什么是Filter?
Filter实际上就是对web资源进行拦截,做一些处理后再交给下一个过滤器或servlet处理
应用场景 1、权限验证 2、使用Filter进行重写init 可以在项目的启动的时候进行初始化一些资源 3、是否登录拦截
配置及使用Filter
基于ssm及xml形式 创建一个类并实现Filter中三个方法
public class LoginFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest req
, ServletResponse resp
, FilterChain chain
) throws ServletException
, IOException
{
chain
.doFilter(req
, resp
);
}
public void init(FilterConfig config
) throws ServletException
{
}
}
配置web.xml
<filter>
<filter
-name
>loginFilter
</filter
-name
>
<filter
-class>com
.ivs
.filter
.LoginFilter
</filter
-class>
</filter
>
<filter
-mapping
>
<filter
-name
>loginFilter
</filter
-name
>
<!--拦截的url
-->
<url
-pattern
>/sys
实战使用Filter进行验证是否登录
package com
.mmall
.filter
;
import com
.mmall
.common
.RequestHolder
;
import com
.mmall
.model
.SysUser
;
import lombok
.extern
.slf4j
.Slf4j
;
import javax
.servlet
.Filter
;
import javax
.servlet
.FilterChain
;
import javax
.servlet
.FilterConfig
;
import javax
.servlet
.ServletException
;
import javax
.servlet
.ServletRequest
;
import javax
.servlet
.ServletResponse
;
import javax
.servlet
.http
.HttpServletRequest
;
import javax
.servlet
.http
.HttpServletResponse
;
import java
.io
.IOException
;
@Slf4j
public class LoginFilter implements Filter {
public void init(FilterConfig filterConfig
) throws ServletException
{
}
public void doFilter(ServletRequest servletRequest
, ServletResponse servletResponse
, FilterChain filterChain
) throws IOException
, ServletException
{
HttpServletRequest req
= (HttpServletRequest
) servletRequest
;
HttpServletResponse resp
= (HttpServletResponse
) servletResponse
;
SysUser sysUser
= (SysUser
)req
.getSession().getAttribute("user");
if (sysUser
== null
) {
String path
= "/signin.jsp";
resp
.sendRedirect(path
);
return;
}
RequestHolder
.add(sysUser
);
RequestHolder
.add(req
);
filterChain
.doFilter(servletRequest
, servletResponse
);
return;
}
public void destroy() {
}
}
web.xml配置
<filter>
<filter
-name
>loginFilter
</filter
-name
>
<filter
-class>com
.mmall
.filter
.LoginFilter
</filter
-class>
</filter
>
<filter
-mapping
>
<filter
-name
>loginFilter
</filter
-name
>
<url
-pattern
>/sys
实战使用Filter进行权限验证
package com
.mmall
.filter
;
import com
.google
.common
.base
.Splitter
;
import com
.google
.common
.collect
.Sets
;
import com
.mmall
.common
.ApplicationContextHelper
;
import com
.mmall
.common
.JsonData
;
import com
.mmall
.common
.RequestHolder
;
import com
.mmall
.model
.SysUser
;
import com
.mmall
.service
.SysCoreService
;
import com
.mmall
.utils
.JsonMapper
;
import lombok
.extern
.slf4j
.Slf4j
;
import javax
.servlet
.*
;
import javax
.servlet
.http
.HttpServletRequest
;
import javax
.servlet
.http
.HttpServletResponse
;
import java
.io
.IOException
;
import java
.util
.List
;
import java
.util
.Map
;
import java
.util
.Set
;
@Slf4j
public class AclControlFilter implements Filter {
private static Set
<String> exclusionUrlSet
= Sets
.newConcurrentHashSet();
private final static String noAuthUrl
= "/sys/user/noAuth.page";
@Override
public void init(FilterConfig filterConfig
) throws ServletException
{
String exclusionUrls
= filterConfig
.getInitParameter("exclusionUrls");
List
<String> exclusionUrlList
= Splitter
.on(",").trimResults().omitEmptyStrings().splitToList(exclusionUrls
);
exclusionUrlSet
= Sets
.newConcurrentHashSet(exclusionUrlList
);
exclusionUrlSet
.add(noAuthUrl
);
}
@Override
public void doFilter(ServletRequest servletRequest
, ServletResponse servletResponse
, FilterChain filterChain
) throws IOException
, ServletException
{
HttpServletRequest request
= (HttpServletRequest
) servletRequest
;
HttpServletResponse response
= (HttpServletResponse
) servletResponse
;
String servletPath
= request
.getServletPath();
Map requestMap
= request
.getParameterMap();
if (exclusionUrlSet
.contains(servletPath
)) {
filterChain
.doFilter(servletRequest
, servletResponse
);
return;
}
SysUser sysUser
= RequestHolder
.getCurrentUser();
if (sysUser
== null
) {
log
.info("someone visit {}, but no login, parameter:{}",
servletPath
, JsonMapper
.obj2String(requestMap
));
noAuth(request
, response
);
return;
}
SysCoreService sysCoreService
= ApplicationContextHelper
.popBean(SysCoreService
.class);
if (!sysCoreService
.hasUrlAcl(servletPath
)) {
log
.info("{} visit {}, but no login, parameter:{}", JsonMapper
.obj2String(sysUser
), servletPath
, JsonMapper
.obj2String(requestMap
));
noAuth(request
, response
);
return;
}
filterChain
.doFilter(servletRequest
, servletResponse
);
return;
}
private void noAuth(HttpServletRequest request
, HttpServletResponse response
) throws IOException
{
String servletPath
= request
.getServletPath();
if (servletPath
.endsWith(".json")) {
JsonData jsonData
= JsonData
.fail("没有访问权限,如需要访问,请联系管理员");
response
.setHeader("Content-Type", "application/json");
response
.getWriter().print(JsonMapper
.obj2String(jsonData
));
return;
} else {
clientRedirect(noAuthUrl
, response
);
return;
}
}
private void clientRedirect(String url
, HttpServletResponse response
) throws IOException
{
response
.setHeader("Content-Type", "text/html");
response
.getWriter().print("<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n"
+ "<html xmlns=\"http://www.w3.org/1999/xhtml\">\n" + "<head>\n" + "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\"/>\n"
+ "<title>跳转中...</title>\n" + "</head>\n" + "<body>\n" + "跳转中,请稍候...\n" + "<script type=\"text/javascript\">//<![CDATA[\n"
+ "window.location.href='" + url
+ "?ret='+encodeURIComponent(window.location.href);\n" + "//]]></script>\n" + "</body>\n" + "</html>\n");
}
@Override
public void destroy() {
}
}
web.xml配置
<filter>
<filter
-name
>aclControlFilter
</filter
-name
>
<filter
-class>com
.mmall
.filter
.AclControlFilter
</filter
-class>
<init
-param
>
<param
-name
>targetFilterLifecycle
</param
-name
>
<param
-value
>true</param
-value
>
</init
-param
>
<init
-param
>
<param
-name
>exclusionUrls
</param
-name
>
<param
-value
>/sys
/user
/noAuth
.page
,/login
.page
</param
-value
>
</init
-param
>
</filter
>
<filter
-mapping
>
<filter
-name
>aclControlFilter
</filter
-name
>
<url
-pattern
>/sys
