在web容器調用Servlet的service()方法之前芋肠,Servlet并不知道請求的到來溅潜,就有了一段“請求到來空白期間”衡楞;而在調用Servlet的service()之后,web容器真正對瀏覽器響應之前,瀏覽器也并不知道真正的Servlet的響應缤至,就有了一段“響應到達空白期間”短曾。過濾器的作用就是在兩段空白期間對請求和響應對象進行操作
public interface Filter {
void init(FilterConfig var1) throws ServletException;
void doFilter(ServletRequest var1, ServletResponse var2, FilterChain var3) throws IOException, ServletException;
void destroy();
}
過濾器也有自身的生命周期方法和Servlet極其的相似,每一個Filter都會有一個對應的FilterConfig谅猾,定義獲取初始化參數的方法
public interface FilterConfig {
String getFilterName();
ServletContext getServletContext();
String getInitParameter(String var1);
Enumeration<String> getInitParameterNames();
}
真正做過濾處理的方法就是doFilter()柄慰,如果調用了FilterChain的doFilter()方法,就會運行下一個過濾器税娜,如果沒有下一個過濾器先煎,就調用請求目標Servlet的service()方法;不過因為某種情況(用戶驗證不過關)巧涧,就不會調用FilterChain的doFilter()薯蝎,當然之后請求也不會交給相應的Servlet來處理了
public interface FilterChain {
void doFilter(ServletRequest var1, ServletResponse var2) throws IOException, ServletException;
}
@WebFilter(filterName = "DIYFilter", urlPatterns = "/*",
initParams = {
@WebInitParam(name = "filter-key", value = "filter-val")
},
dispatcherTypes = {
DispatcherType.FORWARD,
DispatcherType.INCLUDE,
DispatcherType.ERROR,
DispatcherType.ASYNC,
DispatcherType.REQUEST
})
public class DIYFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
// 獲取請求開始時間,用于計算一次請求到響應的耗時情況
long begin = System.currentTimeMillis();
chain.doFilter(req, resp);
// 響應時間
long end = System.currentTimeMillis();
System.out.print("請求處理時間:" + (end - begin));
}
public void init(FilterConfig config) throws ServletException {
}
}
過濾器可以定義初始化參數谤绳;一般過濾器過濾的請求都是由瀏覽器直接發(fā)出的占锯,對于請求轉發(fā)的Servlet則需要配置DispatcherType袒哥,上訴配置信息也可以在web.xml中進行配置:
<filter>
<filter-name>DIYFilter</filter-name>
<filter-class>DIYFilter</filter-class>
<!-- 配置過濾器初始化參數 -->
<init-param>
<param-name>filter-key</param-name>
<param-value>filter-val</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>DIYFilter</filter-name>
<url-pattern>/*</url-pattern>
<!-- 配置通過請求轉發(fā)等其他方式也會被過濾的dispatcher -->
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ASYNC</dispatcher>
</filter-mapping>
如果有多個過濾器,則會根據在web.xml中出現的先后順序決定過濾器的運行順序
請求裝飾器HttpServletRequestWrapper
HttpServletRequest可以通過getParameter()獲取到客戶提交的請求參數消略,卻沒有setParameter()方法來修改請求參數堡称,所幸有個HttpServletRequestWrapper來幫助我們來實現這一功能
public class HttpServletRequestWrapper extends ServletRequestWrapper implements HttpServletRequest {
public HttpServletRequestWrapper(HttpServletRequest request) {
super(request);
}
private HttpServletRequest _getHttpServletRequest() {
return (HttpServletRequest)super.getRequest();
}
public String getAuthType() {
return this._getHttpServletRequest().getAuthType();
}
public Cookie[] getCookies() {
return this._getHttpServletRequest().getCookies();
}
public long getDateHeader(String name) {
return this._getHttpServletRequest().getDateHeader(name);
}
public String getHeader(String name) {
return this._getHttpServletRequest().getHeader(name);
}
public Enumeration<String> getHeaders(String name) {
return this._getHttpServletRequest().getHeaders(name);
}
public Enumeration<String> getHeaderNames() {
return this._getHttpServletRequest().getHeaderNames();
}
public int getIntHeader(String name) {
return this._getHttpServletRequest().getIntHeader(name);
}
public String getMethod() {
return this._getHttpServletRequest().getMethod();
}
public String getPathInfo() {
return this._getHttpServletRequest().getPathInfo();
}
public String getPathTranslated() {
return this._getHttpServletRequest().getPathTranslated();
}
public String getContextPath() {
return this._getHttpServletRequest().getContextPath();
}
public String getQueryString() {
