五个有用的过滤器
一、使浏览器不缓存页面的过滤器
?
package com.test;import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletResponse;/** * 用于的使Browser不缓存页面的过滤器 */public class ForceNoCacheFilter implements Filter {public void destroy() {}public void doFilter(ServletRequest request, ServletResponse response,FilterChain filterChain) throws IOException, ServletException {((HttpServletResponse) response).setHeader("Cache-Control", "no-cache");((HttpServletResponse) response).setHeader("Pragma", "no-cache");((HttpServletResponse) response).setDateHeader("Expires", -1);filterChain.doFilter(request, response);}public void init(FilterConfig arg0) throws ServletException {}}?
?
二、检测用户是否登陆的过滤器
?
package com.test;import java.io.IOException;import java.util.ArrayList;import java.util.List;import java.util.StringTokenizer;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;/** * 用于检测用户是否登陆的过滤器,如果未登录,则重定向到指的登录页面 * 配置参数 * checkSessionKey: 需检查的在Session中保存的关键字 * redirectURL: 如果用户未登录,则重定向到指定的页面,URL不包括 ContextPath * notCheckURLList: 不做检查的URL列表,以分号分开,并且URL中不包括 ContextPath */@SuppressWarnings("unchecked")public class CheckLoginFilter implements Filter {protected FilterConfig filterConfig = null;private String redirectURL = null;private List notCheckURLList = new ArrayList();private String sessionKey = null;public void destroy() {notCheckURLList.clear();}public void doFilter(ServletRequest servletRequest,ServletResponse servletResponse, FilterChain filterChain)throws IOException, ServletException {HttpServletRequest request = (HttpServletRequest) servletRequest;HttpServletResponse response = (HttpServletResponse) servletResponse;HttpSession session = request.getSession();if (sessionKey == null) {filterChain.doFilter(request, response);return;}if ((!checkRequestURIIntNotFilterList(request))&& session.getAttribute(sessionKey) == null) {response.sendRedirect(request.getContextPath() + redirectURL);return;}filterChain.doFilter(servletRequest, servletResponse);}public void init(FilterConfig filterConfig) throws ServletException {this.filterConfig = filterConfig;redirectURL = filterConfig.getInitParameter("redirectURL");sessionKey = filterConfig.getInitParameter("checkSessionKey");String notCheckURLListStr = filterConfig.getInitParameter("notCheckURLList");if (notCheckURLListStr != null) {StringTokenizer st = new StringTokenizer(notCheckURLListStr, ";");notCheckURLList.clear();while (st.hasMoreTokens()) {notCheckURLList.add(st.nextToken());}}}private boolean checkRequestURIIntNotFilterList(HttpServletRequest request) {String uri = request.getServletPath()+ (request.getPathInfo() == null ? "" : request.getPathInfo());return notCheckURLList.contains(uri);}}??
三、字符编码的过滤器
?
package com.test;import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;/** * 用于设置 HTTP 请求字符编码的过滤器,通过过滤器参数encoding指明使用何种字符编码,用于处理Html Form请求参数的中文问题 * 只对post方式有效 */public class CharacterEncodingFilter implements Filter {protected FilterConfig filterConfig = null;protected String encoding = "";public void destroy() {filterConfig = null;encoding = null;}public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException {if (encoding != null) {request.setCharacterEncoding(encoding);}chain.doFilter(request, response);}public void init(FilterConfig filterConfig) throws ServletException {this.filterConfig = filterConfig;this.encoding = filterConfig.getInitParameter("encoding");}}??
四、资源保护过滤器
?
package com.test;import java.io.IOException;import java.util.HashSet;import java.util.Iterator;import java.util.Set;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import org.apache.commons.logging.Log;import org.apache.commons.logging.LogFactory;@SuppressWarnings("unchecked")public class SecurityFilter implements Filter {private static final String LOGIN_PAGE_URI = "login.jsp";// the logger objectprivate Log logger = LogFactory.getLog(this.getClass());// a set of restricted resourcesprivate Set restrictedResources;public void destroy() {}public void doFilter(ServletRequest req, ServletResponse res,FilterChain chain) throws IOException, ServletException {this.logger.debug("doFilter");String contextPath = ((HttpServletRequest) req).getContextPath();String requestUri = ((HttpServletRequest) req).getRequestURI();this.logger.debug("contextPath = " + contextPath);this.logger.debug("requestUri = " + requestUri);if (this.contains(requestUri, contextPath)&& !this.authorize((HttpServletRequest) req)) {this.logger.debug("authorization failed");((HttpServletRequest) req).getRequestDispatcher(LOGIN_PAGE_URI).forward(req, res);} else {this.logger.debug("authorization succeeded");chain.doFilter(req, res);}}public void init(FilterConfig filterConfig) throws ServletException {this.restrictedResources = new HashSet();this.restrictedResources.add("/createProduct.jsp");this.restrictedResources.add("/editProduct.jsp");this.restrictedResources.add("/productList.jsp");}private boolean contains(String value, String contextPath) {Iterator ite = this.restrictedResources.iterator();while (ite.hasNext()) {String restrictedResource = (String) ite.next();if ((contextPath + restrictedResource).equalsIgnoreCase(value)) {return true;}}return false;}private boolean authorize(HttpServletRequest req) {// 处理用户登录//UserBean user = (UserBean) req.getSession().getAttribute(//BeanNames.USER_BEAN);////if (user != null && user.getLoggedIn()) {//// user logged in//return true;//} else {//return false;//}return false;}}??
五、利用Filter限制用户浏览权限
?
package com.test;import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;//在一个系统中通常有多个权限的用户。不同权限用户的可以浏览不同的页面。//使用Filter进行判断不仅省下了代码量,而且如果要更改的话只需要在Filter文件里动下就可以。 public class RightFilter implements Filter {public void destroy() {}public void doFilter(ServletRequest srequest, ServletResponse sresponse,FilterChain chain) throws IOException, ServletException {// 获取uri地址HttpServletRequest request = (HttpServletRequest) srequest;String uri = request.getRequestURI();String ctx = request.getContextPath();uri = uri.substring(ctx.length());// 判断admin级别网页的浏览权限if (uri.startsWith("/admin")) {if (request.getSession().getAttribute("admin") == null) {request.setAttribute("message", "您没有这个权限");request.getRequestDispatcher("/login.jsp").forward(srequest,sresponse);return;}}// 判断manage级别网页的浏览权限if (uri.startsWith("/manage")) {// 这里省去}// 下面还可以添加其他的用户权限,省去。chain.doFilter(srequest, sresponse);}public void init(FilterConfig filterConfig) throws ServletException {}}?
<?xml version="1.0" encoding="UTF-8"?> <filter><filter-name>CharacterEncodingFilter</filter-name><filter-class>com.test.CharacterEncodingFilter</filter-class><init-param><param-name>encoding</param-name><param-value>UTF-8</param-value></init-param></filter><filter-mapping><filter-name>CharacterEncodingFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping><filter> <filter-name>RightFilter</filter-name> <filter-class>com.test.RightFilter</filter-class> </filter> <filter-mapping> <filter-name>RightFilter</filter-name> <url-pattern>/admin/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>RightFilter</filter-name> <url-pattern>/manage/*</url-pattern> </filter-mapping>?
?