- 过滤器是一种服务端组件,可以截取客户端请求和响应信息,对信息进行过滤,包括过滤源 -> 过滤规则 -> 过滤结果;
- 过滤器可以改变用户请求的 Web 资源(用户请求路径),但不能直接返回数据、处理用户请求(不是标准的 Servlet);
- 常见使用场景:对请求进行统一认证、编码转换、对发送的数据进行过滤替换、转换图形格式、对响应内容压缩等。
工作原理与生命周期
Web 容器启动使过滤器即启动,接收到用户请求后判断是否符合规则,过滤器把符合规则的请求发送至 Web 资源,处理完成后再经过滤器返回响应给用户。
生命周期:
- 实例化(Web 容器启动时加载 web.xml,只实例化一次 );
- 初始化(
init()方法); - 对每个请求过滤方法(
doFilter()方法); - 销毁(Web 容器关闭时执行
destroy()方法销毁)
实现一个过滤器
web.xml
<filter>
<filter-name>FirstFilter</filter-name> <!-- 过滤器类完整名字和包名 -->
<filter-class>com.ywh.filter.FirstFilter</filter-class>
<init-param>
<param-name>name</param-name> <!-- 初始化参数 -->
<param-value>ywh</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>FirstFilter</filter-name> <!-- 用户请求的 URL 匹配时触发过滤器工作 -->
<url-pattern>/index.jsp</url-pattern>
<dispatcher>FORWARD</dispatcher> <!-- 执行操作,可以是 REQUEST、INCLUDE、FORWARD、ERROR,默认为 REQUEST -->
</filter-mapping>
FirstFilter.java
public class FirstFilter implements Filter {
@Override
public void destroy() {
System.out.println("destroy---FirstFilter");
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
System.out.println("start----doFilter--FirstFilter");
// chain.doFilter(request, response);
HttpServletRequest req =(HttpServletRequest) request;
HttpServletResponse response2 =(HttpServletResponse) response;
response2.sendRedirect(req.getContextPath() + "/main.jsp");
// req.getRequestDispatcher("main.jsp").forward(request, response);
// req.getRequestDispatcher("main.jsp").include(request, response);
System.out.println("end------doFilter--FirstFilter");
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("init----FirstFilter");
}
}
过滤器链
对于同一个 URL 可以设置多个过滤器按指定顺序执行。
过滤器链的执行逻辑
<filter>
<filter-name>FirstFilter</filter-name> <!-- 过滤器类完整名字和包名 -->
<filter-class>com.ywh.filter.FirstFilter</filter-class>
<init-param>
<param-name>name</param-name> <!-- 初始化参数 -->
<param-value>zhangsan</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>FirstFilter</filter-name> <!-- 用户请求的 URL 匹配时触发过滤器工作 -->
<url-pattern>/index.jsp</url-pattern>
</filter-mapping>
<filter>
<filter-name>SecondFilter</filter-name>
<filter-class>com.ywh.filter.SecondFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SecondFilter</filter-name>
<url-pattern>/index.jsp</url-pattern>
</filter-mapping>
过滤器分类
在 Servlet 2.5 中过滤器有四种:
- REQUEST:用户直接访问页面时调用(重定向、转发);
- FORWARD:目标资源是通过 RequestDispatcher 的 forward 访问时调用;
- INCLUDE:目标资源是通过 RequestDispatcher 的 incluer 方法调用时调用;
- ERROR:目标资源是通过声明式异常处理机制调用时调用。
在 Servlet 3.0 中加入了 ASYNC 支持异步处理。
过滤器注解
使用 @WebFilter 注解将一个类生命为过滤器(在部署时被容器处理,容器将根据具体的属性配置将类部署为过滤器),代替 web.xml 配置过滤器类
@WebFilter(servletNames = {"SimpleServlet"}, filterName="SimpleFilter", value={"/index.jsp"}, dispatcherTypes={DispatcherType.Async})
public class TestFilter implements Filter {
// ...
