newString(value.getBytes("ISO8859-1"),this.request.getCharacterEncoding());
returnvalue;
}
}catch(Exceptione){
thrownewRuntimeException(e);
}
}
}
web.xml文件中的配置如下:
<filter> <filter-name>CharacterEncodingFilter</filter-name> <filter-class>me.gacl.web.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>charset</param-name> <param-value>UTF-8</param-value> </init-param> </filter> <filter-mapping> <filter-name>CharacterEncodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
二、禁止浏览器缓存所有动态页面
有3个HTTP响应头字段都可以禁止浏览器缓存当前页面,它们在Servlet中的示例代码如下:
- response.setDateHeader("Expires",-1);
- response.setHeader("Cache-Control","no-cache");
- response.setHeader("Pragma","no-cache");
并不是所有的浏览器都能完全支持上面的三个响应头,因此最好是同时使用上面的三个响应头。
- Expires数据头:值为GMT时间值,为-1指浏览器不要缓存页面
- Cache-Control响应头有两个常用值:
- no-cache指浏览器不要缓存当前页面。
- max-age:xxx指浏览器缓存页面xxx秒。
packageme.gacl.web.filter;
importjava.io.IOException;
importjavax.servlet.Filter;
importjavax.servlet.FilterChain;
importjavax.servlet.FilterConfig;
importjavax.servlet.ServletException;
importjavax.servlet.ServletRequest;
importjavax.servlet.ServletResponse;
importjavax.servlet.http.HttpServletRequest;
importjavax.servlet.http.HttpServletResponse;
/**
*@ClassName:NoCacheFilter
*@Description:禁止浏览器缓存所有动态页面
*@author:孤傲苍狼
*@date:2014-8-31下午11:25:40
*
*/
publicclassNoCacheFilterimplementsFilter{
publicvoiddoFilter(ServletRequestreq,ServletResponseresp,
FilterChainchain)throwsIOException,ServletException{
//把ServletRequest强转成HttpServletRequest
HttpServletRequestrequest=(HttpServletRequest)req;
//把ServletResponse强转成HttpServletResponse
HttpServletResponseresponse=(HttpServletResponse)resp;
//禁止浏览器缓存所有动态页面
response.setDateHeader("Expires",-1);
response.setHeader("Cache-Control","no-cache");
response.setHeader("Pragma","no-cache");
chain.doFilter(request,response);
}
publicvoidinit(FilterConfigfilterConfig)throwsServletException{
}
publicvoiddestroy(){
}
}
web.xml文件中的配置如下:
<filter> <filter-name>NoCacheFilter</filter-name> <filter-class>me.gacl.web.filter.NoCacheFilter</filter-class> </filter> <filter-mapping> <filter-name>NoCacheFilter</filter-name> <!--只拦截Jsp请求--> <servlet-name>*.jsp</servlet-name> </filter-mapping>
三、控制浏览器缓存页面中的静态资源
有些动态页面中引用了一些图片或css文件以修饰页面效果,这些图片和css文件经常是不变化的,所以为减轻服务器的压力,可以使用filter控制浏览器缓存这些文件,以提升服务器的性能。
packageme.gacl.web.filter;
importjava.io.IOException;
importjavax.servlet.Filter;
importjavax.servlet.FilterChain;
importjavax.servlet.FilterConfig;
importjavax.servlet.ServletException;
importjavax.servlet.ServletRequest;
importjavax.servlet.ServletResponse;
importjavax.servlet.http.HttpServletRequest;
importjavax.servlet.http.HttpServletResponse;
/**
*@ClassName:CacheFilter
*@Description:控制缓存的filter
*/
publicclassCacheFilterimplementsFilter{
privateFilterConfigfilterConfig;
publicvoiddoFilter(ServletRequestreq,ServletResponseresp,
FilterChainchain)throwsIOException,ServletException{
HttpServletRequestrequest=(HttpServletRequest)req;
HttpServletResponseresponse=(HttpServletResponse)resp;
//1.获取用户想访问的资源
Stringuri=request.getRequestURI();
//2.得到用户想访问的资源的后缀名
Stringext=uri.substring(uri.lastIndexOf(".")+1);
//得到资源需要缓存的时间
