javaweb中Filter(过滤器)的常见应用
程序员文章站
2024-03-08 17:52:10
一、统一全站字符编码
通过配置参数charset指明使用何种字符编码,以处理html form请求参数的中文问题
package me.gacl.web.f...
一、统一全站字符编码
通过配置参数charset指明使用何种字符编码,以处理html form请求参数的中文问题
package me.gacl.web.filter;
import java.io.ioexception;
import javax.servlet.filter;
import javax.servlet.filterchain;
import javax.servlet.filterconfig;
import javax.servlet.servletexception;
import javax.servlet.servletrequest;
import javax.servlet.servletresponse;
import javax.servlet.http.httpservletrequest;
import javax.servlet.http.httpservletrequestwrapper;
import javax.servlet.http.httpservletresponse;
/**
* @classname: characterencodingfilter
* @description: 此过滤器用来解决全站中文乱码问题
*/
public class characterencodingfilter implements filter {
private filterconfig filterconfig = null;
//设置默认的字符编码
private string defaultcharset = "utf-8";
public void dofilter(servletrequest req, servletresponse resp,
filterchain chain) throws ioexception, servletexception {
httpservletrequest request = (httpservletrequest) req;
httpservletresponse response = (httpservletresponse) resp;
string charset = filterconfig.getinitparameter("charset");
if(charset==null){
charset = defaultcharset;
}
request.setcharacterencoding(charset);
response.setcharacterencoding(charset);
response.setcontenttype("text/html;charset="+charset);
mycharacterencodingrequest requestwrapper = new mycharacterencodingrequest(request);
chain.dofilter(requestwrapper, response);
}
public void init(filterconfig filterconfig) throws servletexception {
//得到过滤器的初始化配置信息
this.filterconfig = filterconfig;
}
public void destroy() {
}
}
/*
1.实现与被增强对象相同的接口
2、定义一个变量记住被增强对象
3、定义一个构造器,接收被增强对象
4、覆盖需要增强的方法
5、对于不想增强的方法,直接调用被增强对象(目标对象)的方法
*/
class mycharacterencodingrequest extends httpservletrequestwrapper{
private httpservletrequest request;
public mycharacterencodingrequest(httpservletrequest request) {
super(request);
this.request = request;
}
/* 重写getparameter方法
* @see javax.servlet.servletrequestwrapper#getparameter(java.lang.string)
*/
@override
public string getparameter(string name) {
try{
//获取参数的值
string value= this.request.getparameter(name);
if(value==null){
return null;
}
//如果不是以get方式提交数据的,就直接返回获取到的值
if(!this.request.getmethod().equalsignorecase("get")) {
return value;
}else{
//如果是以get方式提交数据的,就对获取到的值进行转码处理
value = new string(value.getbytes("iso8859-1"),this.request.getcharacterencoding());
return value;
}
}catch (exception e) {
throw new runtimeexception(e);
}
}
}
web.xml文件中的配置如下:
<filter>
<filter-name>characterencodingfilter</filter-name>
<filter-class>me.gacl.web.filter.characterencodingfilter</filter-class>
<init-param>
<param-name>charset</param-name>
<param-value>utf-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>characterencodingfilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
二、禁止浏览器缓存所有动态页面
有3 个http 响应头字段都可以禁止浏览器缓存当前页面,它们在 servlet 中的示例代码如下:
- response.setdateheader("expires",-1);
- response.setheader("cache-control","no-cache");
- response.setheader("pragma","no-cache");
并不是所有的浏览器都能完全支持上面的三个响应头,因此最好是同时使用上面的三个响应头。
- expires数据头:值为gmt时间值,为-1指浏览器不要缓存页面
- cache-control响应头有两个常用值:
- no-cache指浏览器不要缓存当前页面。
- max-age:xxx指浏览器缓存页面xxx秒。
package me.gacl.web.filter;
import java.io.ioexception;
import javax.servlet.filter;
import javax.servlet.filterchain;
import javax.servlet.filterconfig;
import javax.servlet.servletexception;
import javax.servlet.servletrequest;
import javax.servlet.servletresponse;
import javax.servlet.http.httpservletrequest;
import javax.servlet.http.httpservletresponse;
/**
* @classname: nocachefilter
* @description: 禁止浏览器缓存所有动态页面
* @author: 孤傲苍狼
* @date: 2014-8-31 下午11:25:40
*
*/
public class nocachefilter implements filter {
public void dofilter(servletrequest req, servletresponse resp,
filterchain chain) throws ioexception, servletexception {
//把servletrequest强转成httpservletrequest
httpservletrequest request = (httpservletrequest) req;
//把servletresponse强转成httpservletresponse
httpservletresponse response = (httpservletresponse) resp;
//禁止浏览器缓存所有动态页面
