/** * This Filter class handle the security of the application. * * It should be configured inside the web.xml. * * @author Derek Y. Shen */ public class SecurityFilter implements Filter { //the login page uri private static final String LOGIN_PAGE_URI = "login.jsf";
sql过滤?
脏话过滤?
大哥,给个明确的需求好不好,不然白搭啊...
一、使浏览器不缓存页面的过滤器
import javax.servlet.*;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* 用于的使 Browser 不缓存页面的过滤器
*/
public class ForceNoCacheFilter implements Filter {
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException
{
((HttpServletResponse) response).setHeader("Cache-Control","no-cache");
((HttpServletResponse) response).setHeader("Pragma","no-cache");
((HttpServletResponse) response).setDateHeader ("Expires", -1);
filterChain.doFilter(request, response);
}
public void destroy()
{
}
public void init(FilterConfig filterConfig) throws ServletException
{
}
}
二、检测用户是否登陆的过滤器
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.util.List;
import java.util.ArrayList;
import java.util.StringTokenizer;
import java.io.IOException;
/**
* 用于检测用户是否登陆的过滤器,如果未登录,则重定向到指的登录页面
* 配置参数
* checkSessionKey 需检查的在 Session 中保存的关键字
* redirectURL 如果用户未登录,则重定向到指定的页面,URL不包括 ContextPath
* notCheckURLList 不做检查的URL列表,以分号分开,并且 URL 中不包括 ContextPath
*/
public class CheckLoginFilter
implements Filter
{
protected FilterConfig filterConfig = null;
private String redirectURL = null;
private List notCheckURLList = new ArrayList();
private String sessionKey = null;
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException
{
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpSession session = request.getSession();
if(sessionKey == null)
{
filterChain.doFilter(request, response);
return;
}
if((!checkRequestURIIntNotFilterList(request)) && session.getAttribute(sessionKey) == null)
{
response.sendRedirect(request.getContextPath() + redirectURL);
return;
}
filterChain.doFilter(servletRequest, servletResponse);
}
public void destroy()
{
notCheckURLList.clear();
}
private boolean checkRequestURIIntNotFilterList(HttpServletRequest request)
{
String uri = request.getServletPath() + (request.getPathInfo() == null ? "" : request.getPathInfo());
return notCheckURLList.contains(uri);
}
public void init(FilterConfig filterConfig) throws ServletException
{
this.filterConfig = filterConfig;
redirectURL = filterConfig.getInitParameter("redirectURL");
sessionKey = filterConfig.getInitParameter("checkSessionKey");
String notCheckURLListStr = filterConfig.getInitParameter("notCheckURLList");
if(notCheckURLListStr != null)
{
StringTokenizer st = new StringTokenizer(notCheckURLListStr, ";");
notCheckURLList.clear();
while(st.hasMoreTokens())
{
notCheckURLList.add(st.nextToken());
}
}
}
}
import javax.servlet.*;
import java.io.IOException;
/**
* 用于设置 HTTP 请求字符编码的过滤器,通过过滤器参数encoding指明使用何种字符编码,用于处理Html Form请求参数的中文问题
*/
public class CharacterEncodingFilter
implements Filter
{
protected FilterConfig filterConfig = null;
protected String encoding = "";
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException
{
if(encoding != null)
servletRequest.setCharacterEncoding(encoding);
filterChain.doFilter(servletRequest, servletResponse);
}
public void destroy()
{
filterConfig = null;
encoding = null;
}
public void init(FilterConfig filterConfig) throws ServletException
{
this.filterConfig = filterConfig;
this.encoding = filterConfig.getInitParameter("encoding");
}
}
四、资源保护过滤器
package catalog.view.util;
import javax.servlet.Filter;
import javax.servlet.FilterConfig;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.Iterator;
import java.util.Set;
import java.util.HashSet;
//
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* This Filter class handle the security of the application.
*
* It should be configured inside the web.xml.