Stringtime=filterConfig.getInitParameter(ext);
if(time!=null){
longt=Long.parseLong(time)*3600*1000;
//设置缓存
response.setDateHeader("expires",System.currentTimeMillis()+t);
}
chain.doFilter(request,response);
}
publicvoidinit(FilterConfigfilterConfig)throwsServletException{
this.filterConfig=filterConfig;
}
publicvoiddestroy(){
}
}
web.xml文件中的配置如下:
<!--配置缓存过滤器--> <filter> <filter-name>CacheFilter</filter-name> <filter-class>me.gacl.web.filter.CacheFilter</filter-class> <!--配置要缓存的web资源以及缓存时间,以小时为单位--> <init-param> <param-name>css</param-name> <param-value>4</param-value> </init-param> <init-param> <param-name>jpg</param-name> <param-value>1</param-value> </init-param> <init-param> <param-name>js</param-name> <param-value>4</param-value> </init-param> <init-param> <param-name>png</param-name> <param-value>4</param-value> </init-param> </filter> <!--配置要缓存的web资源的后缀--> <filter-mapping> <filter-name>CacheFilter</filter-name> <url-pattern>*.jpg</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CacheFilter</filter-name> <url-pattern>*.css</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CacheFilter</filter-name> <url-pattern>*.js</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CacheFilter</filter-name> <url-pattern>*.png</url-pattern> </filter-mapping>
四、实现用户自动登陆
思路是这样的:
1、在用户登陆成功后,发送一个名称为user的cookie给客户端,cookie的值为用户名和md5加密后的密码。
2、编写一个AutoLoginFilter,这个filter检查用户是否带有名称为user的cookie来,如果有,则调用dao查询cookie的用户名和密码是否和数据库匹配,匹配则向session中存入user对象(即用户登陆标记),以实现程序完成自动登陆。
核心代码如下:
处理用户登录的控制器:LoginServlet
packageme.gacl.web.controller;
importjava.io.IOException;
importjavax.servlet.ServletException;
importjavax.servlet.http.Cookie;
importjavax.servlet.http.HttpServlet;
importjavax.servlet.http.HttpServletRequest;
importjavax.servlet.http.HttpServletResponse;
importme.gacl.dao.UserDao;
importme.gacl.domain.User;
importme.gacl.util.WebUtils;
publicclassLoginServletextendsHttpServlet{
publicvoiddoGet(HttpServletRequestrequest,HttpServletResponseresponse)
throwsServletException,IOException{
Stringusername=request.getParameter("username");
Stringpassword=request.getParameter("password");
UserDaodao=newUserDao();
Useruser=dao.find(username,password);
if(user==null){
request.setAttribute("message","用户名或密码不对!!");
request.getRequestDispatcher("/message.jsp").forward(request,response);
return;
}
request.getSession().setAttribute("user",user);
//发送自动登陆cookie给客户端浏览器进行存储
sendAutoLoginCookie(request,response,user);
request.getRequestDispatcher("/index.jsp").forward(request,response);
}
/**
*@Method:sendAutoLoginCookie
*@Description:发送自动登录cookie给客户端浏览器
*@paramrequest
*@paramresponse
*@paramuser
*/
privatevoidsendAutoLoginCookie(HttpServletRequestrequest,HttpServletResponseresponse,Useruser){
if(request.getParameter("logintime")!=null){
intlogintime=Integer.parseInt(request.getParameter("logintime"));
//创建cookie,cookie的名字是autologin,值是用户登录的用户名和密码,用户名和密码之间使用.进行分割,密码经过md5加密处理
Cookiecookie=newCookie("autologin",user.getUsername()+"."+WebUtils.md5(user.getPassword()));
//设置cookie的有效期
cookie.setMaxAge(logintime);
//设置cookie的有效路径
cookie.setPath(request.getContextPath());
//将cookie写入到客户端浏览器
