JavaWeb---過濾器Filter---(二)
阿新 • • 發佈:2018-11-29
過濾器的一個應用例項:自動登入
這裡我從前端往後面寫,這個例子裡面我沒有使用到資料庫,即dao層暫且忽略,賬號密碼我用他們相等來驗證
這個例子自動登入的實現本質上就是將資訊暫時儲存到cookie中去,每次訪問時都到cookie中去看是都存在user物件,有的話就自動登入,沒有的話就進行賬號密碼登入。
前臺頁面index.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>演示利用Filter實現自動登入</title> </head> <body> <h2>這是主頁</h2> <c:if test="${!empty sessionScope.error}"> ${sessionScope.error} <c:remove var="error" scope="session"/> </c:if> <c:if test="${empty sessionScope.user}" var="boo"> <form action="<c:url value='/LoginServlet'/>" method="post"> Name:<input type="text" name="name"><br/> Pwd:<input type="text" name="pwd"><br/> 自動登入: <input type="radio" name="time" value="0" checked="checked">不自動登入 <input type="radio" name="time" value="1" >1天 <input type="radio" name="time" value="7" >7天 <br/> <input type="submit" value="登入"> </form> </c:if> <c:if test="${!boo}"> ${user.name},歡迎你! <a href="<c:url value='/jsps/show.jsp'/>">瀏覽商品</a><br/> <a href="<c:url value='/CancelAutoLoginServlet'/>">取消自動登入</a> </c:if> </body> </html>
package cn.hncu.filter; import java.io.IOException; import java.net.URLDecoder; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import cn.hncu.domain.User; public class AutoLoginFilter implements Filter { public AutoLoginFilter() { } public void destroy() { } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest)request; if(req.getSession().getAttribute("user")==null){//還沒登入,幫你自動登入 Cookie cs[] = req.getCookies(); if(cs!=null){ for(Cookie c:cs){//找"autoLogin"這個cookie if(c.getName().equals("autoLogin")){ String str = c.getValue(); String vals[] = str.split(","); String name = URLDecoder.decode(vals[0], "utf-8"); String pwd = URLDecoder.decode(vals[1], "utf-8"); //...//到後臺驗證登入是否成功(這裡偷懶了,直接以兩者相等來判斷) if(name.equals(pwd)){//如果成功則返回一個user物件 User user = new User(); user.setName(name); user.setPwd(pwd); req.getSession().setAttribute("user", user); break; } } } } } chain.doFilter(req, response); } public void init(FilterConfig fConfig) throws ServletException { } }
CharacterFilter.java判斷是否被拉入黑名單
package cn.hncu.pubs; import java.io.IOException; import java.util.HashSet; import java.util.Set; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletResponse; public class CharacterFilter implements Filter{ private String charset; //黑名單 private Set<String> set = new HashSet<String>(); @Override public void init(FilterConfig filterConfig) throws ServletException { charset = filterConfig.getInitParameter("charset"); //到資料庫中把黑名單載入進來,這裡簡單模擬一下 set.add("127.0.0.1"); set.add("192.168.31.168"); } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { request.setCharacterEncoding(charset); //以下演示黑名單過濾技術 String ip = request.getRemoteAddr(); if(set.contains(ip)){ HttpServletResponse resp = (HttpServletResponse) response; resp.setContentType("text/html;charset=utf-8"); resp.getWriter().println("你已被列入黑名單,不能訪問!"); }else{ chain.doFilter(request, response);//放行 } } @Override public void destroy() { } }
Servlet層
LoginServlet.java
package cn.hncu.servlet;
import java.io.IOException;
import java.net.URLEncoder;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import cn.hncu.domain.User;
public class LoginServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doPost(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//從頁面接收登入資訊
String name = request.getParameter("name");
String pwd = request.getParameter("pwd");
String time = request.getParameter("time");
User user = new User();
user.setName(name);
user.setPwd(pwd);
if(name!=null && name.trim().length()!=0 && pwd!=null){
if(name.equals(pwd)){//按理應該到後臺去驗證登入是否成功,這裡偷懶了--直接以使用者名稱和密碼相同為登入成功
request.getSession().setAttribute("user", user);
//登入成功,就往客戶端寫一個cookie,將使用者名稱和密碼存到cookie中
//為了能夠相容中文,要進行編碼
name = URLEncoder.encode(name, "utf-8");
pwd = URLEncoder.encode(pwd, "utf-8");
Cookie cookie = new Cookie("autoLogin",name+","+pwd);
cookie.setPath(request.getContextPath());//許可權:本專案中的類都可以訪問該cookie
//有效期
cookie.setMaxAge( 60*60*24* Integer.parseInt(time) );
response.addCookie(cookie);//儲存到客戶端
}else{
request.getSession().setAttribute("error", "密碼錯誤!");
}
}else{
request.getSession().setAttribute("error", "請輸入使用者名稱!");
}
response.sendRedirect(request.getContextPath()+"/index.jsp");
}
}
CancelAutoLoginServlet.java取消自動登入
package cn.hncu.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class CancelAutoLoginServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doPost(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
System.out.println("取消自動登入.....");
//取消自動登入,其實就是刪除cookie
Cookie cookie = new Cookie("autoLogin","");
cookie.setPath(request.getContextPath());
cookie.setMaxAge(0);//有效期為0即是刪除
response.addCookie(cookie);
response.sendRedirect(request.getContextPath()+"/index.jsp");
}
}
值物件:User.java
package cn.hncu.domain;
public class User {
private String name;
private String pwd;
public User() {
super();
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getPwd() {
return pwd;
}
public void setPwd(String pwd) {
this.pwd = pwd;
}
}
順便附帶上web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<display-name></display-name>
<filter>
<filter-name>charset</filter-name>
<filter-class>cn.hncu.pubs.CharacterFilter</filter-class>
<init-param>
<param-name>charset</param-name>
<param-value>utf-8</param-value>
</init-param>
</filter>
<filter>
<filter-name>autoLogin</filter-name>
<filter-class>cn.hncu.filter.AutoLoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>charset</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>autoLogin</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>cn.hncu.servlet.LoginServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>CancelAutoLoginServlet</servlet-name>
<servlet-class>cn.hncu.servlet.CancelAutoLoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/LoginServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>CancelAutoLoginServlet</servlet-name>
<url-pattern>/CancelAutoLoginServlet</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>