在本篇文章中將使用過(guò)濾器進(jìn)行編碼轉(zhuǎn)換、登陸驗(yàn)證、防站外提交的過(guò)程,為了演示,我把編碼轉(zhuǎn)換放在一個(gè)filter中,登陸驗(yàn)證和防站外提交放在另一個(gè)filter中,兩個(gè)filter進(jìn)行串聯(lián)工作。
1、為了演示,先制作這兩個(gè)filter
//這個(gè)filter是為了做編碼轉(zhuǎn)換,只要訪問(wèn).jsp網(wǎng)頁(yè)都要功過(guò)這個(gè)filter
/**類(lèi)名:filter.Encoding
*作用:對(duì)后臺(tái)修改進(jìn)行權(quán)限驗(yàn)證和防止站外提交
*作者:luoshao
*日期:2008-1-9
*/
package filter;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class Encoding implements Filter {
/** Request.java
* 對(duì) HttpServletRequestWrapper 進(jìn)行擴(kuò)充, 不影響原來(lái)的功能并能提供所有的 HttpServletRequest
* 接口中的功能. 它可以統(tǒng)一的對(duì) Tomcat 默認(rèn)設(shè)置下的中文問(wèn)題進(jìn)行解決而只需要用新的 Request 對(duì)象替換頁(yè)面中的
* request 對(duì)象即可.
*/
class Request extends HttpServletRequestWrapper
{
public Request(HttpServletRequest request) {
super(request);
}
/**
* 轉(zhuǎn)換由表單讀取的數(shù)據(jù)的內(nèi)碼.
* 從 ISO 字符轉(zhuǎn)到 GBK.
*/
public String toChi(String input) {
try {
byte[] bytes = input.getBytes("ISO8859-1");
return new String(bytes, "GBK");
}
catch (Exception ex) {
}
return null;
}
/**
* Return the HttpServletRequest holded by this object.
*/
private HttpServletRequest getHttpServletRequest()
{
return (HttpServletRequest)super.getRequest();
}
/**
* 讀取參數(shù) -- 修正了中文問(wèn)題.
*/
public String getParameter(String name)
{
return toChi(getHttpServletRequest().getParameter(name));
}
/**
* 讀取參數(shù)列表 - 修正了中文問(wèn)題.
*/
public String[] getParameterValues(String name)
{
String values[] = getHttpServletRequest().getParameterValues(name);
if (values != null) {
for (int i = 0; i < values.length; i++) {
values[i] = toChi(values[i]);
}
}
return values;
}
}
public void destroy() {
}
第二個(gè)filter做登陸驗(yàn)證和防止站外提交
/**類(lèi)名:filter.SecurityAndDeny
*作用:對(duì)后臺(tái)修改進(jìn)行權(quán)限驗(yàn)證和防止站外提交
*作者:luoshao
*日期:2008-1-9
*/
package filter;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class SecurityAndDeny implements Filter{
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)req;
HttpServletResponse response=(HttpServletResponse)resp;
//權(quán)限驗(yàn)證
HttpSession session = request.getSession(false);
if (session == null || session.getAttribute("username") == null) {
//*用戶(hù)登錄以后需手動(dòng)添加session
response.sendRedirect(request.getContextPath() + "/adminLogin.jsp");
}
//防止站外提交
String s1=request.getHeader("Referer");
String s2=request.getServerName();
s1=s1.substring(7,7+s2.length());
System.out.println("s1=" + s1 + " s2="+ s2 + "s2.length()=" +s2.length());
if(!s1.equals(s2)){
PrintWriter out=response.getWriter();
out.println("you are doing wrong activities...");
return ;
}
chain.doFilter(request, response);
}
public void init(FilterConfig filterConfig) throws ServletException {
}
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpreq = (HttpServletRequest)request;
if(httpreq.getMethod().equals("POST")) {
request.setCharacterEncoding("GBK");
} else {
request = new Request(httpreq);
}
chain.doFilter(request, response);
}
public void init(FilterConfig filterConfig) throws ServletException {
}
}
2、為了清楚起見(jiàn),看下web.xml的filter設(shè)置
<!--filter setting-->
<filter>
<filter-name>encoding</filter-name>
<filter-class>filter.Encoding</filter-class>
</filter>
<filter-mapping>
<filter-name>encoding</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter>
<filter-name>securityAndDeny</filter-name>
<filter-class>filter.SecurityAndDeny</filter-class>
</filter>
<filter-mapping>
<filter-name>securityAndDeny</filter-name>
