1.基本介绍

1.为什么需要过滤器？

2.基本介绍

3.过滤器的基本原理

2.快速入门

1.文件目录

2.环境配置

创建maven项目，导入依赖

  <dependencies>
    <dependency>
      <groupId>junit</groupId>
      <artifactId>junit</artifactId>
      <version>3.8.1</version>
      <scope>test</scope>
    </dependency>
    <dependency>
      <groupId>javax.servlet.jsp</groupId>
      <artifactId>jsp-api</artifactId>
      <version>2.2</version>
      <scope>provided</scope>
    </dependency>
    <dependency>
      <groupId>javax.servlet</groupId>
      <artifactId>javax.servlet-api</artifactId>
      <version>3.1.0</version>
    </dependency>
    <dependency>
      <groupId>org.apache.taglibs</groupId>
      <artifactId>taglibs-standard-impl</artifactId>
      <version>1.2.5</version>
      <scope>runtime</scope>
    </dependency>
    <dependency>
      <groupId>org.apache.taglibs</groupId>
      <artifactId>taglibs-standard-spec</artifactId>
      <version>1.2.5</version>
    </dependency>
  </dependencies>

3.代码实现

1.login.jsp

<%--
  Date: 2024/1/31
  Time: 13:34
  User: 孙显圣
  Version:1.0
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>Title</title>
</head>
<body>
<form action="<%=request.getContextPath()%>/loginCheck" method="post">
    username:<input type="text" name="username"><br>
    password:<input type="password" name="password"><br>
    <input type="submit" value="提交">
</form>
</body>
</html>

2.LoginCheck.java

package servlet;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;

/**
 * @author 孙显圣
 * @version 1.0
 * 验证信息是否正确，如果正确则设置session
 */
@WebServlet(urlPatterns = "/loginCheck")
public class LoginCheck extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        String username = req.getParameter("username");
        String password = req.getParameter("password");
        if ("666666".equals(password)) {
            //设置session
            HttpSession session = req.getSession();
            session.setAttribute("name", username);

            req.getRequestDispatcher("manager/admin.jsp").forward(req, resp);
        }
        else {
            //不合法直接返回登录界面
            req.getRequestDispatcher("login.jsp").forward(req, resp);
        }
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        doGet(req, resp);
    }
}

3.ManagerFilter.java编写过滤规则

package filter;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.io.IOException;

/**
 * @author 孙显圣
 * @version 1.0
 */
public class ManagerFilter implements Filter {

    public void init(FilterConfig filterConfig) throws ServletException {
        //当filter创建后会调用这个方法初始化
        System.out.println("初始化");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        //每次调用该filter时该方法就会被调用
        //检查是否有session,将servletRequest向下转型为httpServletRequest
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpSession session = httpServletRequest.getSession();
        //获取session中的name
        Object name = session.getAttribute("name");
        if (name != null) {
            //继续访问目标资源
            filterChain.doFilter(servletRequest,servletResponse);
        }
        else {
            httpServletRequest.getRequestDispatcher("/login.jsp").forward(servletRequest,servletResponse);
        }
    }

    public void destroy() {
        //filter被销毁时会调用
        System.out.println("destroy");
    }
}

4.配置web.xml告诉tomcat

<?xml version="1.0" encoding="UTF-8"?>

<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
	http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
  <display-name>Archetype Created Web Application</display-name>
<!--  filter一般写在最前面 -->
<!--  url-pattern就是当请求的url与之匹配的时候tomcat就会调用filter-->
<!--  /manager/*指的就是manager下面所有的资源-->
<filter>
  <filter-name>ManagerFilter</filter-name>
  <filter-class>filter.ManagerFilter</filter-class>
</filter>
<filter-mapping>
  <filter-name>ManagerFilter</filter-name>
  <url-pattern>/manager/*</url-pattern>
</filter-mapping>
</web-app>

5.admin.jsp

<%--
  Date: 2024/1/31
  Time: 13:37
  User: 孙显圣
  Version:1.0
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>Title</title>
    <base href="<%=request.getContextPath()%>/manager/">
</head>
<body>
<h1 align="center">
    管理员界面
</h1>
<img src="1.png" height="600" border="1">
</body>
</html>

