Java Filter filter details and example code
- 2020-05-19 04:50:05
- OfStack
Filter profile
Also known as filters, Filter is the most useful technique in Servlet technology. WEB developers use Filter technology to intercept all web resources managed by web servers, such as Jsp, Servlet, static image files or static html files, so as to achieve some special functions. For example, the implementation of URL level access control, filtering sensitive words, compressed response information and other advanced functions.
It is mainly used for preprocessing user requests, and can also be used for post-processing of HttpServletResponse. The complete process of using Filter: Filter preprocesses the user request, then passes the request to Servlet for processing and response generation, and finally Filter post-processes the server response.
Filter function
1. Intercept customer's HttpServletRequest before HttpServletRequest arrives at Servlet. The HttpServletRequest header and data can also be modified as needed.
2. Intercept HttpServletResponse before it reaches the client. The HttpServletResponse header and data can also be modified as needed.
How to implement interception with Filter
There is one doFilter method in Filter interface. After the developer has written Filter and configured which web resource to intercept, the WEB server will call doFilter method of filter under 1 before calling service method of web resource. Therefore, the code written in this method can achieve the following purposes:
1. Let 1 piece of code execute before invoking the target resource.
2. Whether to invoke the target resource (that is, whether to give the user access to the web resource).
web server when the call doFilter method, will deliver a filterChain object to come in, filterChain object is the most important one in filter interface object, it also provides a doFilter method, the developer can according to demand to decide whether to call this method, call the method, the web server is called web resources service method, namely web resources will be accessed, web resources will not be accessed.
Filter development in two steps
Write the java class to implement the Filter interface and implement its doFilter methods.
The and element is used in the web.xml file to register the filter class you wrote and to set the resources it can intercept.
Introduction to each node of web. xml configuration:
< filter-mapping > The element is used to set a resource that Filter is responsible for intercepting. A resource intercepted by Filter can be specified in two ways: the Servlet name and the request path for resource access
< filter-name > The child element is used to set the registration name of filter. The value must be in < filter > The name of the filter declared in the element < url-pattern > Set the request path intercepted by filter (the URL style associated with the filter)
<
servlet-name
>
Specify the Servlet name that the filter intercepts.
<
dispatcher
>
Specify how the resource that the filter intercepts is invoked by the Servlet container, which can be REQUEST,INCLUDE,FORWARD, and ERROR 1 by default, REQUEST. Users can set more than one
<
dispatcher
>
The child element is used to specify how Filter intercepts multiple calls to the resource.
<
dispatcher
>
The values that a child element can set and their meanings
Filter chain
In an web application, multiple Filter can be developed and written, and these Filter are combined to form an Filter chain.
The web server decides which Filter to call first based on the order in which Filter is registered in the web.xml file. When the first Filter doFilter method is called, the web server will create an FilterChain object representing the Filter chain and pass it to the method. In the doFilter method, if the developer calls the doFilter method of the FilterChain object, the web server checks to see if filter is still in the FilterChain object; if so, the second filter is called; if not, the target resource is called.
The life cycle of Filter
public void init(FilterConfig filterConfig) throws ServletException;// Initialize the Like the Servlet program we wrote, Filter is created and destroyed by the WEB server. When the web application starts, the web server will create an instance object of Filter, call its init method, read the web.xml configuration, and complete the initialization function of the object, thus preparing for the interception of subsequent user requests (the filter object will be created only once, and the init method will be executed only once). The developer can obtain the FilterConfig object that represents the current filter configuration information through the parameters of the init method.
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException;// Intercept request
This method does the actual filtering. When a customer requests access to the URL associated with the filter, the Servlet filter first executes the doFilter method. The FilterChain parameter is used to access subsequent filters.
public void destroy();// The destruction The Filter objects reside in memory after creation and are destroyed when the web application is removed or the server stops. Called before the Web container unloads the Filter object. This method is executed only once in the lifetime of Filter. In this method, the resources used by the filter can be freed.
FilterConfig interface
When configuring filter, the user can configure 1 for filter with some initialization parameters. When the web container instantiates the Filter object and calls its init method, the filterConfig object that encapsulates the filter initialization parameters will be passed in. Therefore, when developers write filter, they can obtain the following content through the method of filterConfig object:
String getFilterName();// get filter The name of the.
String getInitParameter(String name);// Returns the value of the initialization parameter specified in the deployment description. Return if none exists null.
Enumeration getInitParameterNames();// Returns an enumerated collection of the names of all initialization parameters of the filter.
public ServletContext getServletContext();// return Servlet A reference to a context object. Filter use cases
Verify user login security controls using Filter
Some time ago, I participated in the maintenance of a project. After the user exits the system, he/she goes to the address bar to visit the history. According to url, he/she can still enter the system response page. I went to check 1 and found that the request was not filtered to verify user login. Add 1 filter to fix the problem!
