Servle Filter Detailed the basic principle of the servlet filter:
When the servlet is used as a filter, it can process the client's request. When processing is complete, it is handed over to the next filter, so that the customer's request is processed one by one in the filter chain until the request is sent to the target. For example, to implement a function of user operations, to filter the operation of the current non-logged-on user, but also to filter processing encoding, usually the first process of unified coding, the two work can be processed in a filter chain consisting of two filters, the filter chain as the name implies is a number of filter sequence execution, Perform a non-login filter after the filter encoding is executed. When the filter chain is successfully processed, the submitted data is sent to the final target, and if the filter processing is unsuccessful, the view is distributed to the specified error page.
Four stages of the filter life cycle: 1, instantiation: The Web container instantiates all filters when the Web application is deployed. The Web container callbacks its parameterless construction method.
2, initialization: After the completion of the instantiation, the initialization work immediately. The Web container callback init () method.
3. Filter: When the request path matches the URL mapping of the filter. The Web container callback Dofilter () method-the main working method.
4. Destroy: Web container before uninstalling the Web application, the Web container callback Destroy () method.
servlet Filter Development steps: 1. Create a class that implements the Javax.servlet.Filter interface.
2, the XML configuration of the filter.
Filter Interface: The filters class must implement the Javax.servlet.Filter interface, which consists of three methods:
public void init (Filterconfig config) throws servletexception;//initialization
public void DoFilter (ServletRequest request, servletresponse response, Filterchain chain) throws Ioexception,servletexc eption;//Filtration
public void Destroy ();//Destroy
Filterconfig Interface: during initialization, the container uses Filterconfig to pass configuration information to the filter, which provides the following methods:
Public String getfiltername ();//Get Filter Name
Public ServletContext getservletcontext ();//Get servlet context
public string Getinitparameter (string name);//Get parameter value
Public enumeration Getinitparameternames ();//Get parameter value Group
Filterchain Interface:
This interface is used to invoke the next filter in the filter chain, and the subsequent filter will not be valid if this method is not called.
Character Set filter, session filter, Resource Filter detail code:
Setcharacterencodingfilter.java:
Package com.tjcyjd.filter;
Import java.io.IOException;
Import Javax.servlet.Filter;
Import Javax.servlet.FilterChain;
Import Javax.servlet.FilterConfig;
Import javax.servlet.ServletException;
Import Javax.servlet.ServletRequest;
Import Javax.servlet.ServletResponse; /** * Character Set encoding filter * * @author YJD * */public class Setcharacterencodingfilter implements filter {public setcharact Erencodingfilter () {System.out.println ("callback character set filter is not a parameter constructed method.)
"); } private String CharSet; Code private Boolean flag;
Identifies whether the filter is enabled public void Destroy () {//destroys the filter System.out.println ("destroys the character set filter!"); } public void DoFilter (ServletRequest request, servletresponse response, Filterchain chain) throws IOException, SERVL etexception {if (flag && null! = CharSet) {//filter set to Enabled and character encoding not NULL//Set encoding request.setcharacterencoding (cha
RSet);
Response.setcharacterencoding (CharSet);
SYSTEM.OUT.PRINTLN ("Successful use of Character set Filters");
} else {System.out.println ("Character set filter not enabled"); } chain.dofiltER (request, response); } public void init (Filterconfig config) throws servletexception {//Initialize filter This.charset = Config.getinitparameter ("
CharSet ");
This.flag = "true". Equals (Config.getinitparameter ("flag"));
System.out.println ("Sets the character set encoding as:" + CharSet + "is enabled:" + flag);
}
}
Sessionfilger.java:
Package com.tjcyjd.filter;
Import java.io.IOException;
Import Javax.servlet.Filter;
Import Javax.servlet.FilterChain;
Import Javax.servlet.FilterConfig;
Import javax.servlet.ServletException;
Import Javax.servlet.ServletRequest;
Import Javax.servlet.ServletResponse; /** * Session Filter * * @author YJD * * */public class Sessionfilter implements filter {public sessionfilter () {Sy STEM.OUT.PRINTLN ("Callback session filter's parameterless construction method.