*
* @author Derek Y. Shen
*/
public class SecurityFilter implements Filter {
//the login page uri
private static final String LOGIN_PAGE_URI = "login.jsf";
//the logger object
private Log logger = LogFactory.getLog(this.getClass());
//a set of restricted resources
private Set restrictedResources;
/**
* Initializes the Filter.
*/
public void init(FilterConfig filterConfig) throws ServletException {
this.restrictedResources = new HashSet();
this.restrictedResources.add("/createProduct.jsf");
this.restrictedResources.add("/editProduct.jsf");
this.restrictedResources.add("/productList.jsf");
}
/**
* Standard doFilter object.
*/
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
this.logger.debug("doFilter");
String contextPath = ((HttpServletRequest)req).getContextPath();
String requestUri = ((HttpServletRequest)req).getRequestURI();
this.logger.debug("contextPath = " + contextPath);
this.logger.debug("requestUri = " + requestUri);
if (this.contains(requestUri, contextPath) && !this.authorize((HttpServletRequest)req)) {
this.logger.debug("authorization failed");
((HttpServletRequest)req).getRequestDispatcher(LOGIN_PAGE_URI).forward(req, res);
}
else {
this.logger.debug("authorization succeeded");
chain.doFilter(req, res);
}
}
public void destroy() {}
private boolean contains(String value, String contextPath) {
Iterator ite = this.restrictedResources.iterator();
while (ite.hasNext()) {
String restrictedResource = (String)ite.next();
if ((contextPath + restrictedResource).equalsIgnoreCase(value)) {
return true;
}
}
return false;
}
private boolean authorize(HttpServletRequest req) {
//处理用户登录
/* UserBean user = (UserBean)req.getSession().getAttribute(BeanNames.USER_BEAN);
if (user != null && user.getLoggedIn()) {
//user logged in
return true;
}
else {
return false;
}*/
}
}
public class URIFilter implements Filter { protected FilterConfig filterConfig = null; //过滤器配置 protected String[] ignoreURI = null; //忽略的页面URI protected String redirctURI = null; //不允许访问后转向的页面 protected String attrName = null; //要从session中取得的属性名 protected boolean ignore=true; //是否执行过滤
/*
* (非 Javadoc)
* 初始化属性
* @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
*/
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
ignoreURI = filterConfig.getInitParameter("ignoreURI").split(",");
redirctURI = "/"+filterConfig.getInitParameter("redirctURI");
attrName = filterConfig.getInitParameter("attrName");
String value = filterConfig.getInitParameter("ignore");
if(value == null)
ignore = true;
else
if(value.equalsIgnoreCase("true"))
ignore = true;
else
if(value.equalsIgnoreCase("yes"))
ignore = true;
else
ignore = false;
} /*
* (非 Javadoc)
* 过滤页面
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
* javax.servlet.ServletResponse, javax.servlet.FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
if (request instanceof HttpServletRequest&&ignore) {
HttpServletRequest hrequest = (HttpServletRequest) request; //取得HttpServletRequest对象
/**
*检查当前访问的URI是否是忽略的页面
*/
//int k=1;
String requestURI = hrequest.getRequestURI(); //取得当前访问的URI
boolean flag = true;
String[] value = selectIgnoreURI(request);
if (value != null) {
for (int i = 0; i < value.length; i++) {
if (requestURI.endsWith(value[i])) {
flag = false;
break;
}
}
}
if (flag) {
//不是要忽略的页面
//验证配置中的属性在session中是否有值
HttpSession session = hrequest.getSession();
TUser attr = (TUser) session
.getAttribute(selectAttrName(request));
if (attr == null ) {
//session中没有值,转向配置中的转向页面
if (response instanceof HttpServletResponse) {
HttpServletResponse hresponse = (HttpServletResponse) response;
hresponse.sendRedirect(hrequest.getContextPath()
+ selectRedirctURI(request));
}
}
else {
//session中有值,执行下一个过滤
chain.doFilter(request, response);
}
} else {
