Filter:过滤器,用来过滤网站的数据;
- 处理中文乱码
- 登陆验证……
Fitler开发步骤
添加依赖
pom.xml
<dependencies><!--Jsp依赖--><!-- https://mvnrepository.com/artifact/javax.servlet.jsp/javax.servlet.jsp-api --><dependency><groupId>javax.servlet.jsp</groupId><artifactId>javax.servlet.jsp-api</artifactId><version>2.3.3</version><scope>provided</scope></dependency><!--Servlet依赖--><!-- https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api --><dependency><groupId>javax.servlet</groupId><artifactId>javax.servlet-api</artifactId><version>4.0.1</version><scope>provided</scope></dependency><!--jstl标签依赖--><!-- https://mvnrepository.com/artifact/javax.servlet.jsp.jstl/jstl --><dependency><groupId>javax.servlet.jsp.jstl</groupId><artifactId>jstl</artifactId><version>1.2</version></dependency><!--standard 依赖--><dependency><groupId>taglibs</groupId><artifactId>standard</artifactId><version>1.1.2</version></dependency><!--连接数据库--><dependency><groupId>mysql</groupId><artifactId>mysql-connector-java</artifactId><version>5.1.49</version></dependency></dependencies>编写过滤器
导包
代码
实现Filter接口,重写对应的方法即可
CharacterEncondingFilter.java
publicclassCharacterEncondingFilterimplementsFilter{// Chain:链/* 1.过滤器中的所有代码,在过滤请求的时候都会执行 2.必须要过滤器继续通行,才能进行转交 chain.doFilter(request, response);死代码 * */@OverridepublicvoiddoFilter(ServletRequestrequest,ServletResponseresponse,FilterChainchain)throwsIOException,ServletException{request.setCharacterEncoding("utf-8");response.setCharacterEncoding("utf-8");response.setContentType("text/html;charset=UTF-8");System.out.println("过滤执行前");chain.doFilter(request,response);//让我们的请求继续走,如果不写,程序在这里就会被拦截。因为如果有其他过滤也会放在链中进行交接System.out.println("过滤执行后");}// 初始化@Overridepublicvoidinit(FilterConfigfilterConfig)throwsServletException{//filterConfig. 可以才初始化的时候获得一些东西,但是一般没有必要这样子操作System.out.println("CharacterEncondingFilter已经初始化了");}//销毁:web服务器停止的时候,过滤器会被销毁@Overridepublicvoiddestroy(){//注销的时候也可以进行垃圾回收的额外操作://System.gc();System.out.println("CharacterEncondingFilter已经销毁了");}}ShowServlet.java
publicclassShowServletextendsHttpServlet{@OverrideprotectedvoiddoGet(HttpServletRequestreq,HttpServletResponseresp)throwsServletException,IOException{PrintWriterout=resp.getWriter();out.write("世界");}@OverrideprotectedvoiddoPost(HttpServletRequestreq,HttpServletResponseresp)throwsServletException,IOException{doGet(req,resp);}}在web.xml配置
<servlet><servlet-name>ShowServlet</servlet-name><servlet-class>com.cike.servlet.ShowServlet</servlet-class></servlet><servlet-mapping><servlet-name>ShowServlet</servlet-name><url-pattern>/show</url-pattern><url-pattern>/cn/show</url-pattern></servlet-mapping><filter><filter-name>CharacterEncodingFilter</filter-name><filter-class>com.cike.filter.CharacterEncondingFilter</filter-class></filter><filter-mapping><filter-name>CharacterEncodingFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>监听器
实现要给监听器的接口;(有N种)
编写一个HttpSession监听器
实现监听器的接口
//统计网站在线人数:统计session//一通百通,有很多个Listener、一年也不一定学的完publicclassOnlineCountListenerimplementsHttpSessionListener{privatestaticintonlineCount=0;//创建session监听:看你的一举一动(间谍)//一旦创建一个Session就会触发一次这个事件!publicvoidsessionCreated(HttpSessionEventse){//HttpSessionEvent代表session事件的一个对象ServletContextctx=se.getSession().getServletContext();IntegeronlineCount=(Integer)ctx.getAttribute("OnlineCount");System.out.println(se.getSession().getId());if(onlineCount==null){onlineCount=newInteger(1);}else{intcount=onlineCount.intValue();onlineCount=newInteger(count+1);}ctx.setAttribute("OnlineCount",onlineCount);}//销毁session监听//一旦销毁Sesson就会触发一次这个事件!publicvoidsessionDestroyed(HttpSessionEventse){//HttpSessionEvent代表session事件的一个对象ServletContextctx=se.getSession().getServletContext();IntegeronlineCount=(Integer)ctx.getAttribute("OnlineCount");if(onlineCount==null){onlineCount=newInteger(0);}else{intcount=onlineCount.intValue();onlineCount=newInteger(count-1);}ctx.setAttribute("OnlineCount",onlineCount);}/* * Session销毁: * 手动销毁:getSession()invalidate(); * 自动销毁:web.xml中进行配置 * */}web.xml注册监听器
<listener><listener-class>com.cike.listen.OnlineCountListener</listener-class></listener>自动注销session.
