Catalog
Three components of JavaWeb Filter
3. Implementation process of filter method
4. Login permission verification case
Three components of JavaWeb Filter
1. Workflow
- The client sends the http request to enter the filter first and execute the relevant business logic
- If it is determined to pass, it will enter the Servlet logic. After the Servlet is executed, it will return to Filter, and finally return to the requester
- Fail to determine, return directly, no need to send the request to the Servlet
Project rough data flow
2. Use scenario
- In the filter layer, to obtain the user's identity and determine whether the user is logged in.
- You can consider doing some regular checks in the filter layer.
- Set utf-8 encoding to prevent page scrambling( case)
3. Implementation process of filter method
- When creating a Filter object, call the init method
- When destroying a Filter object, call the destroy method
- When the request comes, call doFilter, which is the main business logic
-
Pass the request to the next Filter in the Filter chain. If the current Filter is the last Filter in the Filter chain, pass the request to the target Servlet (or JSP). Note: the order of intercepting multiple filters is related to the order of < Filter mapping > configuration. The first Filter is called first
4. Login permission verification case
1. Create a dynamic web project
2. Create LoginFilter project
What to do without a web.xml configuration file? When creating a project, you can create it by right clicking the following
3. Write login.jsp code of login interface as follows
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Login page</title>
</head>
<script type="text/javascript">
var value= "${msg}";/* Is a general representation of an EL expression to get the values of the objects (parameters, objects, etc.) specified in {} */
if(value!="")
{alert(value);}
/* Used here to receive the error message from the filter */
</script>
<body>
<form action="<%=request.getContextPath()%>/loginServlet" method="post">
User name:<input type="text" name="userName" /> <br />
Password: <input type="password" name="userPwd" /> <br />
<input type="submit" value="Sign in" />
</form>
</body>
</html>4. Create LoginServlet
package Servlet;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
request.setCharacterEncoding("utf-8");
System.out.println(request.toString());
// Receiving parameters
String userName = request.getParameter("userName");
String userPwd = request.getParameter("userPwd");
System.out.println("Full name"+userName+"Password:"+userPwd);
String forward = null;
// Judge whether the login is successful
if (userName.equals("1") && userPwd.equals("2")) {
// The login is successful. Here you can call JDBC to query the user password from the database to verify the login
System.out.println("Login successfully");
/*response.sendRedirect(request.getContextPath()+"/indexServlet");*/
// Redirection: all variables stored in the previous response are invalid and enter a new response scope. Times cannot be used
// Create session object
HttpSession session = request.getSession();
// Save user data in session domain object
session.setAttribute("loginName", userName);
// Forward: the variables stored in the previous request will not fail. It is like putting two pages together and successfully forwarding the login to the personal interface
forward = "/index.jsp";
RequestDispatcher dis = request.getRequestDispatcher(forward);
dis.forward(request, response);
return;
// Jump to user home page
// response.sendRedirect(request.getContextPath() + "/indexServlet");
} else {
// Login failed, request redirection
String userName1 = request.getParameter("userName");
String userPwd1 = request.getParameter("userPwd");
System.out.println("Full name"+userName1+"Password:"+userPwd1);
forward = "/fail.html";
RequestDispatcher dis = request.getRequestDispatcher(forward);
dis.forward(request, response);
//response.sendRedirect(request.getContextPath() + "/fail.html");
}
}
}Register servlet in web.xml
5. Write the index interface index.jsp after login
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Index page successfully logged in</title>
</head>
<body>
<%-- <%String user="";
String loginName = (String) session.getAttribute("loginName");
if(loginName== null){%>
<jsp:forward page="/login.jsp"></jsp:forward>
<% }%> --%><!-- Another kind of login verification, return directly without login login.jsp -->
<% String loginName = (String) session.getAttribute("loginName"); %>
//Welcome back: <% = loginname% >
<a href="person.jsp">Personal information</a>
</body>
</html>6. Write personal information interface person.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Personal information</title>
</head>
<body>
<%-- <%String user="";
String loginName = (String) session.getAttribute("loginName");
if(loginName== null){%>
<jsp:forward page="/login.jsp"></jsp:forward>
<% }%> --%>
Full name:<% String loginName = (String) session.getAttribute("loginName"); %>
<%=loginName%>
<p>Times omit 10000 words of personal information</p>
<a href="/LoginFilter/logoutServlet">Cancellation</a>
</body>
</html>7. Write logout Servlet.java
package Servlet;
import java.io.IOException;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* Servlet implementation class LoginoutServlet
*/
@WebServlet("/LoginoutServlet")
public class LogoutServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
public LogoutServlet() {
super();
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request, response);
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
HttpSession session = request.getSession();
session.removeAttribute("loginName");
System.out.println("Write off successfully");
String forward="/login.jsp";
RequestDispatcher dis = request.getRequestDispatcher(forward);
dis.forward(request, response);
//response.sendRedirect(request.getContextPath() +"/login.jsp");
}
}
Also registered in web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1">
<display-name>LoginFilter</display-name>
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>Servlet.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/loginServlet</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>LogoutServlet</servlet-name>
