过滤器属于servlet规范当中定义的组件,而拦截器 属于spring框架定义的组件。
过滤器:实现Filter接口
常用来做项目中的一些共性的需求
如:记录日志、过滤敏感词、权限检查
过滤器会以极低的耦合度来处理这样的需求
共性的需求:几乎每个请求都要做的事情
写一个类,实现Filter接口
在web.xml中配置此Filter
package web; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; public class LoginFilter implements Filter { public void destroy() { } public void doFilter( ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { //tomcat调用此方法并传入参数, //传入的是Http开头的参数。 HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; //有三个请求不需要过滤,将它们排除掉。 String[] paths = new String[]{ "/toLogin.do", "/login.do", "/createImg.do" }; String currPath = request.getServletPath(); for(String p:paths){ if(p.equals(currPath)){ chain.doFilter(request, response); return; } } //尝试从session中获取账号 //登录成功时可以获取到账号, //否则获取不到账号。 HttpSession session = request.getSession(); String adminCode = (String) session.getAttribute("adminCode"); //根据账号判断是否已登录 if(adminCode == null){ //没登录,重定向到toLogin.do,因为不知道是什么请求,所以用绝对 response.sendRedirect("/netctoss/toLogin.do"); } else { //已登录,让请求继续执行 chain.doFilter(request, response); } } <span style="white-space:pre"> </span>//加载时执行,也没必要执行 public void init(FilterConfig arg0) throws ServletException { } }另一个项目中的登陆过滤器
package cn.tedu.note.util; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class AccessFilter implements Filter{ public void destroy() { } public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; //获取请求的路径 String path = request.getRequestURI(); String reg = ".*edit\\.html$"; if(path.matches(reg)){ checkLogin(request,response,chain); return; } reg=".*\\.do"; String account = ".*account.*\\.do"; if(path.matches(reg) && !path.matches(account)){ checkdo(request,response,chain); } chain.doFilter(request, response); } private void checkdo(HttpServletRequest request, HttpServletResponse response,FilterChain chain) throws IOException, ServletException { // String name = "token"; String value = null; value = getCookie(request, name, value); if(value==null){ String json = "{\"state\":1, " + "\"message\":\"必须登录\"}"; response.setContentType("application/json;charset=utf-8"); response.getWriter().println(json); return;//如果写了if,没写else,就要写return; } chain.doFilter(request, response); } private void checkLogin(HttpServletRequest request, HttpServletResponse response,FilterChain chain) throws IOException, ServletException { //读取cookie 检查是否登录 String name = "token"; String value = null; value = getCookie(request, name, value); if(value==null){//没有cookie没有登录,重定向到登录页面 String path= "log_in.html"; response.sendRedirect(path); return; } //有cookie就通过 chain.doFilter(request, response); } private String getCookie(HttpServletRequest request, String name, String value) { Cookie[] cookies = request.getCookies(); for(Cookie cookie:cookies){ if(cookie.getName().equals(name)){ value = cookie.getValue(); } } return value; } public void init(FilterConfig arg0) throws ServletException { } }web.xml文件中配置过滤器
<!-- 登录检查的过滤器 --> <filter> <filter-name>login</filter-name> <filter-class>web.LoginFilter</filter-class> </filter> <filter-mapping> <filter-name>login</filter-name> <url-pattern>*.do</url-pattern> </filter-mapping>前端控制器在调用处理器之前,如果发现有拦截器存在, 则会先调用拦截器,然后再调用处理器。
注:过滤器属于servlet规范当中定义的组件,而拦截器 属于spring框架定义的组件。
step1. 写一个Java类,实现HandlerInterceptor接口。
step2. 将拦截处理逻辑写在相应的接口方法里面:
preHandle方法:前端控制器先调用拦截器的preHandle方法, 如果该方法返回值为true,则拦截器继续向后调用;如果 该方法返回值为false,则拦截器不再向后调用,请求处理 完成。
postHandle方法:处理器方法已经执行完成,正准备将 ModelAndView对象返回给前端控制器之前执行。可以在 该方法里面,修改ModelAndView对象。
afterCompletion方法:最后执行的方法,要注意,如果 preHandle方法返回值为false,该方法不会执行。 step3. 配置拦截器。
package com.tarena.netctoss.interceptors; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; public class SessionInterceptor implements HandlerInterceptor { public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { System.out.println("preHandle()"); HttpSession session = request.getSession(); Object admin = session.getAttribute("admin"); if(admin == null){ //没有登录,跳转到登录页面 response.sendRedirect("toLogin.do"); return false; } //已经登录过,则继续向下执行 return true; } public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { } public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { } }