一、统一全站字符编码
通过配置参数charset指明使用何种字符编码,以处理Html Form请求参数的中文问题
1 package me.gacl.web.filter; 2 3 import java.io.IOException; 4 import javax.servlet.Filter; 5 import javax.servlet.FilterChain; 6 import javax.servlet.FilterConfig; 7 import javax.servlet.ServletException; 8 import javax.servlet.ServletRequest; 9 import javax.servlet.ServletResponse;10 import javax.servlet.http.HttpServletRequest;11 import javax.servlet.http.HttpServletRequestWrapper;12 import javax.servlet.http.HttpServletResponse;13 14 /**15 * @ClassName: CharacterEncodingFilter16 * @Description: 此过滤器用来解决全站中文乱码问题17 * @author: 孤傲苍狼18 * @date: 2014-8-31 下午11:09:3719 *20 */ 21 public class CharacterEncodingFilter implements Filter {22 23 private FilterConfig filterConfig = null;24 //设置默认的字符编码25 private String defaultCharset = "UTF-8";26 27 public void doFilter(ServletRequest req, ServletResponse resp,28 FilterChain chain) throws IOException, ServletException {29 30 HttpServletRequest request = (HttpServletRequest) req;31 HttpServletResponse response = (HttpServletResponse) resp;32 String charset = filterConfig.getInitParameter("charset");33 if(charset==null){34 charset = defaultCharset;35 }36 request.setCharacterEncoding(charset);37 response.setCharacterEncoding(charset);38 response.setContentType("text/html;charset="+charset);39 40 MyCharacterEncodingRequest requestWrapper = new MyCharacterEncodingRequest(request);41 chain.doFilter(requestWrapper, response);42 }43 44 public void init(FilterConfig filterConfig) throws ServletException {45 //得到过滤器的初始化配置信息46 this.filterConfig = filterConfig;47 }48 49 public void destroy() {50 51 }52 }53 54 /*55 1.实现与被增强对象相同的接口 56 2、定义一个变量记住被增强对象57 3、定义一个构造器,接收被增强对象58 4、覆盖需要增强的方法59 5、对于不想增强的方法,直接调用被增强对象(目标对象)的方法60 */61 62 class MyCharacterEncodingRequest extends HttpServletRequestWrapper{63 64 private HttpServletRequest request;65 public MyCharacterEncodingRequest(HttpServletRequest request) {66 super(request);67 this.request = request;68 }69 /* 重写getParameter方法70 * @see javax.servlet.ServletRequestWrapper#getParameter(java.lang.String)71 */72 @Override73 public String getParameter(String name) {74 75 try{76 //获取参数的值77 String value= this.request.getParameter(name);78 if(value==null){79 return null;80 }81 //如果不是以get方式提交数据的,就直接返回获取到的值82 if(!this.request.getMethod().equalsIgnoreCase("get")) {83 return value;84 }else{85 //如果是以get方式提交数据的,就对获取到的值进行转码处理86 value = new String(value.getBytes("ISO8859-1"),this.request.getCharacterEncoding());87 return value;88 }89 }catch (Exception e) {90 throw new RuntimeException(e);91 }92 }93 }
web.xml文件中的配置如下:
12 9 10CharacterEncodingFilter 3me.gacl.web.filter.CharacterEncodingFilter 45 8charset 6UTF-8 711 CharacterEncodingFilter 12/* 13
二、禁止浏览器缓存所有动态页面
有3 个HTTP 响应头字段都可以禁止浏览器缓存当前页面,它们在 Servlet 中的示例代码如下:
1 response.setDateHeader("Expires",-1);2 response.setHeader("Cache-Control","no-cache");3 response.setHeader("Pragma","no-cache");
并不是所有的浏览器都能完全支持上面的三个响应头,因此最好是同时使用上面的三个响应头。
- Expires数据头:值为GMT时间值,为-1指浏览器不要缓存页面
- Cache-Control响应头有两个常用值:
- no-cache指浏览器不要缓存当前页面。
- max-age:xxx指浏览器缓存页面xxx秒。
1 package me.gacl.web.filter; 2 3 import java.io.IOException; 4 5 import javax.servlet.Filter; 6 import javax.servlet.FilterChain; 7 import javax.servlet.FilterConfig; 8 import javax.servlet.ServletException; 9 import javax.servlet.ServletRequest;10 import javax.servlet.ServletResponse;11 import javax.servlet.http.HttpServletRequest;12 import javax.servlet.http.HttpServletResponse;13 14 /**15 * @ClassName: NoCacheFilter16 * @Description: 禁止浏览器缓存所有动态页面17 * @author: 孤傲苍狼18 * @date: 2014-8-31 下午11:25:4019 *20 */ 21 public class NoCacheFilter implements Filter {22 23 24 public void doFilter(ServletRequest