<servlet-class>Servlet.LogoutServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LogoutServlet</servlet-name>
<url-pattern>/logoutServlet</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
</web-app>After logging out, you can access person.jsp normally
In the browser address box, directly enter person.jsp as the suffix http://localhost: (enter your tomcat port number here) / LoginFilter/person.jsp
That's the problem
Can't access this page without login
8. Create a Filter class to inherit implements Filter
package gz.itcast.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
/**
* Servlet Filter implementation class LoginFilter
*/
@WebFilter("/LoginFilter")
public class LoginFilter implements Filter {
public LoginFilter() {
}
/**
* @see Filter#destroy()
*/
public void destroy() {
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
chain.doFilter(request, response);
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
}
}
Register Filter in web.xml to Filter all requests
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1">
<display-name>LoginFilter</display-name>
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>Servlet.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/loginServlet</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>LogoutServlet</servlet-name>
<servlet-class>Servlet.LogoutServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LogoutServlet</servlet-name>
<url-pattern>/logoutServlet</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>Writing verification logic in LoginFilter
Some request requests do not need to be verified for login, such as requesting the login page. At this time, we need to release these requests
chain.doFilter(request, response); forward the request to the next object on the filter chain. The next one here refers to the next filter. If there is no filter, it is the resource you requested. Generally, the filter is a chain, and there are several configured in web.xml. One by one: request - > filter1 - > Filter2 - > filter3 - > request resource
package filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* Servlet Filter implementation class LoginFilter
*/
@WebFilter("/LoginFilter")
public class LoginFilter implements Filter {
public LoginFilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy()
*/
public void destroy() {
/* When destroying a Filter object, call the destroy method */
System.out.println("Filter destruction");
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
/* When the request comes, call doFilter, which is the main business logic */
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
String servletPath = req.getServletPath();// Get target project address
StringBuffer url = req.getRequestURL();// Get access URL
// Some request requests do not need to be verified for login, such as requesting the login page. At this time, we need to release these requests
if (servletPath != null && (servletPath.equals("/loginServlet") || (servletPath.equals("/login.jsp")))) {
chain.doFilter(request, response);
System.out.println(servletPath + ":No check");
return;
}else {//Otherwise, login verification is required to determine whether the user is logged in and obtain the session object
HttpSession session = req.getSession();
String user = (String) session.getAttribute("loginName");
if (user == null) {
RequestDispatcher requestDispatcher = req.getRequestDispatcher("/login.jsp");
System.out.println(servletPath + ":You are not logged in, access is forbidden");
req.setAttribute("msg", "You are not signed in, please sign in again");//Store error messages
req.setAttribute("return_url", servletPath);
requestDispatcher.forward(req, resp);//Request forwarded to login page
return;
} else {
//If the user has logged in, it will be released directly
chain.doFilter(request, response);
System.out.println(servletPath + ":"+user+"User logged in,Can access");
return;
}
}
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
/* When creating a Filter object, call the init method */
System.out.println("Filter creation");
}
}
It should be noted that
If the filter accesses the iltercss jpg do png js of the login page, it will be blocked, so add judgment to allow access to these resources
Add judgment to doFilter method
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
/* When the request comes, call doFilter, which is the main business logic */
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
String servletPath = req.getServletPath();// Get target project address
StringBuffer url = req.getRequestURL();// Get access URL
//If the filter accesses CSS JPG do PNG JS, it will be blocked, so add judgment to allow access to these resources
if (url.toString().endsWith(".jpg") || url.toString().endsWith(".css") || url.toString().endsWith(".js")
|| url.toString().endsWith(".png") || url.toString().endsWith(".do")) {
chain.doFilter(request, response);
System.out.println(url.toString() + ": jpg css js png do No check");
return;
}
// Some request requests do not need to be verified for login, such as requesting the login page. At this time, we need to release these requests
if (servletPath != null && (servletPath.equals("/loginServlet") || (servletPath.equals("/login.jsp")))) {
chain.doFilter(request, response);
System.out.println(servletPath + ":No check");
return;
}else {//Otherwise, login verification is required to determine whether the user is logged in and obtain the session object
HttpSession session = req.getSession();
String user = (String) session.getAttribute("loginName");
if (user == null) {
RequestDispatcher requestDispatcher = req.getRequestDispatcher("/login.jsp");
System.out.println(servletPath + ":You are not logged in, access is forbidden");
req.setAttribute("msg", "You are not signed in, please sign in again");//Store error messages
req.setAttribute("return_url", servletPath);
requestDispatcher.forward(req, resp);//Request forwarded to login page
return;
} else {
//If the user has logged in, it will be released directly
chain.doFilter(request, response);
System.out.println(servletPath + ":"+user+"User logged in,Can access");
return;
}
}
}
It's done!!!
