1、5个有用的过滤器 Filter/* 一、使浏览器不缓存页面的过滤器 * 用于的使 Browser 不缓存页面的过滤器 */import javax.servlet.*; import javax.servlet.http.HttpServletResponse; import java.io.IOException; public class ForceNoCacheFilter implements Filter public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterC
2、hain) throws IOException, ServletException (HttpServletResponse) response).setHeader(“Cache-Control“,“no-cache“); (HttpServletResponse) response).setHeader(“Pragma“,“no-cache“); (HttpServletResponse) response).setDateHeader (“Expires“, -1); filterChain.doFilter(request, response); public void destro
3、y() public void init(FilterConfig filterConfig) throws ServletException /* 二、检测用户是否登陆的过滤器 * 用于检测用户是否登陆的过滤器,如果未登录,则重定向到指的登录页面* 配置参数 * checkSessionKey 需检查的在 Session 中保存的关键字 * redirectURL 如果用户未登录,则重定向到指定的页面,URL 不包括 ContextPath * notCheckURLList 不做检查的 URL列表,以分号分开,并且 URL 中不包括 ContextPath */import javax.s
4、ervlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import java.util.List; import java.util.ArrayList; import java.util.StringTokenizer; import java.io.IOException; public class CheckLoginFilter implements Filt
5、er protected FilterConfig filterConfig = null; private String redirectURL = null; private List notCheckURLList = new ArrayList(); private String sessionKey = null; public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, Servle
6、tException HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; HttpSession session = request.getSession(); if(sessionKey = null) filterChain.doFilter(request, response); return; if(!checkRequestURIIntNotFilterList(re
7、quest) return; filterChain.doFilter(servletRequest, servletResponse); public void destroy() notCheckURLList.clear(); private boolean checkRequestURIIntNotFilterList(HttpServletRequest request) String uri = request.getServletPath() + (request.getPathInfo() = null ? “ : request.getPathInfo(); return n
8、otCheckURLList.contains(uri); public void init(FilterConfig filterConfig) throws ServletException this.filterConfig = filterConfig; redirectURL = filterConfig.getInitParameter(“redirectURL“); sessionKey = filterConfig.getInitParameter(“checkSessionKey“); String notCheckURLListStr = filterConfig.getI
9、nitParameter(“notCheckURLList“); if(notCheckURLListStr != null) StringTokenizer st = new StringTokenizer(notCheckURLListStr, “;“); notCheckURLList.clear(); while(st.hasMoreTokens() notCheckURLList.add(st.nextToken(); /* * 三、字符编码的过滤器 * 用于设置 HTTP 请求字符编码的过滤器,通过过滤器参数encoding指明使用何种字符编码,用于处理 Html Form请求参数
10、的中文问题 */ import javax.servlet.*; import java.io.IOException; public class CharacterEncodingFilter implements Filter protected FilterConfig filterConfig = null; protected String encoding = “; public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
11、 throws IOException, ServletException if(encoding != null) servletRequest.setCharacterEncoding(encoding); filterChain.doFilter(servletRequest, servletResponse); public void destroy() filterConfig = null; encoding = null; public void init(FilterConfig filterConfig) throws ServletException this.filter
12、Config = filterConfig; this.encoding = filterConfig.getInitParameter(“encoding“); /* * 四、资源保护过滤器 * This Filter class handle the security of the application. * It should be configured inside the web.xml. * author Derek Y. Shen */ package catalog.view.util; import javax.servlet.Filter; import javax.se
13、rvlet.FilterConfig; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import java.io.IOException; import java.util.Iterator; import java.util.Set; import ja
14、va.util.HashSet; / import mons.logging.Log; import mons.logging.LogFactory; public class SecurityFilter implements Filter /the login page uri private static final String LOGIN_PAGE_URI = “login.jsf“; /the logger object private Log logger = LogFactory.getLog(this.getClass(); /a set of restricted reso
15、urces private Set restrictedResources; /* * Initializes the Filter. */ public void init(FilterConfig filterConfig) throws ServletException this.restrictedResources = new HashSet(); this.restrictedResources.add(“/createProduct.jsf“); this.restrictedResources.add(“/editProduct.jsf“); this.restrictedRe
16、sources.add(“/productList.jsf“); /* * Standard doFilter object. */ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException this.logger.debug(“doFilter“); String contextPath = (HttpServletRequest)req).getContextPath(); String requestUri =
17、(HttpServletRequest)req).getRequestURI(); this.logger.debug(“contextPath = “ + contextPath); this.logger.debug(“requestUri = “ + requestUri); if (this.contains(requestUri, contextPath) (HttpServletRequest)req).getRequestDispatcher(LOGIN_PAGE_URI).forward(req, res); else this.logger.debug(“authorizat
18、ion succeeded“); chain.doFilter(req, res); public void destroy() private boolean contains(String value, String contextPath) Iterator ite = this.restrictedResources.iterator(); while (ite.hasNext() String restrictedResource = (String)ite.next(); if (contextPath + restrictedResource).equalsIgnoreCase(
19、value) return true; return false; private boolean authorize(HttpServletRequest req) /处理用户登录 /* UserBean user = (UserBean)req.getSession().getAttribute(BeanNames.USER_BEAN);if (user != null else return false; */ /* 五 利用 Filter限制用户浏览权限 * 在一个系统中通常有多个权限的用户。不同权限用户的可以浏览不同的页面。使用 Filter进行判断不仅省下了代码量,而且如果要更改的
20、话只需要在 Filter文件里动下就可以。 */import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServle
21、tRequest; public class RightFilter implements Filter public void destroy() public void doFilter(ServletRequest sreq, ServletResponse sres, FilterChain arg2) throws IOException, ServletException / 获取 uri地址 HttpServletRequest request=(HttpServletRequest)sreq; String uri = request.getRequestURI(); Stri
22、ng ctx=request.getContextPath(); uri = uri.substring(ctx.length(); /判断 admin级别网页的浏览权限 if(uri.startsWith(“/admin“) if(request.getSession().getAttribute(“admin“)=null) request.setAttribute(“message“,“您没有这个权限“); request.getRequestDispatcher(“/login.jsp“).forward(sreq,sres); return; /判断 manage级别网页的浏览权限
23、if(uri.startsWith(“/manage“) /这里省去 /下面还可以添加其他的用户权限,省去。 public void init(FilterConfig arg0) throws ServletException RightFilter cn.itkui.filter.RightFilter RightFilter /admin/* RightFilter /manage/* 加入工程时删除后面的符号*/EncodingAndCacheflush EncodingAndCacheflush encoding UTF-8 EncodingAndCacheflush /* 加入工程时删除后面的符号*/REQUEST FORWARD /要传递参数的时候最好使用 form进行传参,如果使用链接的话当中文字符的时候过滤器转码是不会起作用的,还有就是页面上 /form的 method也要设置为 post,不然过滤器也起不了作用。