req, ServletResponse resp,25 FilterChain chain) throws IOException, ServletException {26 //把ServletRequest强转成HttpServletRequest27 HttpServletRequest request = (HttpServletRequest) req;28 //把ServletResponse强转成HttpServletResponse29 HttpServletResponse response = (HttpServletResponse) resp;30 //禁止浏览器缓存所有动态页面31 response.setDateHeader("Expires", -1);32 response.setHeader("Cache-Control", "no-cache");33 response.setHeader("Pragma", "no-cache");34 35 chain.doFilter(request, response);36 }37 38 public void init(FilterConfig filterConfig) throws ServletException {39 40 }41 42 public void destroy() {43 44 }45 }
web.xml文件中的配置如下:
12 5 6NoCacheFilter 3me.gacl.web.filter.NoCacheFilter 47 NoCacheFilter 8 9*.jsp 10
三、控制浏览器缓存页面中的静态资源
有些动态页面中引用了一些图片或css文件以修饰页面效果,这些图片和css文件经常是不变化的,所以为减轻服务器的压力,可以使用filter控制浏览器缓存这些文件,以提升服务器的性能。
1 package me.gacl.web.filter; 2 3 import java.io.IOException; 4 5 import javax.servlet.Filter; 6 import javax.servlet.FilterChain; 7 import javax.servlet.FilterConfig; 8 import javax.servlet.ServletException; 9 import javax.servlet.ServletRequest;10 import javax.servlet.ServletResponse;11 import javax.servlet.http.HttpServletRequest;12 import javax.servlet.http.HttpServletResponse;13 14 /**15 * @ClassName: CacheFilter16 * @Description: 控制缓存的filter17 * @author: 孤傲苍狼18 * @date: 2014-9-1 下午9:39:3819 *20 */ 21 public class CacheFilter implements Filter {22 23 private FilterConfig filterConfig;24 25 public void doFilter(ServletRequest req, ServletResponse resp,26 FilterChain chain) throws IOException, ServletException {27 28 HttpServletRequest request = (HttpServletRequest) req;29 HttpServletResponse response = (HttpServletResponse) resp;30 31 //1.获取用户想访问的资源32 String uri = request.getRequestURI(); 33 34 //2.得到用户想访问的资源的后缀名35 String ext = uri.substring(uri.lastIndexOf(".")+1);36 37 //得到资源需要缓存的时间38 String time = filterConfig.getInitParameter(ext);39 if(time!=null){40 long t = Long.parseLong(time)*3600*1000;41 //设置缓存42 response.setDateHeader("expires", System.currentTimeMillis() + t);43 }44 45 chain.doFilter(request, response);46 47 }48 49 public void init(FilterConfig filterConfig) throws ServletException {50 this.filterConfig = filterConfig;51 }52 53 public void destroy() {54 55 }56 }
web.xml文件中的配置如下:
1 23 23 24CacheFilter 4me.gacl.web.filter.CacheFilter 5 67 10css 84 911 14jpg 121 1315 18js 164 1719 22png 204 2125 28 29CacheFilter 26*.jpg 2730 33 34CacheFilter 31*.css 3235 38CacheFilter 36*.js 3739 CacheFilter 40*.png 41
四、实现用户自动登陆
思路是这样的:
1、在用户登陆成功后,发送一个名称为user的cookie给客户端,cookie的值为用户名和md5加密后的密码。
2、编写一个AutoLoginFilter,这个filter检查用户是否带有名称为user的cookie来,如果有,则调用dao查询cookie的用户名和密码是否和数据库匹配,匹配则向session中存入user对象(即用户登陆标记),以实现程序完成自动登陆。核心代码如下:
处理用户登录的控制器:LoginServlet
1 package me.gacl.web.controller; 2 3 import java.io.IOException; 4 5 import javax.servlet.ServletException; 6 import javax.servlet.http.Cookie; 7 import javax.servlet.http.HttpServlet; 8 import javax.servlet.http.HttpServletRequest; 9 import javax.servlet.http.HttpServletResponse;10 11 import me.gacl.dao.UserDao;12 import me.gacl.domain.User;13 import me.gacl.util.WebUtils;14 15 public class LoginServlet extends HttpServlet {16 17 public void doGet(HttpServletRequest request, HttpServletResponse response)18 throws ServletException, IOException {19 20 String username = request.getParameter("username");21 String password = request.getParameter("password");22 23 UserDao dao = new UserDao();24 User user = dao.find(username, password);25 if(user==null){26 request.setAttribute("message", "用户名或密码不对!!");27 request.getRequestDispatcher("/message.jsp").forward(request, response);28 return;29 }30 request.getSession().setAttribute("user", user);31 //发送自动登陆cookie给客户端浏览器进行存储32 sendAutoLoginCookie(request,response,user);33 request.getRequestDispatcher("/index.jsp").forward(request, response);34 }35 36 /**37 * @Method: sendAutoLoginCookie38 * @Description: 发送自动登录cookie给客户端浏览器39 * @Anthor:孤傲苍狼40 *41 * @param request42 * @param response43 * @param user44 */ 45 private void sendAutoLoginCookie(HttpServletRequest request, HttpServletResponse response, User user) {46 if (request.getParameter("logintime")!