一、字符編碼的過濾器
import?javax.servlet.*;?
import?java.io.IOException;?
/**?*//**?
*?用于設置?HTTP?請求字符編碼的過濾器,通過過濾器參數encoding指明使用何種字符編碼,用于處理Html?Form請求參數的中文問題?
*/?
public?class?CharacterEncodingFilter?
implements?Filter?
{?
protected?FilterConfig?filterConfig?=?null;?
protected?String?encoding?=?"";?
public?void?doFilter(ServletRequest?servletRequest,?ServletResponse?servletResponse,?FilterChain?filterChain)?throws?IOException,?ServletException?
{?
if(encoding?!=?null)?
servletRequest.setCharacterEncoding(encoding);?
filterChain.doFilter(servletRequest,?servletResponse);?
}?
public?void?destroy()?
{?
filterConfig?=?null;?
encoding?=?null;?
}?
public?void?init(FilterConfig?filterConfig)?throws?ServletException?
{?
this.filterConfig?=?filterConfig;?
this.encoding?=?filterConfig.getInitParameter("encoding");?
}?
}?
二、使瀏覽器不緩存頁面的過濾器
import?javax.servlet.*;?
import?javax.servlet.http.HttpServletResponse;?
import?java.io.IOException;?
/**?*//**?
*?用于的使?Browser?不緩存頁面的過濾器?
*/?
public?class?ForceNoCacheFilter?implements?Filter?{?
public?void?doFilter(ServletRequest?request,?ServletResponse?response,?FilterChain?filterChain)?throws?IOException,?ServletException?
{?
((HttpServletResponse)?response).setHeader("Cache-Control","no-cache");?
((HttpServletResponse)?response).setHeader("Pragma","no-cache");?
((HttpServletResponse)?response).setDateHeader?("Expires",?-1);?
filterChain.doFilter(request,?response);?
}?
public?void?destroy()?{?
}?
public?void?init(FilterConfig?filterConfig)?throws?ServletException?{?
}?
}? 三、檢測用戶是否登陸的過濾器
import?javax.servlet.*;?
import?javax.servlet.http.HttpServletRequest;?
import?javax.servlet.http.HttpServletResponse;?
import?javax.servlet.http.HttpSession;?
import?java.util.List;?
import?java.util.ArrayList;?
import?java.util.StringTokenizer;?
import?java.io.IOException;?
/**?*//**?
*?用于檢測用戶是否登陸的過濾器,如果未登錄,則重定向到指的登錄頁面?
*?配置參數?
*?checkSessionKey?需檢查的在?Session?中保存的關鍵字?
*?redirectURL?如果用戶未登錄,則重定向到指定的頁面,URL不包括?ContextPath?
*?notCheckURLList?不做檢查的URL列表,以分號分開,并且?URL?中不包括?ContextPath?
*/?
public?class?CheckLoginFilter?
implements?Filter?
{?
protected?FilterConfig?filterConfig?=?null;?
private?String?redirectURL?=?null;?
private?List?notCheckURLList?=?new?ArrayList();?
private?String?sessionKey?=?null;?
public?void?doFilter(ServletRequest?servletRequest,?ServletResponse?servletResponse,?FilterChain?filterChain)?throws?IOException,?ServletException?
{?
HttpServletRequest?request?=?(HttpServletRequest)?servletRequest;?
HttpServletResponse?response?=?(HttpServletResponse)?servletResponse;?
HttpSession?session?=?request.getSession();?
if(sessionKey?==?null)?
{?
filterChain.doFilter(request,?response);?
return;?
}?
if((!checkRequestURIIntNotFilterList(request))?&&?session.getAttribute(sessionKey)?==?null)?
{?
response.sendRedirect(request.getContextPath()?+?redirectURL);?
return;?
}?
filterChain.doFilter(servletRequest,?servletResponse);?
}?
public?void?destroy()?
{?
notCheckURLList.clear();?
}?
private?boolean?checkRequestURIIntNotFilterList(HttpServletRequest?request)?
{?
String?uri?=?request.getServletPath()?+?(request.getPathInfo()?==?null???""?:?request.getPathInfo());?
return?notCheckURLList.contains(uri);?
}?
public?void?init(FilterConfig?filterConfig)?throws?ServletException?
{?
this.filterConfig?=?filterConfig;?
redirectURL?=?filterConfig.getInitParameter("redirectURL");?
sessionKey?=?filterConfig.getInitParameter("checkSessionKey");?
String?notCheckURLListStr?=?filterConfig.getInitParameter("notCheckURLList");?
if(notCheckURLListStr?!=?null)?
{?
StringTokenizer?st?=?new?StringTokenizer(notCheckURLListStr,?";");?
notCheckURLList.clear();?
while(st.hasMoreTokens())?
{?
notCheckURLList.add(st.nextToken());?
}?
}?
}?
}?
四、資源保護過濾器
package?catalog.view.util;?
import?javax.servlet.Filter;?
import?javax.servlet.FilterConfig;?
import?javax.servlet.ServletRequest;?
import?javax.servlet.ServletResponse;?
import?javax.servlet.FilterChain;?
import?javax.servlet.ServletException;?
import?javax.servlet.http.HttpServletRequest;?
import?java.io.IOException;?
import?java.util.Iterator;?
import?java.util.Set;?
import?java.util.HashSet;?
//?
import?org.apache.commons.logging.Log;?
import?org.apache.commons.logging.LogFactory;?
/**?*//**?