response.setdateheader("expires", -1);
response.setheader("cache-control", "no-cache");
response.setheader("pragma", "no-cache");
chain.dofilter(request, response);
}
public void init(filterconfig filterconfig) throws servletexception {
}
public void destroy() {
}
}
web.xml文件中的配置如下:
<filter>
<filter-name>nocachefilter</filter-name>
<filter-class>me.gacl.web.filter.nocachefilter</filter-class>
</filter>
<filter-mapping>
<filter-name>nocachefilter</filter-name>
<!--只拦截jsp请求-->
<servlet-name>*.jsp</servlet-name>
</filter-mapping>
三、控制浏览器缓存页面中的静态资源
有些动态页面中引用了一些图片或css文件以修饰页面效果,这些图片和css文件经常是不变化的,所以为减轻服务器的压力,可以使用filter控制浏览器缓存这些文件,以提升服务器的性能。
package me.gacl.web.filter;
import java.io.ioexception;
import javax.servlet.filter;
import javax.servlet.filterchain;
import javax.servlet.filterconfig;
import javax.servlet.servletexception;
import javax.servlet.servletrequest;
import javax.servlet.servletresponse;
import javax.servlet.http.httpservletrequest;
import javax.servlet.http.httpservletresponse;
/**
* @classname: cachefilter
* @description: 控制缓存的filter
*/
public class cachefilter implements filter {
private filterconfig filterconfig;
public void dofilter(servletrequest req, servletresponse resp,
filterchain chain) throws ioexception, servletexception {
httpservletrequest request = (httpservletrequest) req;
httpservletresponse response = (httpservletresponse) resp;
//1.获取用户想访问的资源
string uri = request.getrequesturi();
//2.得到用户想访问的资源的后缀名
string ext = uri.substring(uri.lastindexof(".")+1);
//得到资源需要缓存的时间
string time = filterconfig.getinitparameter(ext);
if(time!=null){
long t = long.parselong(time)*3600*1000;
//设置缓存
response.setdateheader("expires", system.currenttimemillis() + t);
}
chain.dofilter(request, response);
}
public void init(filterconfig filterconfig) throws servletexception {
this.filterconfig = filterconfig;
}
public void destroy() {
}
}
web.xml文件中的配置如下:
<!-- 配置缓存过滤器 -->
<filter>
<filter-name>cachefilter</filter-name>
<filter-class>me.gacl.web.filter.cachefilter</filter-class>
<!-- 配置要缓存的web资源以及缓存时间,以小时为单位 -->
<init-param>
<param-name>css</param-name>
<param-value>4</param-value>
</init-param>
<init-param>
<param-name>jpg</param-name>
<param-value>1</param-value>
</init-param>
<init-param>
<param-name>js</param-name>
<param-value>4</param-value>
</init-param>
<init-param>
<param-name>png</param-name>
<param-value>4</param-value>
</init-param>
</filter>
<!-- 配置要缓存的web资源的后缀-->
<filter-mapping>
<filter-name>cachefilter</filter-name>
<url-pattern>*.jpg</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>cachefilter</filter-name>
<url-pattern>*.css</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>cachefilter</filter-name>
<url-pattern>*.js</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>cachefilter</filter-name>
<url-pattern>*.png</url-pattern>
</filter-mapping>
四、实现用户自动登陆
思路是这样的:
1、在用户登陆成功后,发送一个名称为user的cookie给客户端,cookie的值为用户名和md5加密后的密码。
2、编写一个autologinfilter,这个filter检查用户是否带有名称为user的cookie来,如果有,则调用dao查询cookie的用户名和密码是否和数据库匹配,匹配则向session中存入user对象(即用户登陆标记),以实现程序完成自动登陆。
核心代码如下:
处理用户登录的控制器:loginservlet
package me.gacl.web.controller;
import java.io.ioexception;
import javax.servlet.servletexception;
import javax.servlet.http.cookie;
import javax.servlet.http.httpservlet;
import javax.servlet.http.httpservletrequest;
import javax.servlet.http.httpservletresponse;
import me.gacl.dao.userdao;
import me.gacl.domain.user;
import me.gacl.util.webutils;
public class loginservlet extends httpservlet {
public void doget(httpservletrequest request, httpservletresponse response)
throws servletexception, ioexception {
string username = request.getparameter("username");
string password = request.getparameter("password");
userdao dao = new userdao();
user user = dao.find(username, password);
if(user==null){
request.setattribute("message", "用户名或密码不对!!");
request.getrequestdispatcher("/message.jsp").forward(request, response);
return;
}
request.getsession().setattribute("user", user);
//发送自动登陆cookie给客户端浏览器进行存储