<session-timeout><!--以分钟为单位-->1</session-timeout>看情况是否使用
……
过滤器和监听器的常见应用(Gui编写)
- 工具、写外挂、辅助、木马经常用到这些
publicclassTestPanel{publicstaticvoidmain(String[]args){Frametitle=newFrame("反序列化通杀工具");//创建窗体Panelpanel=newPanel(null);// 创建面板title.setLayout(null);//设置窗体布局title.setBounds(300,300,2000,2000);title.setBackground(Color.darkGray);//设置背景颜色panel.setBounds(50,50,800,800);panel.setBackground(Color.white);//设置背景颜色title.add(panel);title.setVisible(true);//监听事件,监听关闭事件title.addWindowListener(newWindowListener(){@Override//Windows打开事件publicvoidwindowOpened(WindowEvente){System.out.println("Windows打开事件");}@Override//Windows关闭中事件publicvoidwindowClosing(WindowEvente){System.out.println("Windows关闭中事件");System.exit(0);//这里的0指的是正常退出、如果是1指的是存在错误(非正常)}@Override//Windows关闭事件publicvoidwindowClosed(WindowEvente){System.out.println("Windows关闭事件");}@Override//窗体图标被激活事件publicvoidwindowIconified(WindowEvente){}@OverridepublicvoidwindowDeiconified(WindowEvente){}@Override//激活publicvoidwindowActivated(WindowEvente){System.out.println("窗体激活事件");}@Override//窗体未激活publicvoidwindowDeactivated(WindowEvente){System.out.println("窗体未激活事件");}});}}Filter实现权限拦截(登录实验)
用户登录之后才能进入主页!用户注销后就不能进入!
用户登录之后,向Session中放入用户的数据
进入主页的时候要判断用户是否已经登录;可以过滤器实现
sysFilter.java
publicclasssysFilterimplementsjavax.servlet.Filter{@Overridepublicvoidinit(FilterConfigfilterConfig)throwsServletException{}@OverridepublicvoiddoFilter(ServletRequestreq,ServletResponserep,FilterChainfilterChain)throwsIOException,ServletException{// ServletRequest HttpServletRequest 类型不一样,先需要强转换// ServletResponse HttpServletResponse 类型不一样,先需要强转换HttpServletRequestrequest=(HttpServletRequest)req;HttpServletResponseresponse=(HttpServletResponse)rep;if(request.getSession().getAttribute(Constant.USER_SESSION)==null){response.sendRedirect("/login.jsp");}filterChain.doFilter(request,response);}@Overridepublicvoiddestroy(){}}注销的时候不建议销毁session
开发中一般不建议销毁session,因为频繁的创建session是非常消耗资源的。移除session,只是客户端的session值没了,但是服务端还在,可以做到session复用,就不需要频繁的创建session了
LogoutServlet
publicclassLogoutServletextendsHttpServlet{@OverrideprotectedvoiddoGet(HttpServletRequestreq,HttpServletResponseresp)throwsServletException,IOException{//开发中一般不建议销毁session,因为频繁的创建session是非常消耗资源的ObjectuserSession=req.getSession().getAttribute("USER_SESSION");if(userSession!=null){//移除session,只是客户端的session值没了,但是服务端还在,可以做到session复用,就不需要频繁的创建session了req.getSession().removeAttribute("USER_SESSION");resp.sendRedirect("/login.jsp");}}}配置常量SESSION
publicclassConstant{//常量,不加final也可以//final 在Java 中是一个保留的关键字,可以声明成员变量、方法、类以及本地变量。 一旦你将引用声明作final,你将不能改变这个引用了publicfinalstaticStringUSER_SESSION="userSession";}前端视图跳转
index.jsp
<%@ page contentType="text/html;charset=UTF-8"language="java"%><html><head><title>Title</title></head><body><h1>当前有<span style="color: aquamarine"><%=this.getServletConfig().getServletContext().getAttribute("OnlineCount")%></span>人在线</h1><h1><a href="${pageContext.request.contextPath}/login.jsp">管理员登录</a></h1></body></html>login.jsp
<%@ page contentType="text/html;charset=UTF-8"language="java"%><html><head><title>登录</title></head><body><form action="${pageContext.request.contextPath}/login"><input type="text"name="username"><input type="password"name="password"><input type="submit"value="登录"></form></body></html>/sys/success.jsp
<%@ page contentType="text/html;charset=UTF-8"language="java"%><html><head><title>管理员后台</title></head><body><%--没有过滤器的时候,也可以这样子进行未授权访问的验证<%ObjectuserSession=request.getSession().getAttribute("USER_SESSION");if(userSession==null){response.sendRedirect("/login.jsp");}%>--%><h1>恭喜你登陆成功</h1><p>flag{this_is_flag}</p><p><a href="${pageContext.request.contextPath}/logout">注销</a></p></body></html>web.xml的配置
<servlet><servlet-name>LoginServlet</servlet-name><servlet-class>com.cike.servlet.LoginServlet</servlet-class></servlet><servlet-mapping><servlet-name>LoginServlet</servlet-name><url-pattern>/login</url-pattern></servlet-mapping><servlet><servlet-name>logout</servlet-name><servlet-class>com.cike.servlet.LogoutServlet</servlet-class></servlet><servlet-mapping><servlet-name>logout</servlet-name><url-pattern>/logout</url-pattern></servlet-mapping><filter><filter-name>sysFilter</filter-name><filter-class>com.cike.filter.sysFilter</filter-class></filter><filter-mapping><filter-name>sysFilter</filter-name><url-pattern>/sys/*</url-pattern></filter-mapping>