return this._getHttpServletRequest().getQueryString();
}
public String getRemoteUser() {
return this._getHttpServletRequest().getRemoteUser();
}
public boolean isUserInRole(String role) {
return this._getHttpServletRequest().isUserInRole(role);
}
public Principal getUserPrincipal() {
return this._getHttpServletRequest().getUserPrincipal();
}
public String getRequestedSessionId() {
return this._getHttpServletRequest().getRequestedSessionId();
}
public String getRequestURI() {
return this._getHttpServletRequest().getRequestURI();
}
public StringBuffer getRequestURL() {
return this._getHttpServletRequest().getRequestURL();
}
public String getServletPath() {
return this._getHttpServletRequest().getServletPath();
}
public HttpSession getSession(boolean create) {
return this._getHttpServletRequest().getSession(create);
}
public HttpSession getSession() {
return this._getHttpServletRequest().getSession();
}
public String changeSessionId() {
return this._getHttpServletRequest().changeSessionId();
}
public boolean isRequestedSessionIdValid() {
return this._getHttpServletRequest().isRequestedSessionIdValid();
}
public boolean isRequestedSessionIdFromCookie() {
return this._getHttpServletRequest().isRequestedSessionIdFromCookie();
}
public boolean isRequestedSessionIdFromURL() {
return this._getHttpServletRequest().isRequestedSessionIdFromURL();
}
/** @deprecated */
public boolean isRequestedSessionIdFromUrl() {
return this._getHttpServletRequest().isRequestedSessionIdFromUrl();
}
public boolean authenticate(HttpServletResponse response) throws IOException, ServletException {
return this._getHttpServletRequest().authenticate(response);
}
public void login(String username, String password) throws ServletException {
this._getHttpServletRequest().login(username, password);
}
public void logout() throws ServletException {
this._getHttpServletRequest().logout();
}
public Collection<Part> getParts() throws IOException, ServletException {
return this._getHttpServletRequest().getParts();
}
public Part getPart(String name) throws IOException, ServletException {
return this._getHttpServletRequest().getPart(name);
}
public <T extends HttpUpgradeHandler> T upgrade(Class<T> httpUpgradeHandlerClass) throws IOException, ServletException {
return this._getHttpServletRequest().upgrade(httpUpgradeHandlerClass);
}
}
/**
* HttpServletRequest包裝類,用于處理請求中的參數
*/
public class DIYRequestWrapper extends HttpServletRequestWrapper {
public DIYRequestWrapper(HttpServletRequest request) {
super(request);
}
public String getParameter(String name) {
String oldPara = getRequest().getParameter(name);
// 當請求參數中包含><等字符艺演,將其轉義為><却紧;防止腳本注入
String newPara = oldPara.replace("<","<").replace(">",">");
return newPara;
}
}
然后將該Wrapper類用于過濾器中,這樣子每次請求中的請求參數都能被Wrapper中定義的處理機制處理
@WebFilter("/*")
public class RequestWrapperFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
// 在過濾器中胎撤,通過requestWrapper類來處理請求參數
HttpServletRequest reqWrp = new DIYRequestWrapper((HttpServletRequest) req);
HttpServletResponse response = (HttpServletResponse)resp;
// 解決中文字符以 錛氱幇鍦 的亂碼格式
response.setHeader("Content-type", "text/html;charset=UTF-8");
// 解決中文字符以 ???? 的亂碼格式
response.setCharacterEncoding("utf-8");
chain.doFilter(reqWrp, response);
}
public void init(FilterConfig config) throws ServletException {
}
}
響應裝飾器HttpServletResponseWrapper
若要對瀏覽器進行輸出響應晓殊,必須通過getWriter()獲取到PrintWriter對象或者通過getOutputStream()取得ServletOutputStream對象,而響應裝飾器的主要做法就是重新定義這兩個方法伤提;不過在Servlet規(guī)范中巫俺,同一個請求期間,getWriter()和getOutputStream()只能擇一調用肿男,否則拋出IllegalStateException介汹,因此在響應裝飾器中,也應該遵循這個規(guī)范舶沛。
HttpServletResponseWrapper和Filter工作原理與HttpServletRequestWrapper和Filter工作原理一致