}
@WebFilter 常用属性
实例:测试异步过滤器
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name></display-name>
<servlet>
<description>This is the description of my J2EE component</description>
<display-name>This is the display name of my J2EE component</display-name>
<servlet-name>AsynServlet</servlet-name>
<servlet-class>com.ywh.servlet.AsynServlet</servlet-class>
<async-supported>true</async-supported>
</servlet>
<servlet-mapping>
<servlet-name>AsynServlet</servlet-name>
<url-pattern>/servlet/AsynServlet</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
AsynServlet.java
public class AsynServlet extends HttpServlet {
public AsynServlet() {super(); }
public void destroy() { super.destroy(); }
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
System.out.println("Servletִ 执行开始时间:" + new Date());
AsyncContext context = request.startAsync();
new Thread(new Executor(context)).start();
System.out.println("Servletִ 执行结束时间:" + new Date());
}
public class Executor implements Runnable {
private AsyncContext context;
public Executor(AsyncContext context) { this.context = context; }
@Override
public void run() {
try {
Thread.sleep(1000 * 10);
System.out.println("业务执行完成时间:" + new Date());
} catch (InterruptedException e) {
e.printStackTrace();
}
}
}
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">");
out.println("<HTML>");
out.println(" <HEAD><TITLE>A Servlet</TITLE></HEAD>");
out.println(" <BODY>");
out.print(" This is ");
out.print(this.getClass());
out.println(", using the POST method");
out.println(" </BODY>");
out.println("</HTML>");
out.flush();
out.close();
}
public void init() throws ServletException { }
}
AsynFilter.java
@WebFilter(
filterName = "AsynFilter",
asyncSupported = true,
value = {"/servlet/AsynServlet"},
dispatcherTypes = {DispatcherType.REQUEST, DispatcherType.ASYNC}
)
public class AsynFilter implements Filter {
@Override
public void destroy() {}
@Override
public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException {
System.out.println("start.....AsynFilter");
arg2.doFilter(arg0, arg1);
System.out.println("end.....AsynFilter");
}
@Override
public void init(FilterConfig arg0) throws ServletException {}
}
实例:对用户请求进行统一认证
login.jsp
<body>
<form action="<%=request.getContextPath() %>/servlet/LoginServlet" method="post">
用户名:<input type="text" name="username">
密码:<input type="password" name="password">
<input type="submit" value="提交">
</form>
</body>
LoginServlet.java
public class LoginServlet extends HttpServlet {
public LoginServlet() { super(); }
public void destroy() { super.destroy(); }
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
System.out.println(username);
if ("admin".equals(username) && "admin".equals(password)) {
// 校验通过
HttpSession session = request.getSession();
session.setAttribute("username", username);
response.sendRedirect(request.getContextPath() + "/sucess.jsp");
} else {
// 校验失败
response.sendRedirect(request.getContextPath() + "/fail.jsp");
}
}
public void init() throws ServletException { }
}
LoginFilter.java
public class LoginFilter implements Filter {
private FilterConfig config;
@Override
public void destroy() { }
@Override
public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) arg0;
HttpServletResponse response = (HttpServletResponse) arg1;
HttpSession session = request.getSession();
String noLoginPaths = config.getInitParameter("noLoginPaths");
String charset = config.getInitParameter("charset");
if (charset == null) {
charset = "UTF-8";
}
request.setCharacterEncoding(charset);
if (noLoginPaths != null) {
String[] strArray = noLoginPaths.split(";");
// 获取不需要重定向的页面,符合条件则放行(如对于 login.jsp 不再执行重定向)
for (int i = 0; i < strArray.length; i++) {
if (strArray[i] == null || "".equals(strArray[i]))
continue;
if (request.getRequestURI().indexOf(strArray[i]) != -1) {
arg2.doFilter(arg0, arg1);
return;
}
}
}
if (session.getAttribute("username") != null) {
arg2.doFilter(arg0, arg1);
} else {
response.sendRedirect("login.jsp");
}
}
@Override
public void init(FilterConfig arg0) throws ServletException { config = arg0; }
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name></display-name>
<servlet>
<description>This is the description of my J2EE component</description>
<display-name>This is the display name of my J2EE component</display-name>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>com.ywh.serlvet.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/servlet/LoginServlet</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.ywh.filter.LoginFilter</filter-class>
<init-param>
<param-name>noLoginPaths</param-name> <!-- 不需要重定向的页面 -->
<param-value>login.jsp;fail.jsp;LoginServlet</param-value>
</init-param>
<init-param>
<param-name>charset</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
