在web容器調(diào)用Servlet的service()方法之前,Servlet并不知道請求的到來,就有了一段“請求到來空白期間”;而在調(diào)用Servlet的service()之后,web容器真正對瀏覽器響應(yīng)之前,瀏覽器也并不知道真正的Servlet的響應(yīng),就有了一段“響應(yīng)到達(dá)空白期間”。過濾器的作用就是在兩段空白期間對請求和響應(yīng)對象進(jìn)行操作
public interface Filter {
void init(FilterConfig var1) throws ServletException;
void doFilter(ServletRequest var1, ServletResponse var2, FilterChain var3) throws IOException, ServletException;
void destroy();
}
過濾器也有自身的生命周期方法和Servlet極其的相似,每一個Filter都會有一個對應(yīng)的FilterConfig,定義獲取初始化參數(shù)的方法
public interface FilterConfig {
String getFilterName();
ServletContext getServletContext();
String getInitParameter(String var1);
Enumeration<String> getInitParameterNames();
}
真正做過濾處理的方法就是doFilter(),如果調(diào)用了FilterChain的doFilter()方法,就會運行下一個過濾器,如果沒有下一個過濾器,就調(diào)用請求目標(biāo)Servlet的service()方法;不過因為某種情況(用戶驗證不過關(guān)),就不會調(diào)用FilterChain的doFilter(),當(dāng)然之后請求也不會交給相應(yīng)的Servlet來處理了
public interface FilterChain {
void doFilter(ServletRequest var1, ServletResponse var2) throws IOException, ServletException;
}
@WebFilter(filterName = "DIYFilter", urlPatterns = "/*",
initParams = {
@WebInitParam(name = "filter-key", value = "filter-val")
},
dispatcherTypes = {
DispatcherType.FORWARD,
DispatcherType.INCLUDE,
DispatcherType.ERROR,
DispatcherType.ASYNC,
DispatcherType.REQUEST
})
public class DIYFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
// 獲取請求開始時間,用于計算一次請求到響應(yīng)的耗時情況
long begin = System.currentTimeMillis();
chain.doFilter(req, resp);
// 響應(yīng)時間
long end = System.currentTimeMillis();
System.out.print("請求處理時間:" + (end - begin));
}
public void init(FilterConfig config) throws ServletException {
}
}
過濾器可以定義初始化參數(shù);一般過濾器過濾的請求都是由瀏覽器直接發(fā)出的,對于請求轉(zhuǎn)發(fā)的Servlet則需要配置DispatcherType,上訴配置信息也可以在web.xml中進(jìn)行配置:
<filter>
<filter-name>DIYFilter</filter-name>
<filter-class>DIYFilter</filter-class>
<!-- 配置過濾器初始化參數(shù) -->
<init-param>
<param-name>filter-key</param-name>
<param-value>filter-val</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>DIYFilter</filter-name>
<url-pattern>/*</url-pattern>
<!-- 配置通過請求轉(zhuǎn)發(fā)等其他方式也會被過濾的dispatcher -->
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ASYNC</dispatcher>
</filter-mapping>
如果有多個過濾器,則會根據(jù)在web.xml中出現(xiàn)的先后順序決定過濾器的運行順序
請求裝飾器HttpServletRequestWrapper
HttpServletRequest可以通過getParameter()獲取到客戶提交的請求參數(shù),卻沒有setParameter()方法來修改請求參數(shù),所幸有個HttpServletRequestWrapper來幫助我們來實現(xiàn)這一功能
public class HttpServletRequestWrapper extends ServletRequestWrapper implements HttpServletRequest {
public HttpServletRequestWrapper(HttpServletRequest request) {
super(request);
}
private HttpServletRequest _getHttpServletRequest() {
return (HttpServletRequest)super.getRequest();
}
public String getAuthType() {
return this._getHttpServletRequest().getAuthType();
}
public Cookie[] getCookies() {
return this._getHttpServletRequest().getCookies();
}
public long getDateHeader(String name) {
return this._getHttpServletRequest().getDateHeader(name);
}
public String getHeader(String name) {
return this._getHttpServletRequest().getHeader(name);
}
public Enumeration<String> getHeaders(String name) {
return this._getHttpServletRequest().getHeaders(name);
}
public Enumeration<String> getHeaderNames() {
return this._getHttpServletRequest().getHeaderNames();
}
public int getIntHeader(String name) {
return this._getHttpServletRequest().getIntHeader(name);
}
public String getMethod() {
return this._getHttpServletRequest().getMethod();
}
public String getPathInfo() {
return this._getHttpServletRequest().getPathInfo();
}
public String getPathTranslated() {
return this._getHttpServletRequest().getPathTranslated();
}
public String getContextPath() {
return this._getHttpServletRequest().getContextPath();
}