"); } private Boolean flag;
Identifies whether the filter is enabled public void Destroy () {//Destroy filter SYSTEM.OUT.PRINTLN ("Destroy session filter!"); } public void DoFilter (ServletRequest request, servletresponse response, Filterchain chain) throws IOException, SERVL
etexception {if (flag) {///filter is set to enable SYSTEM.OUT.PRINTLN ("Successfully used session filter");
} else {System.out.println ("session filter is not enabled");
} chain.dofilter (request, response); } public void init (Filterconfig config) throws servletexception {//Initialize filter This.flag = "true". Equals (Config.getinit
Parameter ("flag")); System. OUT.PRINTLN ("Set session filter is enabled:" + flag);
}
}
Package com.tjcyjd.filter;
Import java.io.IOException;
Import Javax.servlet.Filter;
Import Javax.servlet.FilterChain;
Import Javax.servlet.FilterConfig;
Import javax.servlet.ServletException;
Import Javax.servlet.ServletRequest;
Import Javax.servlet.ServletResponse;
/** * Resource Filter * * @author YJD * * */public class Resourcefilter implements filter {public Resourcefilter () { SYSTEM.OUT.PRINTLN ("Callback resource filter's parameterless construction method.
"); } private Boolean flag;
Identifies whether to enable filter public void Destroy () {//Destroy filter SYSTEM.OUT.PRINTLN ("Destroy Resource Filter!"); } public void DoFilter (ServletRequest request, servletresponse response, Filterchain chain) throws IOException, SERVL
etexception {if (flag) {///filter is set to enable SYSTEM.OUT.PRINTLN ("Successful use of resource Filter");
} else {System.out.println ("Resource filter not enabled");
} chain.dofilter (request, response); } public void init (Filterconfig config) throws servletexception {//Initialize filter This.flag = "true". Equals (Config.getinit
Parameter ("flag")); SYSTEM.OUT.PRINTLN ("Set resource filter is enabled:" + flag);
}
}
Controller class Filtertest.java:
Package Com.tjcyjd.controller;
Import java.io.IOException;
Import Java.io.PrintWriter;
Import javax.servlet.ServletException;
Import Javax.servlet.http.HttpServlet;
Import Javax.servlet.http.HttpServletRequest;
Import Javax.servlet.http.HttpServletResponse;
public class Filtertest extends HttpServlet {
private static final long Serialversionuid = -4431292272342933498l;
public void DoPost (HttpServletRequest request, httpservletresponse response)
throws Servletexception, IOException {
response.setcontenttype ("text/html");
PrintWriter out = Response.getwriter ();
Out.println ("You can not do it. ");
Out.flush ();
Out.close ();
}
public void doget (HttpServletRequest request, httpservletresponse response)
throws Servletexception, IOException {
DoPost (request, response);
}
}
Configuration file Web. xml:
<?xml version= "1.0" encoding= "UTF-8"?> <web-app version= "2.4" xmlns= "Http://java.sun.com/xml/ns/j2ee" xmlns : xsi= "http://www.w3.org/2001/XMLSchema-instance" xsi:schemalocation= "HTTP://JAVA.SUN.COM/XML/NS/J2EE/http Java.sun.com/xml/ns/j2ee/web-app_2_4.xsd "> <!--Configuring character Set Filters--<filter> <filter-name> Mycharsetfilter</filter-name> <filter-class>com.tjcyjd.filter.setcharacterencodingfilter</ filter-class> <init-param> <param-name>charset</param-name> <param-value>utf-8</par am-value> </init-param> <init-param> <param-name>flag</param-name> <param-value> ;true</param-value> </init-param> </filter> <!--Configuring session Filters--<filter> <filter- Name>mysessionfilter</filter-name> <filter-class>com.tjcyjd.filter.sessionfilter</ filter-class> <init-param> <param-name>flag</param-name> <pAram-value>true</param-value> </init-param> </filter> <!--Configuring resource filters--<filter& Gt <filter-name>myResourceFilter</filter-name> <filter-class>com.tjcyjd.filter.resourcefilter </filter-class> <init-param> <param-name>flag</param-name> <param-value>true</pa Ram-value> </init-param> </filter> <!--filter mapping files---<filter-mapping> <filter-name>m Ycharsetfilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> < Filter-mapping> <filter-name>mySessionFilter</filter-name> <url-pattern>/*</url-pattern > </filter-mapping> <filter-mapping> <filter-name>myResourceFilter</filter-name> < url-pattern>/*</url-pattern> </filter-mapping> <welcome-file-list> <welcome-file> Index.jsp</welcome-file> </welcome-file-list> <!-- Configure servlet--> <servlet> <servlet-name>filterTest</servlet-name> <servlet-class> com.tjcyjd.controller.filtertest</servlet-class> </servlet> <servlet-mapping> <servlet-name >filterTest</servlet-name> <url-pattern>/test</url-pattern> </servlet-mapping> </ Web-app>
After the deployment project starts, the console prints the information:
A method for constructing a callback session filter without parameters. sets whether the session filter is enabled: True callback Resource filter's parameterless construction method. sets whether the resource filter is enabled: True callback for the character set filter's parameterless construction method. set the character set encoding by: UTF-8 is enabled: TRUE
When requesting access to http://localhost:8080/2012-00001-filter/test, the filter execution information is as follows:
It is visible that the order of execution is related to the mapping order of the configuration file configuration, before the configuration is executed first.Successful use of the character set filter successfully using the session filter successfully using the resource filter
Stop the server console information as follows:
Destroy session Filter! Destroy the resource filter! Destroy the character set filter!
