Filter有要实现的三方法:
void init(FilterConfig config) throws ServletException
void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
void destroy()
第一个方法,Filter被加载时,首先执行这个方法,常用来做些初始化的动作。
第二个方法,Filter处理过程的方法,最后一个参数chain,则是把request,response传给下一个Filter的FilterChain 对象,FilterChain是用doFilter()方法来调用下一个Filter,或者当没有Filter可调用时,则调用原始的Servlet等网页部分。
其次需要在Web.xml中设定Filter类和对应的网页类别。
下面是一个用Filter来对请求做统一的认证处理(参《jsp2.0技术手册》)
public class SessionCheckerFilter implements Filter{
private final Log logger = LogFactory.getLog(getClass());
private ServletContext context;
private String targetURI;
private String loginChecker;
/**//* (non-Javadoc)
* @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
*/
public void init(FilterConfig config) throws ServletException {
context = config.getServletContext();
targetURI = config.getInitParameter("TargetURI");
loginChecker = config.getInitParameter("loginChecker");
}
/**//* (non-Javadoc)
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
LoginUserPool loginUserPool = LoginUserPool.getInstance();
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
HttpSession session = httpRequest.getSession(false);
if(session != null){
String passed = (String) session.getAttribute("passed");
if(passed.equals("true")){
chain.doFilter(httpRequest,httpResponse);
return;
}else if(passed.equals("passing")){
if(new String(httpRequest.getRequestURI()).equals(httpRequest.getContextPath()+"/"+loginChecker)){
chain.doFilter(httpRequest,httpResponse);
return;
}
}
session.removeAttribute("passed");
}
StringBuffer requestURL = httpRequest.getRequestURL();
String query = httpRequest.getQueryString();
if(query != null){
requestURL.append(query);
}
httpRequest.setAttribute("originalURI",new String(requestURL));
httpRequest.getRequestDispatcher(targetURI).forward(httpRequest,httpResponse);
}
/**//* (non-Javadoc)
* @see javax.servlet.Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
public class LoginChecker extends HttpServlet{
private final Log logger = LogFactory.getLog(getClass());
protected void doPost(
HttpServletRequest httpRequest,
HttpServletResponse httpResponse) throws IOException, ServletException {
logger.info("Servlet:用户登陆合法性判断");
String userId = httpRequest.getParameter("userId");
String password = httpRequest.getParameter("password");
String targetURI = httpRequest.getParameter("originalURI");
if ((!userId.equals("admin")) || (!password.equals("1234"))) {
throw new ServletException("粄靡ア毖");
}
HttpSession session = httpRequest.getSession();
session.setAttribute("passed", "true");
httpResponse.sendRedirect(targetURI);
}
}
<%@ page contentType="text/html;charset=Big5" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<html>
<head>
<title>CH11 - Login.jsp</title>
</head>
<body>
<h2></h2>
<h2>用户名admin,密码1234</h2>
<c:set var="passed" value="passing" scope="session" />
<form method="post" action="/JSPBook/LoginChecker">
<table>
<tr>
<th>用户名</th>
<td><input type="text" name="userId"></td>
</tr>
<tr>
<th>密码</th>
<td><input type="password" name="password"></td>
</tr>
<th><input type="hidden" name="originalURI" value="${requestScope.originalURI}"></th>
<tr>
<th><input name="submit" type="submit" value="确认"></th>
</tr>
</table>
</form>
</body>
</html>
<filter>
<filter-name>SessionChecker</filter-name>
<filter-class>tw.com.javaworld.CH11.SessionChecker</filter-class>
<init-param>
<param-name>targetURI</param-name>
<param-value>/CH11/Login.jsp</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>SessionChecker</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>LoginChecker</servlet-name>
<servlet-class>tw.com.javaworld.CH11.LoginChecker</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginChecker</servlet-name>
<url-pattern>/LoginChecker</url-pattern>
</servlet-mapping>
。
必须的话再做一些其它的过滤器,来判断,用户的合法性等等。