1.基本介绍

1.为什么需要过滤器？

2.基本介绍

3.过滤器的基本原理

2.快速入门

1.文件目录

2.环境配置

创建maven项目，导入依赖

  <dependencies><dependency><groupId>junit</groupId><artifactId>junit</artifactId><version>3.8.1</version><scope>test</scope></dependency><dependency><groupId>javax.servlet.jsp</groupId><artifactId>jsp-api</artifactId><version>2.2</version><scope>provided</scope></dependency><dependency><groupId>javax.servlet</groupId><artifactId>javax.servlet-api</artifactId><version>3.1.0</version></dependency><dependency><groupId>org.apache.taglibs</groupId><artifactId>taglibs-standard-impl</artifactId><version>1.2.5</version><scope>runtime</scope></dependency><dependency><groupId>org.apache.taglibs</groupId><artifactId>taglibs-standard-spec</artifactId><version>1.2.5</version></dependency></dependencies>

3.代码实现

1.login.jsp

<%--Date: 2024/1/31Time: 13:34User: 孙显圣Version:1.0
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head><title>Title</title>
</head>
<body>
<form action="<%=request.getContextPath()%>/loginCheck" method="post">username:<input type="text" name="username"><br>password:<input type="password" name="password"><br><input type="submit" value="提交">
</form>
</body>
</html>

2.LoginCheck.java

package servlet;import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;/*** @author 孙显圣* @version 1.0* 验证信息是否正确，如果正确则设置session*/
@WebServlet(urlPatterns = "/loginCheck")
public class LoginCheck extends HttpServlet {@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {String username = req.getParameter("username");String password = req.getParameter("password");if ("666666".equals(password)) {//设置sessionHttpSession session = req.getSession();session.setAttribute("name", username);req.getRequestDispatcher("manager/admin.jsp").forward(req, resp);}else {//不合法直接返回登录界面req.getRequestDispatcher("login.jsp").forward(req, resp);}}@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {doGet(req, resp);}
}

3.ManagerFilter.java编写过滤规则

package filter;import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.io.IOException;/*** @author 孙显圣* @version 1.0*/
public class ManagerFilter implements Filter {public void init(FilterConfig filterConfig) throws ServletException {//当filter创建后会调用这个方法初始化System.out.println("初始化");}public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {//每次调用该filter时该方法就会被调用//检查是否有session,将servletRequest向下转型为httpServletRequestHttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;HttpSession session = httpServletRequest.getSession();//获取session中的nameObject name = session.getAttribute("name");if (name != null) {//继续访问目标资源filterChain.doFilter(servletRequest,servletResponse);}else {httpServletRequest.getRequestDispatcher("/login.jsp").forward(servletRequest,servletResponse);}}public void destroy() {//filter被销毁时会调用System.out.println("destroy");}
}

4.配置web.xml告诉tomcat

<?xml version="1.0" encoding="UTF-8"?><web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://java.sun.com/xml/ns/javaeehttp://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"><display-name>Archetype Created Web Application</display-name>
<!--  filter一般写在最前面 -->
<!--  url-pattern就是当请求的url与之匹配的时候tomcat就会调用filter-->
<!--  /manager/*指的就是manager下面所有的资源-->
<filter><filter-name>ManagerFilter</filter-name><filter-class>filter.ManagerFilter</filter-class>
</filter>
<filter-mapping><filter-name>ManagerFilter</filter-name><url-pattern>/manager/*</url-pattern>
</filter-mapping>
</web-app>

5.admin.jsp

<%--Date: 2024/1/31Time: 13:37User: 孙显圣Version:1.0
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head><title>Title</title><base href="<%=request.getContextPath()%>/manager/">
</head>
<body>
<h1 align="center">管理员界面
</h1>
<img src="1.png" height="600" border="1">
</body>
</html>

3.Filter的执行流程

1.服务器启动

1. 读取web.xml
2. 根据全类名反射创建过滤器的实例，将其放在name - 实例的容器中，并将url - name容器也填充
3. 一共有两个容器
   1. url - name
   2. name - 实例
4. 创建FilterConfig对象，调用 init(FilterConfig filterConfi g)方法初始化过滤器

2.请求匹配

1. 遍历a容器，匹配url
2. 如果匹配到，则找到里面的name，并且遍历b容器，根据name找到filter实例
3. 调用doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)方法

3.细节说明

1. 过滤器起到一个浏览器请求拦截的作用，请求转发不经过过滤器
2. 过滤器实例只有一个
3. 一旦匹配到过滤器，过滤器只要不做任何操作，就会卡在这个页面，并不会继续匹配servlet
4. 除非过滤器调用filterChain.doFilter(servletRequest, servletResponse)才会放行
5. 过滤器里面的servletRequest和servletResponse是httpServletRequest和httpServletResponse的父类，可以向下转型

4.url-pattern

5.Filter生命周期

6.FilterConfig

1.基本介绍

2.代码演示

1.FilterConfig.java

package filter;import javax.servlet.*;
import java.io.IOException;
import java.util.Enumeration;/*** @author 孙显圣* @version 1.0*/
public class FilterConfig implements Filter {public void init(javax.servlet.FilterConfig filterConfig) throws ServletException {//通过filterConfig获取相关的参数//1.获取filter的名字String filterName = filterConfig.getFilterName();System.out.println("filterName: " + filterName);//2.获取filter配置参数String ip = filterConfig.getInitParameter("ip");System.out.println("ip: " + ip);//3.获取filter的所有配置参数的名字Enumeration<String> initParameterNames = filterConfig.getInitParameterNames();while (initParameterNames.hasMoreElements()){System.out.println("filterNames: " + initParameterNames.nextElement());}//4.获取servletContextServletContext servletContext = filterConfig.getServletContext();System.out.println("servletContext: " + servletContext);}public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {}public void destroy() {}
}