<url-pattern>/admin/*</url-pattern>
</filter-mapping>
從設(shè)置可以看出,如果訪問(wèn)了/admin/下的網(wǎng)頁(yè),這個(gè)兩個(gè)filter將先后執(zhí)行,形成串聯(lián)工作,即首先對(duì)request進(jìn)行編碼轉(zhuǎn)換,然后才進(jìn)行登陸驗(yàn)證和防站外提交,都通過(guò)后才能訪問(wèn)您要的網(wǎng)頁(yè)資源
3、制作登陸驗(yàn)證servlet
該servlet代碼如下:
/**登陸驗(yàn)證servlet
*作者:luoshao
*日期:2008-1-9
*/
package servlet;
import geci.*;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class AdminLogin extends HttpServlet{
public void doPost(HttpServletRequest request,HttpServletResponse response)
throws ServletException,IOException{
try{
String username=request.getParameter("username").replace("'","''");
String password=request.getParameter("password").replace("'","''");
//System.out.println(username + "/" + password);
LrcDB lrcdb=new LrcDB();//來(lái)自geci.LrcDB,該類(lèi)用到了tomcat連接池[清參看我關(guān)于連接池的設(shè)置]
HttpSession session = request.getSession(true);
if(lrcdb.adminLogin(username,password)){
session.setAttribute("username",username);//驗(yàn)證成功設(shè)置session
//當(dāng)轉(zhuǎn)向admin/下的網(wǎng)頁(yè)是會(huì)啟用第二個(gè)filter
response.sendRedirect(request.getContextPath()+"/admin/admin.jsp");
}else{
session.invalidate();//登陸失敗,session失效
response.sendRedirect(request.getContextPath()+"/LoginErr.htm");
}
}catch(Exception e){
e.printStackTrace();
}
}
public void doGet(HttpServletRequest request,HttpServletResponse response)
throws ServletException,IOException{
doPost(request,response);
}
}
4、web.xml中的servlet設(shè)置
<servlet>
<servlet-name>adminLogin</servlet-name>
<servlet-class>servlet.AdminLogin</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>adminLogin</servlet-name>
<url-pattern>/adminLogin</url-pattern>
5、制作登陸頁(yè)面
<form action="adminLogin" method="POST" name="form2">
<tr>
<td width="97" height="23" bgcolor="#EEEEEE"> <img src="images/User_Login.gif" width="13" height="13" />管理員登陸</td>
<td width="93"> </td>
</tr>
<tr height="1">
<td bgcolor="#808080"> </td>
<td bgcolor="#808080"> </td>
</tr>
<tr>
<td height="30" colspan="2" bgcolor="#F2F2F2"> 管理員:
<label>
<input name="username" type="text" id="username" size="15" />
</label></td>
</tr>
<tr>
<td height="30" colspan="2" bgcolor="#F2F2F2"> 密 碼:
<label>
<input name="password" type="password" id="password" size="15" />
</label></td>
</tr>
<tr>
<td height="30" colspan="2" bgcolor="#F2F2F2"><div align="center">
<label>
<input name="Submit" type="submit" class="buttonYinse" value="登 陸" />
</label>
</div></td>
</tr>
</form>
頁(yè)面其他部分省略。。。
可以看出表單提交給步驟3的servlet
------完
演示得從后面往前說(shuō)了,當(dāng)我們?cè)L問(wèn)了網(wǎng)站中除了/admin/下的網(wǎng)頁(yè)時(shí),tomcat只啟用第一個(gè)filter;當(dāng)我們登陸的時(shí)候,表單提交個(gè)/adminLogin,那么就啟用了第一個(gè)filter,對(duì)request的編碼進(jìn)行了轉(zhuǎn)換,然后servlet對(duì)用用戶(hù)名密碼驗(yàn)證后,轉(zhuǎn)向/admin/admin.jsp時(shí),tomcat首先啟用一次第一個(gè)filter,然后直接轉(zhuǎn)到第二個(gè)filter,第二個(gè)filter發(fā)現(xiàn)session已經(jīng)有了(剛才servlet驗(yàn)證通過(guò)并設(shè)置了session)就直接進(jìn)入了/admin/admin.jsp;如果用戶(hù)在未登陸情況下直接訪問(wèn)/admin/admin.jsp,那么同樣會(huì)首先啟用第一個(gè)filter進(jìn)行編碼轉(zhuǎn)換,然后再到第二個(gè)filter,在第二個(gè)filter中發(fā)現(xiàn)session根本沒(méi)有username屬性,頁(yè)面被強(qiáng)制轉(zhuǎn)向到/adminLogin.jsp,在這個(gè)轉(zhuǎn)向過(guò)程同樣還有啟用第一個(gè)filter。。。。。是不是很復(fù)雜,呵呵。
唯一的擔(dān)心:因?yàn)樵谶@些跳轉(zhuǎn)中不止一次的啟用filter,對(duì)tomcat增加負(fù)擔(dān),后果會(huì)不會(huì)很?chē)?yán)重 -_-!!,不清楚。。。。。。
原文出處:http://luoshao.blog.163.com/blog/static/111399502008091058895/
柴油發(fā)電機(jī)
發(fā)電機(jī)
柴油機(jī)
柴油發(fā)電機(jī)
13636374743(上海)
13291526067(嘉興)