//如果是忽略的页面,则执行下一个过滤
chain.doFilter(request, response);
}
System.out.println("flag==" + flag + " URI=="
+ hrequest.getRequestURI());
}
else
{
//执行下一个过滤
chain.doFilter(request, response);
}
} /* (非 Javadoc)
* 消毁方法
* @see javax.servlet.Filter#destroy()
*/
public void destroy() {
filterConfig = null;
ignoreURI = null;
redirctURI = null;
attrName = null;
} /**
* 取得要从session中取得的属性名
* @param request
* ServletRequest对象
* @return session中的属性名称
*/
protected String selectAttrName(ServletRequest request) {
return attrName;
} /**
* 取得不允许访问后转向的页面
* @param request
* ServletRequest对象
* @return 转向的URI
*/
protected String selectRedirctURI(ServletRequest request) {
return redirctURI;
} /**
* 取得忽略过滤的页面
* @param request
* ServletRequest对象
* @return 忽略的URI
*/
protected String[] selectIgnoreURI(ServletRequest request) {
return ignoreURI;
}}
public static boolean isContains(String container, String[] regx) {
boolean result = false; for (int i = 0; i < regx.length; i++) {
if (container.indexOf(regx[i]) != -1) {
result=true;
}
}
return result;
} public FilterConfig config; public void setFilterConfig(FilterConfig config) {
this.config = config;
} public FilterConfig getFilterConfig() {
return config;
} public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponseWrapper wrapper = new HttpServletResponseWrapper((HttpServletResponse) response);
System.out.println(wrapper);
String logonStrings = config.getInitParameter("logonStrings");//logonStrings,登陆页面
String includeStrings = config.getInitParameter("includeStrings");//includeStrings,过滤页面参数
String redirectPath = req.getContextPath()+ config.getInitParameter("redirectPath");//redirectPath,没有登陆转向页面
String disabletestfilter = config.getInitParameter("disabletestfilter");//disabletestfilter,过滤器是否有效。 if (disabletestfilter.toUpperCase().equals("N")) {
chain.doFilter(request, response);
return;
}
String[] logonList = logonStrings.split(";");
String[] includeList = includeStrings.split(";");
Object userInfo =req.getSession().getAttribute("userInfo");
Object isLogin = req.getSession().getAttribute("isLogin");
System.out.println(userInfo);
System.out.println(isLogin);
if (userInfo== null||isLogin==null) {
if (!LoginFilter.isContains(req.getRequestURI(),includeList)) {
chain.doFilter(request, response);
return;
}
if (LoginFilter.isContains(req.getRequestURI(),logonList)) {
chain.doFilter(request, response);
return;
}
wrapper.sendRedirect(redirectPath);
} else {
chain.doFilter(request, response);
}
}
public void destroy() {
this.config = null;
}
public void init(FilterConfig filterConfig) throws ServletException {
this.config = filterConfig;
}
}
web.xml<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.exam.filter.LoginFilter</filter-class>
<init-param>
<param-name>logonStrings</param-name>
<param-value>/login.jsp</param-value>
</init-param>
<init-param>
<param-name>includeStrings</param-name>
<param-value>.jsp;</param-value>
</init-param>
<init-param>
<param-name>redirectPath</param-name>
<param-value>/login.jsp</param-value>
</init-param>
<init-param>
<param-name>disabletestfilter</param-name>
<param-value>Y</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-name>Spring character encoding filter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>GBK</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Spring character encoding filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
框架过滤器
org.springframework.web.filter.CharacterEncodingFilter spring Mvc编码转换filter
org.acegisecurity.util.FilterToBeanProxy Acegi Filter
org.extremecomponents.table.filter.ExportFilter ExtremeTable 导出Excel和Pdf的Filter
org.apache.struts2.dispatcher.ActionContextCleanUp 防止struts2的FilterDispatcher清除ActonContext,导致FilterDispatcher之后的filter无法访问ActonContext中的数据