• Filter过滤器接口:
      • Filter接口实现类需要由开发人员编写,Http服务器不提供;
      • Filter接口在Http服务器调用资源文件之前,对Http服务器进行拦截过滤;
      • 作用:
        • 1)拦截Http服务器,帮助Http服务器检测当前请求合法性;
        • 2)拦截Http服务器,对当前请求进行增强操作;
      • Filter接口实现类开发步骤:
        • 1>创建1个Java类,实现Filter接口;
        • 2>重写Filter接口中的doFilter()方法; ```java package com.jiangzhiyan.filter;

    import javax.servlet.*; import java.io.IOException;

    public class OneFilter implements Filter { @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { //1.拦截请求对象得到请求包参数信息 Integer age = Integer.valueOf(servletRequest.getParameter(“age”)); //2.帮助Http服务器判定本次请求合法性 if (age<18 || age>=70){ //如果不合法,过滤器代替Http服务器拒绝本次请求 servletResponse.setContentType(“text/html;charset=utf-8”); servletResponse.getWriter().println(“

    年龄不合法,无法访问!

    “); }else{ //如果合法,将拦截的请求对象和响应对象交还给Http服务器,Http服务器继续调用资源 filterChain.doFilter(servletRequest,servletResponse); } } }

    1. - 3>web.xml文件中将Filter接口实现类注册到Http服务器;
    2. ```xml
    3. <!--注册过滤器实现类-->
    4. <filter> <!--1.将过滤器实现类路径交给TomCat-->
    5. <filter-name>oneFilter</filter-name>
    6. <filter-class>com.jiangzhiyan.filter.OneFilter</filter-class>
    7. </filter>
    8. <filter-mapping> <!--2.通知TomCat在调用何种资源文件时需要被拦截-->
    9. <filter-name>oneFilter</filter-name>
    10. <url-pattern>/pic.png</url-pattern>
    11. </filter-mapping>
    1. - 拦截地址的4种格式:
    1. <!--1.拦截具体的某个文件-->
    2. <url-pattern>/img/pic.png</url-pattern>
    3. <!--2.拦截某个(img)文件夹下所有文件-->
    4. <url-pattern>/img/*</url-pattern>
    5. <!--3.拦截所有文件夹下的某种类型文件-->
    6. <url-pattern>*.png</url-pattern>
    7. <!--4.拦截所有文件夹下的所有文件-->
    8. <url-pattern>/*</url-pattern>
    • 过滤器对拦截的请求进行增强操作: ```java package com.jiangzhiyan.filter;

    import javax.servlet.*; import java.io.IOException;

    public class OneFilter implements Filter { @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { //设置请求对象编码字符集(针对Post请求) servletRequest.setCharacterEncoding(“utf-8”); //放行 filterChain.doFilter(servletRequest,servletResponse); } }

    1. - 防止用户恶意访问:必须通过登录验证才给访问者派发Session对象,否则Sessionnull,无法访问其他资源.
    2. ```java
    3. package com.jiangzhiyan.filter;
    4. import javax.servlet.*;
    5. import javax.servlet.http.HttpServletRequest;
    6. import javax.servlet.http.HttpSession;
    7. import java.io.IOException;
    8. public class OneFilter implements Filter {
    9. @Override
    10. public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    11. //ServletRequest接口中没有getSession()方法,强转为HttpServletRequest类型(子接口)
    12. HttpServletRequest request = (HttpServletRequest)servletRequest;
    13. //获取访问地址的uri
    14. String uri = request.getRequestURI();
    15. //如果uri访问的是login相关资源,或欢迎页面,直接放行
    16. if (uri.contains("login") || uri.contains("Login") || "/005web/".equals(uri)){
    17. filterChain.doFilter(servletRequest,servletResponse);
    18. return;
    19. }
    20. //获取对话作用域对象session
    21. HttpSession session = request.getSession(false);
    22. //如果session为null,则代表为非法访问
    23. if (session == null){
    24. request.getRequestDispatcher("userLoginFail.html").forward(servletRequest,servletResponse);
    25. return;
    26. }else {
    27. filterChain.doFilter(servletRequest,servletResponse);
    28. }
    29. }
    30. }