=null) {47 int logintime = Integer.parseInt(request.getParameter("logintime"));48 //创建cookie,cookie的名字是autologin,值是用户登录的用户名和密码,用户名和密码之间使用.进行分割,密码经过md5加密处理49 Cookie cookie = new Cookie("autologin",user.getUsername() + "." + WebUtils.md5(user.getPassword()));50 //设置cookie的有效期51 cookie.setMaxAge(logintime);52 //设置cookie的有效路径53 cookie.setPath(request.getContextPath());54 //将cookie写入到客户端浏览器55 response.addCookie(cookie);56 }57 }58 59 public void doPost(HttpServletRequest request, HttpServletResponse response)60 throws ServletException, IOException {61 62 doGet(request, response);63 }64 65 }
处理用户自动登录的过滤器:AutoLoginFilter
1 package me.gacl.web.filter; 2 3 import java.io.IOException; 4 5 import javax.servlet.Filter; 6 import javax.servlet.FilterChain; 7 import javax.servlet.FilterConfig; 8 import javax.servlet.ServletException; 9 import javax.servlet.ServletRequest;10 import javax.servlet.ServletResponse;11 import javax.servlet.http.Cookie;12 import javax.servlet.http.HttpServletRequest;13 import javax.servlet.http.HttpServletResponse;14 15 import me.gacl.dao.UserDao;16 import me.gacl.domain.User;17 import me.gacl.util.WebUtils;18 19 public class AutoLoginFilter implements Filter {20 21 public void doFilter(ServletRequest req, ServletResponse resp,22 FilterChain chain) throws IOException, ServletException {23 24 HttpServletRequest request = (HttpServletRequest) req;25 HttpServletResponse response = (HttpServletResponse) resp;26 //如果已经登录了,就直接chain.doFilter(request, response)放行27 if(request.getSession().getAttribute("user")!=null){28 chain.doFilter(request, response);29 return;30 }31 32 //1.得到用户带过来的authlogin的cookie33 String value = null;34 Cookie cookies[] = request.getCookies();35 for(int i=0;cookies!=null && i
如果想取消自动登录,那么可以在用户注销时删除自动登录cookie,核心代码如下:
1 package me.gacl.web.controller; 2 3 import java.io.IOException; 4 5 import javax.servlet.ServletException; 6 import javax.servlet.http.Cookie; 7 import javax.servlet.http.HttpServlet; 8 import javax.servlet.http.HttpServletRequest; 9 import javax.servlet.http.HttpServletResponse;10 11 public class CancelAutoLoginServlet extends HttpServlet {12 13 public void doGet(HttpServletRequest request, HttpServletResponse response)14 throws ServletException, IOException {15 //移除存储在session中的user16 request.getSession().removeAttribute("user");17 //移除自动登录的cookie18 removeAutoLoginCookie(request,response);19 //注销用户后跳转到登录页面20 request.getRequestDispatcher("/login.jsp").forward(request, response);21 }22 23 /**24 * @Method: removeAutoLoginCookie25 * @Description: 删除自动登录cookie,26 * JavaWeb中删除cookie的方式就是新创建一个cookie,新创建的cookie与要删除的cookie同名,27 * 设置新创建的cookie的cookie的有效期设置为0,有效路径与要删除的cookie的有效路径相同28 * @Anthor:孤傲苍狼29 *30 * @param request31 * @param response32 */ 33 private void removeAutoLoginCookie(HttpServletRequest request, HttpServletResponse response) {34 //创建一个名字为autologin的cookie35 Cookie cookie = new Cookie("autologin","");36 //将cookie的有效期设置为0,命令浏览器删除该cookie37 cookie.setMaxAge(0);38 //设置要删除的cookie的path39 cookie.setPath(request.getContextPath());40 response.addCookie(cookie);41 }42 43 public void doPost(HttpServletRequest request, HttpServletResponse response)44 throws ServletException, IOException {45 doGet(request, response);46 }47 }
以上就是过滤器的几个常见应用场景。