public String getQueryString() {
return this._getHttpServletRequest().getQueryString();
}
public String getRemoteUser() {
return this._getHttpServletRequest().getRemoteUser();
}
public boolean isUserInRole(String role) {
return this._getHttpServletRequest().isUserInRole(role);
}
public Principal getUserPrincipal() {
return this._getHttpServletRequest().getUserPrincipal();
}
public String getRequestedSessionId() {
return this._getHttpServletRequest().getRequestedSessionId();
}
public String getRequestURI() {
return this._getHttpServletRequest().getRequestURI();
}
public StringBuffer getRequestURL() {
return this._getHttpServletRequest().getRequestURL();
}
public String getServletPath() {
return this._getHttpServletRequest().getServletPath();
}
public HttpSession getSession(boolean create) {
return this._getHttpServletRequest().getSession(create);
}
public HttpSession getSession() {
return this._getHttpServletRequest().getSession();
}
public String changeSessionId() {
return this._getHttpServletRequest().changeSessionId();
}
public boolean isRequestedSessionIdValid() {
return this._getHttpServletRequest().isRequestedSessionIdValid();
}
public boolean isRequestedSessionIdFromCookie() {
return this._getHttpServletRequest().isRequestedSessionIdFromCookie();
}
public boolean isRequestedSessionIdFromURL() {
return this._getHttpServletRequest().isRequestedSessionIdFromURL();
}
/** @deprecated */
public boolean isRequestedSessionIdFromUrl() {
return this._getHttpServletRequest().isRequestedSessionIdFromUrl();
}
public boolean authenticate(HttpServletResponse response) throws IOException, ServletException {
return this._getHttpServletRequest().authenticate(response);
}
public void login(String username, String password) throws ServletException {
this._getHttpServletRequest().login(username, password);
}
public void logout() throws ServletException {
this._getHttpServletRequest().logout();
}
public Collection<Part> getParts() throws IOException, ServletException {
return this._getHttpServletRequest().getParts();
}
public Part getPart(String name) throws IOException, ServletException {
return this._getHttpServletRequest().getPart(name);
}
public <T extends HttpUpgradeHandler> T upgrade(Class<T> httpUpgradeHandlerClass) throws IOException, ServletException {
return this._getHttpServletRequest().upgrade(httpUpgradeHandlerClass);
}
}
/**
* HttpServletRequest包裝類,用于處理請求中的參數(shù)
*/
public class DIYRequestWrapper extends HttpServletRequestWrapper {
public DIYRequestWrapper(HttpServletRequest request) {
super(request);
}
public String getParameter(String name) {
String oldPara = getRequest().getParameter(name);
// 當(dāng)請求參數(shù)中包含><等字符,將其轉(zhuǎn)義為><;防止腳本注入
String newPara = oldPara.replace("<","<").replace(">",">");
return newPara;
}
}
然后將該Wrapper類用于過濾器中,這樣子每次請求中的請求參數(shù)都能被Wrapper中定義的處理機制處理
@WebFilter("/*")
public class RequestWrapperFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
// 在過濾器中,通過requestWrapper類來處理請求參數(shù)
HttpServletRequest reqWrp = new DIYRequestWrapper((HttpServletRequest) req);
HttpServletResponse response = (HttpServletResponse)resp;
// 解決中文字符以 錛氱幇鍦 的亂碼格式
response.setHeader("Content-type", "text/html;charset=UTF-8");
// 解決中文字符以 ???? 的亂碼格式
response.setCharacterEncoding("utf-8");
chain.doFilter(reqWrp, response);
}
public void init(FilterConfig config) throws ServletException {
}
}
響應(yīng)裝飾器HttpServletResponseWrapper
若要對瀏覽器進(jìn)行輸出響應(yīng),必須通過getWriter()獲取到PrintWriter對象或者通過getOutputStream()取得ServletOutputStream對象,而響應(yīng)裝飾器的主要做法就是重新定義這兩個方法;不過在Servlet規(guī)范中,同一個請求期間,getWriter()和getOutputStream()只能擇一調(diào)用,否則拋出IllegalStateException,因此在響應(yīng)裝飾器中,也應(yīng)該遵循這個規(guī)范。
HttpServletResponseWrapper和Filter工作原理與HttpServletRequestWrapper和Filter工作原理一致
