Filter
过滤器概念:
- public void init(FilterConfig filterConfig) throws ServletException
- public void doFilter(ServletRequest request,ServletResponse response,Filt
- erChain chain) throws IOException,ServletException
- public void destroy()
Filter接口
它是过滤器API的核心,所有的过滤器必须实现javax.servlet.Filter接口,该接口有三个方法,它们都由容器调用。
public void init(FilterConfig) 在应用程序启动前,由容器调用
public void doFilter(ServletRequest,ServletResponse,FilterChain)
对于每个URL映射到该过滤器的请求,由容器调用该方法
public void destroy()在应用程序关闭时,由容器调用。
FilterConfig接口
如同Servlet有一个ServletConfig一样,过滤器也有一个FilterConig,该接口主要为过滤器提供初始化参数。声明了四个方法:
public String getFilterName()返回部署描述文件中指定的过滤器的名称
public String getInitParameter(String)返回在部署描述文件中指定的参数的值
public Enumeration getInitParameterNames()返回在部署文件中指定的所有参数的名称
public ServletContext getServletContext()
返回web应用程序的ServletContext.过滤器可以使用ServletContext设置,获取application范围内的属性。
设置过滤器。
<display-name>demo</display-name>
<filter-name>myfilter</filter-name>
<filter-class>MyFilter</filter-class>
<init-param>
<param-name>param</param-name>
<param-value>paramvalue</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>myfilter</filter-name>
<servlet-name>*.do</servlet-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
import java.io.CharArrayWriter; import java.io.IOException; import java.io.PrintWriter; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponseWrapper; public class ResponseRepalceWrapper extends HttpServletResponseWrapper{ private CharArrayWriter charWriter = new CharArrayWriter();//缓存 public ResponseRepalceWrapper(HttpServletResponse response) { //必须调用父类构造方法 super(response); } public PrintWriter getWriter()throws IOException { //返回字符数组Writer,缓存内容 return new PrintWriter(charWriter); } public CharArrayWriter getCharWriter() { return charWriter; } }
import java.io.FileNotFoundException; import java.io.IOException; import java.io.PrintWriter; import java.util.Properties; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletResponse; import serv.ResponseRepalceWrapper; public class ReplaceFilter implements Filter { private Properties propert = new Properties(); public void init(FilterConfig filterConfig) throws ServletException { //通过FilterConfig获取初始化文件名 String filePath = filterConfig.getInitParameter("filePath"); try { //导入资源文件 propert.load(ReplaceFilter.class.getClassLoader().getResourceAsStream(filePath)); }catch(FileNotFoundException e) { e.printStackTrace(); }catch(IOException e) { e.printStackTrace(); } } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletResponse res = (HttpServletResponse) response; //实例化响应器包装类 ResponseRepalceWrapper resp = new ResponseRepalceWrapper(res); chain.doFilter(request, response); //缓存输出字符 String outString = resp.getCharWriter().toString(); //循环替换不合法的字符 for(Object o:propert.keySet()) { String key= (String) o; outString = outString.replace(key,propert.getProperty(key)); } //利用原先的HttpServletResponse输出字符 PrintWriter out = res.getWriter(); out.write(outString); } public void destroy() { } }
(3)创建一个properties文件
@WebServlet( urlPatterns = {"/Test.do"}, loadOnStartup = 0, name = "testServlet" ) public class TestServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { this.doPost(request, response); } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=utf-8"); response.setCharacterEncoding("utf-8"); request.setCharacterEncoding("utf-8"); //PrintWriter out = response.getWriter(); request.setAttribute("aa", "赌博色情情色"); request.getRequestDispatcher("out.jsp").forward(request, response); } }
然后直接在JSP页面输出,就可以看到设定的敏感文字被替换了