From the above, the Init () and the Destroy () method is executed in reverse order with the filter map, estimate similar stack bar, first put all the filters in the stack, advanced out, such an understanding does not know right.
five commonly used filters (RPM):
This interface is used to invoke the next filter in the filter chain, and the subsequent filter will not be valid if this method is not called.
1, use the browser does not cache the page filter:
Forcenocachefilter.java
Package filter;
Import javax.servlet.*;
Import Javax.servlet.http.HttpServletResponse;
Import java.io.IOException;
/**
* Filters used to make Browser do not cache pages */public
class Forcenocachefilter implements filter {public
void DoFilter (ServletRequest request, servletresponse response,
Filterchain Filterchain) throws IOException, Servletexception {
((httpservletresponse) response). SetHeader (" Cache-control "," No-cache ");
((httpservletresponse) response). SetHeader ("Pragma", "No-cache");
((httpservletresponse) response). Setdateheader ("Expires",-1);
Filterchain.dofilter (request, response);
}
public void Destroy () {
} public
void init (Filterconfig filterconfig) throws servletexception {
}
}Checkloginfilter.java
Package filter;
Import java.io.IOException;
Import java.util.ArrayList;
Import java.util.List;
Import Java.util.StringTokenizer;
Import Javax.servlet.Filter;
Import Javax.servlet.FilterChain;
Import Javax.servlet.FilterConfig;
Import javax.servlet.ServletException;
Import Javax.servlet.ServletRequest;
Import Javax.servlet.ServletResponse;
Import Javax.servlet.http.HttpServletRequest;
Import Javax.servlet.http.HttpServletResponse;
Import javax.servlet.http.HttpSession; /** * is used to detect whether the user is logged in the filter, if not logged in, then redirect to the login page to refer to * * * Configuration Parameters * * * Checksessionkey to check the Session saved in the keyword * * redirectur L If the user is not logged in, then redirect to the specified page, the URL does not include ContextPath * * notcheckurllist do not check the URL list, separated by semicolons, and the URL does not include contextpath * */public CLA
SS Checkloginfilter implements Filter {protected filterconfig filterconfig = null;
Private String redirecturl = null;
Private List notcheckurllist = new ArrayList ();
Private String sessionkey = null; public void DoFilter (servletrequest servletrequest, servletresponse seRvletresponse, Filterchain Filterchain) throws IOException, servletexception {httpservletrequest request = (HttpServ
Letrequest) ServletRequest;
HttpServletResponse response = (httpservletresponse) servletresponse;
HttpSession session = Request.getsession ();
if (SessionKey = = null) {Filterchain.dofilter (request, response);
Return } if ((!checkrequesturiintnotfilterlist (Request)) && Session.getattribute (sessionkey) = = null) {response
. Sendredirect (Request.getcontextpath () + RedirectURL);
Return
} filterchain.dofilter (ServletRequest, servletresponse);
} public void Destroy () {notcheckurllist.clear ();
} Private Boolean checkrequesturiintnotfilterlist (HttpServletRequest request) {String URI = Request.getservletpath () + (request.getpathinfo () = = null?