First in the web.xml configuration
<filter>
<filter-name>SessionFilter</filter-name>
<filter-class>com.action.login.SessionFilter</filter-class>
<init-param>
<param-name>logonStrings</param-name><!-- The login page is not filtered -->
<param-value>/project/index.jsp;login.do</param-value>
</init-param>
<init-param>
<param-name>includeStrings</param-name><!-- Filters only the specified filter parameter suffix -->
<param-value>.do;.jsp</param-value>
</init-param>
<init-param>
<param-name>redirectPath</param-name><!-- Failed to jump to the login screen -->
<param-value>/index.jsp</param-value>
</init-param>
<init-param>
<param-name>disabletestfilter</param-name><!-- Y: Filter is invalid -->
<param-value>N</param-value><!-- http://www.manongjc.com/article/1613.html -->
</init-param>
</filter>
<filter-mapping>
<filter-name>SessionFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
FilterServlet.java:
package com.action.login;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
/**
* Determine if the user is logged in , If you do not log in, you will log out
* http://www.manongjc.com/article/1613.html
*/
public class SessionFilter implements Filter {
public FilterConfig config;
public void destroy() {
this.config = null;
}
public static boolean isContains(String container, String[] regx) {
boolean result = false;
for (int i = 0; i < regx.length; i++) {
if (container.indexOf(regx[i]) != -1) {
return true;
}
}
return result;
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest hrequest = (HttpServletRequest)request;
HttpServletResponseWrapper wrapper = new HttpServletResponseWrapper((HttpServletResponse) response);
String logonStrings = config.getInitParameter("logonStrings"); // Login login page
String includeStrings = config.getInitParameter("includeStrings"); // Filter resource suffix parameters
String redirectPath = hrequest.getContextPath() + config.getInitParameter("redirectPath");// Did not log in to the redirect page
String disabletestfilter = config.getInitParameter("disabletestfilter");// Whether the filter is effective or not
if (disabletestfilter.toUpperCase().equals("Y")) { // Filter is invalid
chain.doFilter(request, response);
return;
}
String[] logonList = logonStrings.split(";");
String[] includeList = includeStrings.split(";");
if (!this.isContains(hrequest.getRequestURI(), includeList)) {// Filters only the specified filter parameter suffix
chain.doFilter(request, response);
return;
}
if (this.isContains(hrequest.getRequestURI(), logonList)) {// The login page is not filtered
chain.doFilter(request, response);
return;
}
String user = ( String ) hrequest.getSession().getAttribute("useronly");// Determine if the user is logged in
if (user == null) {
wrapper.sendRedirect(redirectPath);
return;
}else {
chain.doFilter(request, response);
return;
}
}
public void init(FilterConfig filterConfig) throws ServletException {
config = filterConfig;
}
}
This completes all requests to the user and requires that the user be logged in via this Filter.
Prevent Chinese garbled code filter
When the project USES the spring framework. This filter can be used when the current JSP page and JAVA code are encoded using different character sets, and when the data submitted by the form or the file with the Chinese name are uploaded/downloaded, the problem occurs.
<filter>
<filter-name>encoding</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name><!-- Used to specify 1 Specific character sets -->
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name><!--true : no matter request Whether or not a character set is specified is used encoding ; false If: request Has been specified 1 Is not used if there are four character sets encoding-->
<param-value>false</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Spring+Hibernate OpenSessionInViewFilter controls the switch of session
When hibernate+spring is used together, if lazy=true (lazy loading) is set, then when reading data, hibernate will automatically close session after reading the parent data. In this way, when using the associated data and child data, the system will throw lazyinit error, then OpenSessionInViewFilter filter provided by spring needs to be used.
OpenSessionInViewFilter mainly maintains the Session state until request sends all the pages to the client, and then closes session after the request is finished, which solves the problem of lazy loading.
Note: the OpenSessionInViewFilter configuration is written before the struts2 configuration. Since the tomcat container is loaded in order when loading the filters, if the configuration file first writes the filter configuration of struts2 and then the OpenSessionInViewFilter filter configuration, the loading order results in that action session is not managed by spring when it gets the data.
<filter><!-- lazy loading enabled in spring -->
<filter-name>OpenSessionInViewFilter</filter-name>
<filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class>
<init-param>
<param-name>sessionFactoryBeanName</param-name><!-- Can be the default. The default is spring The container to find id for sessionFactory the bean If the id Don't for sessionFactory , you need to configure it as follows, here SessionFactory for spring In a container bean . -->
<param-value>sessionFactory</param-value>
</init-param>
<init-param>
<param-name>singleSession</param-name><!-- singleSession The default is true, If set to false Is equal to useless OpenSessionInView -->
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>OpenSessionInViewFilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
Struts2 web.xml configuration
The use of Struts2 in the project also requires the configuration of a filter at web.xml to intercept the request and proceed to Action at Struts2 for processing.
Note: if the Struts2 version before 2.1.3, filter using org. apache. struts2. dispatcher. FilterDispatcher. Otherwise, use org. apache. struts2. dispatcher. ng. filter. StrutsPrepareAndExecuteFilter. Starting with Struts2.1.3, the ActionContextCleanUp filter will be discarded, while the StrutsPrepareAndExecuteFilter filter contains the corresponding function.
Three initialization parameter configurations:
config parameter: specifies the configuration file to load. Comma split. actionPackages parameter: specifies the package space in which the Action class resides. Comma split. configProviders parameter: a custom configuration file provider that needs to implement the ConfigurationProvider interface class. Comma split.
<!-- struts 2.x filter -->
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
Thank you for reading, I hope to help you, thank you for your support of this site!