response.addCookie(cookie);
}
}
publicvoiddoPost(HttpServletRequestrequest,HttpServletResponseresponse)
throwsServletException,IOException{
doGet(request,response);
}
}
处理用户自动登录的过滤器:AutoLoginFilter
packageme.gacl.web.filter;
importjava.io.IOException;
importjavax.servlet.Filter;
importjavax.servlet.FilterChain;
importjavax.servlet.FilterConfig;
importjavax.servlet.ServletException;
importjavax.servlet.ServletRequest;
importjavax.servlet.ServletResponse;
importjavax.servlet.http.Cookie;
importjavax.servlet.http.HttpServletRequest;
importjavax.servlet.http.HttpServletResponse;
importme.gacl.dao.UserDao;
importme.gacl.domain.User;
importme.gacl.util.WebUtils;
publicclassAutoLoginFilterimplementsFilter{
publicvoiddoFilter(ServletRequestreq,ServletResponseresp,
FilterChainchain)throwsIOException,ServletException{
HttpServletRequestrequest=(HttpServletRequest)req;
HttpServletResponseresponse=(HttpServletResponse)resp;
//如果已经登录了,就直接chain.doFilter(request,response)放行
if(request.getSession().getAttribute("user")!=null){
chain.doFilter(request,response);
return;
}
//1.得到用户带过来的authlogin的cookie
Stringvalue=null;
Cookiecookies[]=request.getCookies();
for(inti=0;cookies!=null&&i<cookies.length;i++){
if(cookies[i].getName().equals("autologin")){
value=cookies[i].getValue();
}
}
//2.得到cookie中的用户名和密码
if(value!=null){
Stringusername=value.split("\\.")[0];
Stringpassword=value.split("\\.")[1];
//3.调用dao获取用户对应的密码
UserDaodao=newUserDao();
Useruser=dao.find(username);
Stringdbpassword=user.getPassword();
//4.检查用户带过来的md5的密码和数据库中的密码是否匹配,如匹配则自动登陆
if(password.equals(WebUtils.md5(dbpassword))){
request.getSession().setAttribute("user",user);
}
}
chain.doFilter(request,response);
}
publicvoiddestroy(){
}
publicvoidinit(FilterConfigfilterConfig)throwsServletException{
}
}
如果想取消自动登录,那么可以在用户注销时删除自动登录cookie,核心代码如下:
packageme.gacl.web.controller;
importjava.io.IOException;
importjavax.servlet.ServletException;
importjavax.servlet.http.Cookie;
importjavax.servlet.http.HttpServlet;
importjavax.servlet.http.HttpServletRequest;
importjavax.servlet.http.HttpServletResponse;
publicclassCancelAutoLoginServletextendsHttpServlet{
publicvoiddoGet(HttpServletRequestrequest,HttpServletResponseresponse)
throwsServletException,IOException{
//移除存储在session中的user
request.getSession().removeAttribute("user");
//移除自动登录的cookie
removeAutoLoginCookie(request,response);
//注销用户后跳转到登录页面
request.getRequestDispatcher("/login.jsp").forward(request,response);
}
/**
*@Method:removeAutoLoginCookie
*@Description:删除自动登录cookie,
*JavaWeb中删除cookie的方式就是新创建一个cookie,新创建的cookie与要删除的cookie同名,
*设置新创建的cookie的cookie的有效期设置为0,有效路径与要删除的cookie的有效路径相同
*@paramrequest
*@paramresponse
*/
privatevoidremoveAutoLoginCookie(HttpServletRequestrequest,HttpServletResponseresponse){
//创建一个名字为autologin的cookie
Cookiecookie=newCookie("autologin","");
//将cookie的有效期设置为0,命令浏览器删除该cookie
cookie.setMaxAge(0);
//设置要删除的cookie的path
cookie.setPath(request.getContextPath());
response.addCookie(cookie);
}
publicvoiddoPost(HttpServletRequestrequest,HttpServletResponseresponse)
throwsServletException,IOException{
doGet(request,response);
}
}
以上就是过滤器的几个常见应用场景,希望对大家的学习有所帮助。