Java Web practice detailed tutorial (XXII) filter

Miss Zhu 2022-02-13 08:36:59 阅读数:930

java web practice detailed tutorial

         In the last article , We go through Session Authentication is realized , Specifically, after successful login , stay session Object to store the successful login user object , Then on the resources that need control permission , Judge session Whether the object is included in the scope . The code is as follows :

public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {

if (request.getSession().getAttribute("user") != null) {

String type = request.getParameter("type");
if (type == null) {

search(request, response);
} else if (type.equals("showAdd")) {

showAdd(request, response);
} else if (type.equals("add")) {

add(request, response);
} else if (type.equals("showUpdate")) {

showUpdate(request, response);
} else if (type.equals("update")) {

update(request, response);
} else if (type.equals("delete")) {

delete(request, response);
} else {


         This code is to realize authentication :

 if (request.getSession().getAttribute("user") != null) {

} else {


         You can imagine , If Web The system has a large number of modules that need authentication operation , This will add the above authentication judgment in each module , The project will be filled with a lot of redundant code . This raises a question , Is there a way to handle requests uniformly ?
         The answer is yes , That's the filter .
         The function of filters is to filter requests and responses , in application , In most cases, requests are filtered , For example, the filter can prevent Chinese characters from being garbled 、 Realize authentication operation .
         Its implementation principle is shown in the figure below , By setting the filter to be filtered URL, Then visit the URL Request , Will enter the filter first , Filter setting rules , Conduct business processing .
 Insert picture description here
         Realize authentication through filter , Just set the following rules in the filter :

  • Judge session If there user object , If yes, it is allowed to continue to request the original URL resources
  • If session There is no user object , Then redirect to the login page .

         Code implementation level , Filters need to be inherited from javax.servlet.Filter Interface , And implement doFilter Method :

package filter;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@WebFilter("/stu")// Set the resources to filter 
public class LoginFilter implements Filter {

public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
throws IOException, ServletException {

HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
if (request.getSession().getAttribute("user") != null) {

// Continue to execute the request 
chain.doFilter(req, resp);
} else {


         such , If you want to authenticate other modules , Only need @WebFilter Add... To the annotation URL that will do .
@WebFilter(URL) Medium URL It's actually urlPatterns An abbreviation for the value of an attribute ,urlPatterns The value of can take the following forms :

  • Match... With the specified resource , for example :"/index"
  • Matching of multiple resources , for example :{"/index","/stu"}
  • Match by directory , for example :"/servlet/*"
  • Match with suffix , for example :"*.jsp"
  • wildcard , Intercept all web resources . for example :"/*"
copyright:author[Miss Zhu],Please bring the original link to reprint, thank you.