过滤器的应用: 1、安全登陆 2、自动登陆 3、敏感词过滤
<!-- 在此省略登录-->配置一个Filter 用的是类实现 implements Filter 主要覆盖方法
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain Chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse resp=(HttpServletResponse)response; if(req.getSession().getAttribute("name") == null){ //踢到登录页面 resp.sendRedirect(req.getContextPath()+"/jsps/login.jsp"); }else{ //放行到要去的地方 Chain.doFilter(request, response); } }web.xml中的配置信息手动添加:
<filter> <filter-name>loginFilter</filter-name> <filter-class>cn.hncu.filter.LoginFilter</filter-class> </filter> <filter-mapping> <filter-name>loginFilter</filter-name> <!-- 要拦截的--> <url-pattern>/buy/*</url-pattern> <url-pattern>/jsps/buy/*</url-pattern> <url-pattern>/jsps/safe/*</url-pattern> </filter-mapping>login.jsp:选择是否自动登录
<h2>自动登录</h2> <c:if test="${ !empty error }"> ${error} <br/> <c:remove var="error" scope="session"/> </c:if> <c:if test="${ !empty sessionScope.name }"> 欢迎${name } <a href="#">页面1</a> <a href="#">页面2</a> <a href="<c:url value='/CanceAutoLoginServlet'/>">取消自动登录</a> </c:if> <c:if test="${empty sessionScope.name }"> <form action="<c:url value='/LoginServlet' />" method="post"> 用户名:<input type="text" name="name"><br> 密码:<input type="password" name="pwd"><br> 自动登录: <input type="radio" name="time" value="0"> 不自动登录 <input type="radio" name="time" value="1"> 一天 <input type="radio" name="time" value="7" checked="checked"> 一周<br> <input type="submit" value="登录"> </form> </c:if>主要的过滤器: AutoLogin implements Filter
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain Chain) throws IOException, ServletException { HttpServletRequest req =(HttpServletRequest)request ; HttpServletResponse resp=(HttpServletResponse)response; //拿Cookie if(req.getSession().getAttribute("name")==null){//表示没有登录,尝试帮助进行自动登录 //从cookie中读取,之前写入的autoLogin Cookie cs[]=req.getCookies(); if(cs!=null){ for(Cookie c:cs){ if(c.getName().equals("autoLogin")){ System.out.println("找到自动登陆的cookie"); String val = c.getValue(); String vals[]= val.split("@#"); vals[0] =URLDecoder.decode(vals[0],"utf-8");//name vals[1] =URLDecoder.decode(vals[1],"utf-8");//pwd if (vals[0] != null && vals[0].startsWith("hncu") && vals[1] != null && vals[1].length() > 3) { req.getSession().setAttribute("name", vals[0]); break; } } } } } Chain.doFilter(request, response); }取消自动登录: 删除cookie
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { //删除autologin 的cookie //名字一样,路径一样 Cookie coo = new Cookie("autoLogin",""); coo.setPath(request.getContextPath()); //生存时间为0,即是删除 coo.setMaxAge(0); response.addCookie(coo); //session的东西还在,要关掉浏览器 response.sendRedirect(request.getContextPath()+ "/index.jsp"); }黑名单技术:BlackistLogin implements Filter
private HashSet<String> blackSet = new HashSet<String>(); @Override public void init(FilterConfig paramFilterConfig) throws ServletException { // 按理从数据库读取黑名单 blackSet.add("黑名单IP");//127.0.0.1 } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain Chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse resp = (HttpServletResponse) response; // 拿ip String ip = req.getRemoteAddr(); if (blackSet.contains(ip)) { resp.setContentType("text/html;charset=utf-8"); resp.getWriter().println("你已经被列入黑名单"); } else { Chain.doFilter(request, response); } }先写个对话框:
<h2>敏感词过滤</h2> <form action="<c:url value='/NoteServlet' />" method="post"> 姓名:<input type="text" name="name"><br> 留言:<textarea name="note" cols="20" rows="10" > </textarea> <br> <input type="submit" value="提交"> </form> <a href="jsps/addWord.jsp">添加敏感词库</a>写过滤器:WordFilter implements Filter
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain Chain) throws IOException, ServletException { HttpServletRequest req=(HttpServletRequest)request; MyRequest request2= new MyRequest(req); Chain.doFilter(request2, response); } //内部类 class MyRequest extends HttpServletRequestWrapper{ //构造 public MyRequest(HttpServletRequest request) { super(request); } //alt+shift +s +v 拦截哪个改哪个 @Override public String getParameter(String name) { //调用父类的,或者自己写一个再调父类 String val = super.getParameter(name); System.out.println("原来的信息:"+val); List<String> list= WordUtils.getWords(); //遍历所有的敏感词 for(String w : list){ val=val.replaceAll(w, "**"); } return val; }写敏感词库:
public class WordUtils { //单例的敏感词库(内存中) private static List<String> list = new ArrayList<String>(); static{ //按理应该去数据库表格中,获取敏感词 list.add("习大大"); list.add("骂人的话"); } public static List<String> getWords(){ return list; } public static void reBuild(List<String> list ){ WordUtils.list=list; //存数据库 } public static void add(String word){ list.add(word); }