3.Filter的执行流程

1.服务器启动

1. 读取web.xml
2. 根据全类名反射创建过滤器的实例，将其放在name - 实例的容器中，并将url - name容器也填充
3. 一共有两个容器
   1. url - name
   2. name - 实例
4. 创建FilterConfig对象，调用 init(FilterConfig filterConfi g)方法初始化过滤器

2.请求匹配

1. 遍历a容器，匹配url
2. 如果匹配到，则找到里面的name，并且遍历b容器，根据name找到filter实例
3. 调用doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)方法

3.细节说明

1. 过滤器起到一个浏览器请求拦截的作用，请求转发不经过过滤器
2. 过滤器实例只有一个
3. 一旦匹配到过滤器，过滤器只要不做任何操作，就会卡在这个页面，并不会继续匹配servlet
4. 除非过滤器调用filterChain.doFilter(servletRequest, servletResponse)才会放行
5. 过滤器里面的servletRequest和servletResponse是httpServletRequest和httpServletResponse的父类，可以向下转型

4.url-pattern

5.Filter生命周期

6.FilterConfig

1.基本介绍

2.代码演示

1.FilterConfig.java

package filter;

import javax.servlet.*;
import java.io.IOException;
import java.util.Enumeration;

/**
 * @author 孙显圣
 * @version 1.0
 */
public class FilterConfig implements Filter {
    public void init(javax.servlet.FilterConfig filterConfig) throws ServletException {
        //通过filterConfig获取相关的参数
        //1.获取filter的名字
        String filterName = filterConfig.getFilterName();
        System.out.println("filterName: " + filterName);
        //2.获取filter配置参数
        String ip = filterConfig.getInitParameter("ip");
        System.out.println("ip: " + ip);
        //3.获取filter的所有配置参数的名字
        Enumeration<String> initParameterNames = filterConfig.getInitParameterNames();
        while (initParameterNames.hasMoreElements()){
            System.out.println("filterNames: " + initParameterNames.nextElement());
        }
        //4.获取servletContext
        ServletContext servletContext = filterConfig.getServletContext();
        System.out.println("servletContext: " + servletContext);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {

    }

    public void destroy() {

    }
}

2.web.xml

    <filter>
        <filter-name>filterConfig</filter-name>
        <filter-class>filter.FilterConfig</filter-class>
        <!--配置参数-->
        <init-param>
            <param-name>ip</param-name>
            <param-value>12.344.123.12</param-value>
        </init-param>
        <init-param>
            <param-name>qq</param-name>
            <param-value>1721469477@qq.com</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>filterConfig</filter-name>
        <url-pattern>/abc/*</url-pattern>
    </filter-mapping>

5.结果

3.课后练习

1.FilterConfig.java

package filter;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;

/**
 * @author 孙显圣
 * @version 1.0
 */
public class FilterConfig implements Filter {
    public void init(javax.servlet.FilterConfig filterConfig) throws ServletException {

        //获取filter配置参数
        String ip = filterConfig.getInitParameter("ip");
        //获取servletContext
        ServletContext servletContext = filterConfig.getServletContext();
        //把禁用的网段放入servletContext
        servletContext.setAttribute("ip", ip);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        ServletContext servletContext = servletRequest.getServletContext();
        Object ip = servletContext.getAttribute("ip");
        if (ip != null) {
            String ip_ = (String) ip; //获取禁用网段ip
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        //获取请求的ip
        String remoteAddr = httpServletRequest.getRemoteAddr();
        //使用正则表达式匹配
        String regStr = ip + ".*";
        if (!remoteAddr.matches(regStr)) {
            //如果不是禁用网段跳转到登录页面
            httpServletRequest.getRequestDispatcher("/login.jsp").forward(servletRequest,servletResponse);
        }
    }

    public void destroy() {

    }
}

2.结果

7.FilterChain

1.基本原理

2. 代码实例

1.AFilter.java

package filter;

import javax.servlet.*;
import javax.servlet.FilterConfig;
import java.io.IOException;

/**
 * @author 孙显圣
 * @version 1.0
 */
public class AFilter implements Filter {
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        System.out.println("AFilter的前置代码");
        filterChain.doFilter(servletRequest,servletResponse);
        System.out.println("AFilter的后置代码");
    }

    public void destroy() {

    }
}

2.BFilter.java

package filter;

import javax.servlet.*;
import javax.servlet.FilterConfig;
import java.io.IOException;

/**
 * @author 孙显圣
 * @version 1.0
 */
public class BFilter implements Filter {
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        System.out.println("BFilter的前置代码");
        filterChain.doFilter(servletRequest,servletResponse);
        System.out.println("BFilter的后置代码");
    }

    public void destroy() {

    }
}

3.web.xml

    <filter>
        <filter-name>A</filter-name>
        <filter-class>filter.AFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>A</filter-name>
        <url-pattern>/aaa</url-pattern>
    </filter-mapping>
    <filter>
        <filter-name>B</filter-name>
        <filter-class>filter.BFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>B</filter-name>
        <url-pattern>/aaa</url-pattern>
    </filter-mapping>

4.结果

3.注意事项

8.作业练习

1.homeworkFilter.java

package filter;


import javax.servlet.*;
import javax.servlet.FilterConfig;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Enumeration;

/**
 * @author 孙显圣
 * @version 1.0
 */
public class homeworkFilter implements Filter {
    public void init(FilterConfig filterConfig) throws ServletException {
        //动态获取评论，并将评论都放到servletContext中
        ServletContext servletContext = filterConfig.getServletContext();
        Enumeration<String> initParameterNames = filterConfig.getInitParameterNames();
        ArrayList<String> comments = new ArrayList<String>();
        while (initParameterNames.hasMoreElements()) {
            String s = initParameterNames.nextElement();
            String initParameter = filterConfig.getInitParameter(s);
            comments.add(initParameter);
        }
        servletContext.setAttribute("comments", comments);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        //获取所有评论
        ServletContext servletContext = servletRequest.getServletContext();
        Object comments = servletContext.getAttribute("comments");
        //获取填写的评论
        String comment = servletRequest.getParameter("comment");
        //没有禁止的评论就直接放行
        if (comments == null) {
            filterChain.doFilter(servletRequest, servletResponse);
        }
        //禁止的评论不为空则遍历判断
        ArrayList<String> coms = (ArrayList<String>) comments;
        for (String com : coms) { //遍历禁用词
            if (com.equals(comment)) {
                //请求转发到主页面并将禁用词传进去
                servletRequest.setAttribute("badComment", comment);
                servletRequest.getRequestDispatcher("/topic.jsp")
                        .forward(servletRequest, servletResponse);
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void destroy() {

    }
}

2.web.xml

    <filter>
        <filter-name>homeworkFilter</filter-name>
        <filter-class>filter.homeworkFilter</filter-class>
        <init-param>
            <param-name>com1</param-name>
            <param-value>苹果</param-value>
        </init-param>
        <init-param>
            <param-name>com2</param-name>
            <param-value>香蕉</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>homeworkFilter</filter-name>
        <url-pattern>/showTopic.jsp</url-pattern>
    </filter-mapping>

3.topic.jsp

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%--
  Date: 2024/1/31
  Time: 17:36
  User: 孙显圣
  Version:1.0
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>Title</title>
</head>
<body>
<h4>敏感词：苹果、香蕉
    <c:if test="${!empty requestScope.badComment}">
        ---有敏感词：${requestScope.badComment}
    </c:if>
</h4>
<form action="showTopic.jsp" method="get">
    评论：<input type="text" name="comment"><br>
    <input type="submit" value="提交">
</form>

</body>
</html>

4.showTopic.jsp

<%--
  Date: 2024/1/31
  Time: 17:39
  User: 孙显圣
  Version:1.0
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>Title</title>
</head>
<body>
<h4>您的评论是：<%=request.getParameter("comment")%></h4>
</body>
</html>

5.演示结果