*?This?Filter?class?handle?the?security?of?the?application.?
*?
*?It?should?be?configured?inside?the?web.xml.?
*?
*?@author?Derek?Y.?Shen?
*/?
public?class?SecurityFilter?implements?Filter?{?
//the?login?page?uri?
private?static?final?String?LOGIN_PAGE_URI?=?"login.jsf";?
//the?logger?object?
private?Log?logger?=?LogFactory.getLog(this.getClass());?
//a?set?of?restricted?resources?
private?Set?restrictedResources;?
/**?*//**?
*?Initializes?the?Filter.?
*/?
public?void?init(FilterConfig?filterConfig)?throws?ServletException?{?
this.restrictedResources?=?new?HashSet();?
this.restrictedResources.add("/createProduct.jsf");?
this.restrictedResources.add("/editProduct.jsf");?
this.restrictedResources.add("/productList.jsf");?
}?
/**?*//**?
*?Standard?doFilter?object.?
*/?
public?void?doFilter(ServletRequest?req,?ServletResponse?res,?FilterChain?chain)?
throws?IOException,?ServletException?{?
this.logger.debug("doFilter");?
String?contextPath?=?((HttpServletRequest)req).getContextPath();?
String?requestUri?=?((HttpServletRequest)req).getRequestURI();?
this.logger.debug("contextPath?=?"?+?contextPath);?
this.logger.debug("requestUri?=?"?+?requestUri);?
if?(this.contains(requestUri,?contextPath)?&&?!this.authorize((HttpServletRequest)req))?{?
this.logger.debug("authorization?failed");?
((HttpServletRequest)req).getRequestDispatcher(LOGIN_PAGE_URI).forward(req,?res);?
}?
else?{?
this.logger.debug("authorization?succeeded");?
chain.doFilter(req,?res);?
}?
}?
public?void?destroy()?{}?
private?boolean?contains(String?value,?String?contextPath)?{?
Iterator?ite?=?this.restrictedResources.iterator();?
while?(ite.hasNext())?{?
String?restrictedResource?=?(String)ite.next();?
if?((contextPath?+?restrictedResource).equalsIgnoreCase(value))?{?
return?true;?
}?
}?
return?false;?
}?
private?boolean?authorize(HttpServletRequest?req)?{?
//處理用戶登錄?
/**//*?UserBean?user?=?(UserBean)req.getSession().getAttribute(BeanNames.USER_BEAN);?
if?(user?!=?null?&&?user.getLoggedIn())?{?
//user?logged?in?
return?true;?
}?
else?{?
return?false;?
}*/?
}?
}?
五 利用Filter限制用戶瀏覽權限
在一個系統中通常有多個權限的用戶。不同權限用戶的可以瀏覽不同的頁面。使用Filter進行判斷不僅省下了代碼量,而且如果要更改的話只需要在Filter文件里動下就可以。
以下是Filter文件代碼:
import?java.io.IOException;?
import?javax.servlet.Filter;?
import?javax.servlet.FilterChain;?
import?javax.servlet.FilterConfig;?
import?javax.servlet.ServletException;?
import?javax.servlet.ServletRequest;?
import?javax.servlet.ServletResponse;?
import?javax.servlet.http.HttpServletRequest;?
public?class?RightFilter?implements?Filter?{?
public?void?destroy()?{?
}?
public?void?doFilter(ServletRequest?sreq,?ServletResponse?sres,?FilterChain?arg2)?throws?IOException,?ServletException?{?
//?獲取uri地址?
HttpServletRequest?request=(HttpServletRequest)sreq;?
String?uri?=?request.getRequestURI();?
String?ctx=request.getContextPath();?
uri?=?uri.substring(ctx.length());?
//判斷admin級別網頁的瀏覽權限?
if(uri.startsWith("/admin"))?{?
if(request.getSession().getAttribute("admin")==null)?{?
request.setAttribute("message","您沒有這個權限");?
request.getRequestDispatcher("/login.jsp").forward(sreq,sres);?
return;?
}?
}?
//判斷manage級別網頁的瀏覽權限?
if(uri.startsWith("/manage"))?{?
//這里省去?
}?
}?
//下面還可以添加其他的用戶權限,省去。?
}?
public?void?init(FilterConfig?arg0)?throws?ServletException?{?
}?
}?
<!--?判斷頁面的訪問權限?-->?
<filter>?
<filter-name>RightFilter</filter-name>?
<filter-class>cn.itkui.filter.RightFilter</filter-class>?
</filter>?
<filter-mapping>?
<filter-name>RightFilter</filter-name>?
<url-pattern>/admin/**//*</url-pattern>?
</filter-mapping>?
<filter-mapping>?
<filter-name>RightFilter</filter-name>?
<url-pattern>/manage/*</url-pattern>?
</filter-mapping>?
在web.xml中加入Filter的配置,如下:?
<filter>?
<filter-name>EncodingAndCacheflush</filter-name>?
<filter-class>EncodingAndCacheflush</filter-class>?
<init-param>?
<param-name>encoding</param-name>?
<param-value>UTF-8</param-value>?
</init-param>?
</filter>?
<filter-mapping>?
<filter-name>EncodingAndCacheflush</filter-name>?
<url-pattern>/*</url-pattern>?
</filter-mapping>?
要傳遞參數的時候最好使用form進行傳參,如果使用鏈接的話當中文字符的時候過濾器轉碼是不會起作用的,還有就是頁面上
form的method也要設置為post,不然過濾器也起不了作用。
?