Filter有要实现的三方法:
void init(FilterConfig config) throws ServletException
void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
void destroy()
第一个方法,Filter被加载时,首先执行这个方法,常用来做些初始化的动作。
第二个方法,Filter处理过程的方法,最后一个参数chain,则是把request,response传给下一个Filter的FilterChain 对象,FilterChain是用doFilter()方法来调用下一个Filter,或者当没有Filter可调用时,则调用原始的Servlet等网页部分。

其次需要在Web.xml中设定Filter类和对应的网页类别。

下面是一个用Filter来对请求做统一的认证处理(参《jsp2.0技术手册》)

public class SessionCheckerFilter implements Filter{
    
private final Log logger = LogFactory.getLog(getClass());
    
private ServletContext context;
    
private String targetURI;
    
private String loginChecker;

    
/* (non-Javadoc)
     * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
     
*/

    
public void init(FilterConfig config) throws ServletException {
       context 
= config.getServletContext();
       targetURI 
= config.getInitParameter("TargetURI");
       loginChecker 
= config.getInitParameter("loginChecker");
    }


    
/* (non-Javadoc)
     * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
     
*/

    
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        
// TODO Auto-generated method stub
        LoginUserPool loginUserPool = LoginUserPool.getInstance();
        HttpServletRequest httpRequest 
= (HttpServletRequest) request;
        HttpServletResponse httpResponse 
= (HttpServletResponse) response;
        HttpSession session 
= httpRequest.getSession(false);
        
if(session != null){
            String passed 
= (String) session.getAttribute("passed");

                
if(passed.equals("true")){
                    chain.doFilter(httpRequest,httpResponse);
                    
return;
                }
else if(passed.equals("passing")){
                    
if(new String(httpRequest.getRequestURI()).equals(httpRequest.getContextPath()+"/"+loginChecker)){
                        chain.doFilter(httpRequest,httpResponse);
                        
return;
                    }

                }

            session.removeAttribute(
"passed");
        }

        StringBuffer requestURL 
= httpRequest.getRequestURL();
        String query 
= httpRequest.getQueryString();
        
if(query != null){
            requestURL.append(query);
        }

        httpRequest.setAttribute(
"originalURI",new String(requestURL));
        httpRequest.getRequestDispatcher(targetURI).forward(httpRequest,httpResponse);
    }


    
/* (non-Javadoc)
     * @see javax.servlet.Filter#destroy()
     
*/

    
public void destroy() {
        
// TODO Auto-generated method stub
        
    }


public class LoginChecker extends HttpServlet{
    
private final Log logger = LogFactory.getLog(getClass());
    
protected void doPost(
            HttpServletRequest httpRequest,
            HttpServletResponse httpResponse) 
throws IOException, ServletException {
            logger.info(
"Servlet:用户登陆合法性判断");
            String userId 
= httpRequest.getParameter("userId");
            String password 
= httpRequest.getParameter("password");
            String targetURI 
= httpRequest.getParameter("originalURI");
            
if ((!userId.equals("admin")) || (!password.equals("1234"))) {
                
throw new ServletException("粄靡ア毖");
            }

            
            HttpSession session 
= httpRequest.getSession();
            session.setAttribute(
"passed""true");
            httpResponse.sendRedirect(targetURI);
        }


 }


<%@ page contentType="text/html;charset=Big5" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>

<html>
<head>
  
<title>CH11 - Login.jsp</title>
</head>
<body>

<h2></h2>
<h2>用户名admin,密码1234</h2>

<c:set var="passed" value="passing" scope="session" />
<form method="post" action="/JSPBook/LoginChecker">
  
<table>
    
<tr>
      
<th>用户名</th>
      
<td><input type="text" name="userId"></td>
    
</tr>
    
<tr>
      
<th>密码</th>
      
<td><input type="password" name="password"></td>
    
</tr>
    
<th><input type="hidden" name="originalURI" value="${requestScope.originalURI}"></th>
    
    
<tr>
      
<th><input name="submit" type="submit" value="确认"></th>
    
</tr>
  
</table>
</form>

</body>
</html>

<filter>     
      
<filter-name>SessionChecker</filter-name>    
      
<filter-class>tw.com.javaworld.CH11.SessionChecker</filter-class>    
      
<init-param>
        
<param-name>targetURI</param-name>        
        
<param-value>/CH11/Login.jsp</param-value>    
      
</init-param>
    
</filter>
    
<filter-mapping>    
      
<filter-name>SessionChecker</filter-name>    
      
<url-pattern>/*</url-pattern>
    
</filter-mapping>
  
  
<servlet>
        
<servlet-name>LoginChecker</servlet-name>
        
<servlet-class>tw.com.javaworld.CH11.LoginChecker</servlet-class>
    
</servlet>    
    
<servlet-mapping>
        
<servlet-name>LoginChecker</servlet-name>
        
<url-pattern>/LoginChecker</url-pattern>
    
</servlet-mapping>



必须的话再做一些其它的过滤器,来判断,用户的合法性等等。