2.web.xml

    <filter><filter-name>filterConfig</filter-name><filter-class>filter.FilterConfig</filter-class><!--配置参数--><init-param><param-name>ip</param-name><param-value>12.344.123.12</param-value></init-param><init-param><param-name>qq</param-name><param-value>1721469477@qq.com</param-value></init-param></filter><filter-mapping><filter-name>filterConfig</filter-name><url-pattern>/abc/*</url-pattern></filter-mapping>

5.结果

3.课后练习

1.FilterConfig.java

package filter;import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;/*** @author 孙显圣* @version 1.0*/
public class FilterConfig implements Filter {public void init(javax.servlet.FilterConfig filterConfig) throws ServletException {//获取filter配置参数String ip = filterConfig.getInitParameter("ip");//获取servletContextServletContext servletContext = filterConfig.getServletContext();//把禁用的网段放入servletContextservletContext.setAttribute("ip", ip);}public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {ServletContext servletContext = servletRequest.getServletContext();Object ip = servletContext.getAttribute("ip");if (ip != null) {String ip_ = (String) ip; //获取禁用网段ip}HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;//获取请求的ipString remoteAddr = httpServletRequest.getRemoteAddr();//使用正则表达式匹配String regStr = ip + ".*";if (!remoteAddr.matches(regStr)) {//如果不是禁用网段跳转到登录页面httpServletRequest.getRequestDispatcher("/login.jsp").forward(servletRequest,servletResponse);}}public void destroy() {}
}

2.结果

7.FilterChain

1.基本原理

2. 代码实例

1.AFilter.java

package filter;import javax.servlet.*;
import javax.servlet.FilterConfig;
import java.io.IOException;/*** @author 孙显圣* @version 1.0*/
public class AFilter implements Filter {public void init(FilterConfig filterConfig) throws ServletException {}public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {System.out.println("AFilter的前置代码");filterChain.doFilter(servletRequest,servletResponse);System.out.println("AFilter的后置代码");}public void destroy() {}
}

2.BFilter.java

package filter;import javax.servlet.*;
import javax.servlet.FilterConfig;
import java.io.IOException;/*** @author 孙显圣* @version 1.0*/
public class BFilter implements Filter {public void init(FilterConfig filterConfig) throws ServletException {}public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {System.out.println("BFilter的前置代码");filterChain.doFilter(servletRequest,servletResponse);System.out.println("BFilter的后置代码");}public void destroy() {}
}

3.web.xml

    <filter><filter-name>A</filter-name><filter-class>filter.AFilter</filter-class></filter><filter-mapping><filter-name>A</filter-name><url-pattern>/aaa</url-pattern></filter-mapping><filter><filter-name>B</filter-name><filter-class>filter.BFilter</filter-class></filter><filter-mapping><filter-name>B</filter-name><url-pattern>/aaa</url-pattern></filter-mapping>

4.结果

3.注意事项

8.作业练习

1.homeworkFilter.java

package filter;import javax.servlet.*;
import javax.servlet.FilterConfig;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Enumeration;/*** @author 孙显圣* @version 1.0*/
public class homeworkFilter implements Filter {public void init(FilterConfig filterConfig) throws ServletException {//动态获取评论，并将评论都放到servletContext中ServletContext servletContext = filterConfig.getServletContext();Enumeration<String> initParameterNames = filterConfig.getInitParameterNames();ArrayList<String> comments = new ArrayList<String>();while (initParameterNames.hasMoreElements()) {String s = initParameterNames.nextElement();String initParameter = filterConfig.getInitParameter(s);comments.add(initParameter);}servletContext.setAttribute("comments", comments);}public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {//获取所有评论ServletContext servletContext = servletRequest.getServletContext();Object comments = servletContext.getAttribute("comments");//获取填写的评论String comment = servletRequest.getParameter("comment");//没有禁止的评论就直接放行if (comments == null) {filterChain.doFilter(servletRequest, servletResponse);}//禁止的评论不为空则遍历判断ArrayList<String> coms = (ArrayList<String>) comments;for (String com : coms) { //遍历禁用词if (com.equals(comment)) {//请求转发到主页面并将禁用词传进去servletRequest.setAttribute("badComment", comment);servletRequest.getRequestDispatcher("/topic.jsp").forward(servletRequest, servletResponse);}}filterChain.doFilter(servletRequest, servletResponse);}public void destroy() {}
}

2.web.xml

    <filter><filter-name>homeworkFilter</filter-name><filter-class>filter.homeworkFilter</filter-class><init-param><param-name>com1</param-name><param-value>苹果</param-value></init-param><init-param><param-name>com2</param-name><param-value>香蕉</param-value></init-param></filter><filter-mapping><filter-name>homeworkFilter</filter-name><url-pattern>/showTopic.jsp</url-pattern></filter-mapping>

3.topic.jsp

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%--Date: 2024/1/31Time: 17:36User: 孙显圣Version:1.0
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head><title>Title</title>
</head>
<body>
<h4>敏感词：苹果、香蕉<c:if test="${!empty requestScope.badComment}">---有敏感词：${requestScope.badComment}</c:if>
</h4>
<form action="showTopic.jsp" method="get">评论：<input type="text" name="comment"><br><input type="submit" value="提交">
</form></body>
</html>

4.showTopic.jsp

<%--Date: 2024/1/31Time: 17:39User: 孙显圣Version:1.0
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head><title>Title</title>
</head>
<body>
<h4>您的评论是：<%=request.getParameter("comment")%></h4>
</body>
</html>

5.演示结果