"": Request.getpathinfo ());
Return Notcheckurllist.contains (URI); } public void init (Filterconfig filterconfig) throws servletexception {this.filterconfig = Filterconfig;
RedirectURL = Filterconfig.getinitparameter ("RedirectURL");
SessionKey = Filterconfig.getinitparameter ("Checksessionkey");
String notcheckurlliststr = filterconfig. Getinitparameter ("Notcheckurllist");
if (notcheckurlliststr! = null) {StringTokenizer st = new StringTokenizer (Notcheckurlliststr, ";");
Notcheckurllist.clear ();
while (St.hasmoretokens ()) {Notcheckurllist.add (St.nexttoken ());
}
}
}
}
Characterencodingfilter.java
Package filter;
Import javax.servlet.*;
Import java.io.IOException;
/**
* A filter for setting HTTP request character encoding, using the filter parameter encoding to indicate what character encoding to use to handle the Chinese problem with the HTML form request parameter */public
class Characterencodingfilter implements Filter {
protected filterconfig filterconfig = null;
protected String encoding = "";
public void DoFilter (ServletRequest servletrequest,
servletresponse servletresponse, Filterchain filterchain)
throws IOException, servletexception {
if (encoding! = null)
servletrequest.setcharacterencoding ( encoding);
Filterchain.dofilter (ServletRequest, servletresponse);
}
public void Destroy () {
filterconfig = null;
encoding = NULL;
}
public void init (Filterconfig filterconfig) throws Servletexception {
this.filterconfig = filterconfig;
this.encoding = Filterconfig.getinitparameter ("encoding");
}
}
Securityfilter.java
Package filter;
Import Javax.servlet.Filter;
Import Javax.servlet.FilterConfig;
Import Javax.servlet.ServletRequest;
Import Javax.servlet.ServletResponse;
Import Javax.servlet.FilterChain;
Import javax.servlet.ServletException;
Import Javax.servlet.http.HttpServletRequest;
Import java.io.IOException;
Import Java.util.Iterator;
Import Java.util.Set; Import Java.util.HashSet; /** * Resource Protection Filter */public class Securityfilter implements filter {//The login page URI private static final St
Ring Login_page_uri = "LOGIN.JSF";
A set of restricted resources private set restrictedresources;
public void init (Filterconfig filterconfig) throws servletexception {this.restrictedresources = new HashSet ();
This.restrictedResources.add ("/createproduct.jsp");
This.restrictedResources.add ("/editproduct.jsp");
This.restrictedResources.add ("/productlist.jsp"); } public void DoFilter (ServletRequest req, servletresponse Res, Filterchain chain) throws IOException, servletexceptIon {String ContextPath = ((httpservletrequest) req). Getcontextpath ();
String RequestUri = ((httpservletrequest) req). Getrequesturi (); if (This.contains (RequestUri, ContextPath) &&!this.authorize ((httpservletrequest) req)) {(httpservletreq
uest) req). Getrequestdispatcher (Login_page_uri). Forward (req, res);
} else {Chain.dofilter (req, res); }} public void Destroy () {} private Boolean contains (string value, String contextpath) {Iterator ite = This.res
Trictedresources.iterator ();
while (Ite.hasnext ()) {String Restrictedresource = (string) ite.next ();
if ((ContextPath + restrictedresource). Equalsignorecase (value)) {return true;
}} return false; } Private Boolean authorize (HttpServletRequest req) {//process user Login/* * UserBean user = * (UserBean) Req.getsessio
N (). getattribute (Beannames.user_bean); * * if (user! = null && User.getloggedin ()) {//user logged in return * TRUE;} else {return FALse
} */return true;
}
}
5. Restrict User browsing privileges:
Rightfilter.java
Package filter;
Import java.io.IOException;
Import Javax.servlet.Filter;
Import Javax.servlet.FilterChain;
Import Javax.servlet.FilterConfig;
Import javax.servlet.ServletException;
Import Javax.servlet.ServletRequest;
Import Javax.servlet.ServletResponse;
Import Javax.servlet.http.HttpServletRequest; public class Rightfilter implements Filter {public void Destroy () {} public void DoFilter (ServletRequest sreq, Ser Vletresponse sres, Filterchain arg2) throws IOException, servletexception {//Get URI address HttpServletRequest request =
(HttpServletRequest) Sreq;
String uri = Request.getrequesturi ();
String CTX = Request.getcontextpath ();
URI = uri.substring (Ctx.length ()); Determine the browse permission for the admin level page if (Uri.startswith ("/admin")) {if (Request.getsession (). getattribute ("admin") = = null) {req
Uest.setattribute ("message", "You do not have this permission");
Request.getrequestdispatcher ("/login.jsp"). Forward (Sreq, sres);
Return }}//Determine the Manage-level page's browse permission if (Uri.startswith ("/managE ")) {//omitted here}}//Below can also add additional user rights, save. public void init (Filterconfig arg0) throws servletexception {}}
people who need source code can download it from my resources : http://download.csdn.net/detail/tjcyjd/3759636
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