sendautologincookie(request,response,user);
request.getrequestdispatcher("/index.jsp").forward(request, response);
}
/**
* @method: sendautologincookie
* @description: 发送自动登录cookie给客户端浏览器
* @param request
* @param response
* @param user
*/
private void sendautologincookie(httpservletrequest request, httpservletresponse response, user user) {
if (request.getparameter("logintime")!=null) {
int logintime = integer.parseint(request.getparameter("logintime"));
//创建cookie,cookie的名字是autologin,值是用户登录的用户名和密码,用户名和密码之间使用.进行分割,密码经过md5加密处理
cookie cookie = new cookie("autologin",user.getusername() + "." + webutils.md5(user.getpassword()));
//设置cookie的有效期
cookie.setmaxage(logintime);
//设置cookie的有效路径
cookie.setpath(request.getcontextpath());
//将cookie写入到客户端浏览器
response.addcookie(cookie);
}
}
public void dopost(httpservletrequest request, httpservletresponse response)
throws servletexception, ioexception {
doget(request, response);
}
}
处理用户自动登录的过滤器:autologinfilter
package me.gacl.web.filter;
import java.io.ioexception;
import javax.servlet.filter;
import javax.servlet.filterchain;
import javax.servlet.filterconfig;
import javax.servlet.servletexception;
import javax.servlet.servletrequest;
import javax.servlet.servletresponse;
import javax.servlet.http.cookie;
import javax.servlet.http.httpservletrequest;
import javax.servlet.http.httpservletresponse;
import me.gacl.dao.userdao;
import me.gacl.domain.user;
import me.gacl.util.webutils;
public class autologinfilter implements filter {
public void dofilter(servletrequest req, servletresponse resp,
filterchain chain) throws ioexception, servletexception {
httpservletrequest request = (httpservletrequest) req;
httpservletresponse response = (httpservletresponse) resp;
//如果已经登录了,就直接chain.dofilter(request, response)放行
if(request.getsession().getattribute("user")!=null){
chain.dofilter(request, response);
return;
}
//1.得到用户带过来的authlogin的cookie
string value = null;
cookie cookies[] = request.getcookies();
for(int i=0;cookies!=null && i<cookies.length;i++){
if(cookies[i].getname().equals("autologin")){
value = cookies[i].getvalue();
}
}
//2.得到 cookie中的用户名和密码
if(value!=null){
string username = value.split("\\.")[0];
string password = value.split("\\.")[1];
//3.调用dao获取用户对应的密码
userdao dao = new userdao();
user user = dao.find(username);
string dbpassword = user.getpassword();
//4.检查用户带过来的md5的密码和数据库中的密码是否匹配,如匹配则自动登陆
if(password.equals(webutils.md5(dbpassword))){
request.getsession().setattribute("user", user);
}
}
chain.dofilter(request, response);
}
public void destroy() {
}
public void init(filterconfig filterconfig) throws servletexception {
}
}
如果想取消自动登录,那么可以在用户注销时删除自动登录cookie,核心代码如下:
package me.gacl.web.controller;
import java.io.ioexception;
import javax.servlet.servletexception;
import javax.servlet.http.cookie;
import javax.servlet.http.httpservlet;
import javax.servlet.http.httpservletrequest;
import javax.servlet.http.httpservletresponse;
public class cancelautologinservlet extends httpservlet {
public void doget(httpservletrequest request, httpservletresponse response)
throws servletexception, ioexception {
//移除存储在session中的user
request.getsession().removeattribute("user");
//移除自动登录的cookie
removeautologincookie(request,response);
//注销用户后跳转到登录页面
request.getrequestdispatcher("/login.jsp").forward(request, response);
}
/**
* @method: removeautologincookie
* @description: 删除自动登录cookie,
* javaweb中删除cookie的方式就是新创建一个cookie,新创建的cookie与要删除的cookie同名,
* 设置新创建的cookie的cookie的有效期设置为0,有效路径与要删除的cookie的有效路径相同
* @param request
* @param response
*/
private void removeautologincookie(httpservletrequest request, httpservletresponse response) {
//创建一个名字为autologin的cookie
cookie cookie = new cookie("autologin","");
//将cookie的有效期设置为0,命令浏览器删除该cookie
cookie.setmaxage(0);
//设置要删除的cookie的path
cookie.setpath(request.getcontextpath());
response.addcookie(cookie);
}
public void dopost(httpservletrequest request, httpservletresponse response)
throws servletexception, ioexception {
doget(request, response);
}
}
以上就是过滤器的几个常见应用场景,希望对大家的学习有所帮助。