Use servlet filtering to implement permission control

Use servlet filtering to implement permission control

Introduction

Filtering is a new feature of servlet2.3, current Tomcat4, WebLogic7 has supported it. It enables many functions that have been inconvenient or difficult to implement. In the product system, we can use servlet filtering, so that each component can achieve individual individual permission systems. .

Let's take a look at how the servlet filter is working, as shown below:

Figure 1. Filter and J2EE request processing

As can be seen from the figure, servlet filtering is performed in the web container in the J2EE platform, any static or dynamic business request will pass this filter channel.

advantage

The advantages of servlet filtering are as follows:

In the traditional architecture:

Each time you accept the request, the hook method is called, whether or not they are executed (sometimes even empty). The scope of the method and the concurrent relationship (each method may be called on different threads) Do not allow simple and efficient sharing variables and information between different hook method calls when processing the same request.

In servlet filtering:

Nested method calls are implemented through a series of filters, which only applies to the currently requested filter; the traditional execution method based on the hook-type call requires calling the hook routine in the processing short sentence, even a specific short sentence Processing logic does not play any effect. The local variable is reserved before the actual filtration method is returned, and it is available (because the upstream filter is always in the stack, waiting for the return of subsequent calls).

Filter implementation

The call chain all filters are obeyed from the calling filter chain and is executed by defining a clear interface. A Java class that performs a filter must perform this Javax.Servlet.Filter interface. This interface contains three filters that must be performed:

DOFILTER (ServletRequest, servletResponse, filterchain): This is a method of completing filtering behavior. This is also the method of upstream filter call. The introduced Filterchain object provides information to be called by the subsequent filters. INIT (FILTERCONFIG): This is an initialization method called by a container. It guarantees that the container is called before the first DOFILTER () call is called. You can get the initialization parameters specified in the web.xml file. DESTROY (): The container is called before the Filter instance is destroyed, and all activities in DOFILTER () are called after the instance is terminated.

Nested calls occur in the DOFILTER () method execution. Unless you create a filter clearly prevent all subsequent processing (through other filter and resource processor), the filter will definitely be called in the DOFILTER method:

Filterchain.dofilter (Request, Response);

Install the filter: Define the configuration descriptor web.xml file in the web application to understand the filter. There are two new tags related to the filter: and . They should specify their subcares for the tag of the Web.xml file.

Filter defined element tag is a filter definition, it must have a and sub-elements. The sub-elements give a text-based name associated with the filter instance. Specifies the actual class loaded by the container. You can freely include a sub-element provides an initialization parameter for a filter instance. For example, the following filter definition specifies a filter called IE Filter: List 1. Filter definition tag

IE filter

com.ibm.devworks.filters.IEfilter

When the container handles the web.xml file, it is usually created a filter instance for each filter that is found. This instance is used to serve all available URL requests; therefore, write a filter in a thread security manner is most important.

Filters mapping and child elements indicates a mapping of a filter that specifies the subset of the filter that generates the URL. It must have a sub-element corresponding to the filter definition that can find the filter that you want to map.

We can use the or sub-elements to specify the mapping. Specifies a servlet for a filter application (which is defined in the web.xml file).

Note: Here we can use to specify a subset of the URL of the filter application. For example, the style of / * is used to represent each of the URLs used by the filter mapping, and / gl / *, indicating that the filter map is applied only to the proprietary URL of the general ledger, and NT / * The filter is only applied only to non-tax special URL.

The container uses these filter mappings to determine if a specific filter should be involved in a particular request. Listing 1 is a filter mapping that is used for all URL definitions of the application:

Listing 2. Filter mapping tag

GL filter

/ gl / *

NT filter

/ nt / *

Attach

Package freeview;

Import javax.servlet. *;

Import javax.servlet.http. *;

Import java.io. *;

Import java.util. *;

/ **

*

Title:

*

description:

*

Copyright: CopyRight (c) 2003

*

Company: FreeView Stu.

* @Author Macken

* @version 1.0 * /

Public class ntfilterServlet Extends httpservlet imports filter {

PRIVATE FILTERCONFIG FILTERCONFIG;

// Handle The Passed-in FilterConfig

Public void init (filterconfig filterconfig) {

THIS.FILTERCONFIG = FilterConfig;

}

// Process the Request / Response PAIR

Public Void Dofilter (ServletRequest Request, ServletResponse Response, Filterchain Filterchain) Throws servletexception, ioException {

// Permission control code

}

// Clean Up Resources

Public void destroy () {

}

}

filterServlet

freeview.filterServlet

filterServlet

/ NT / * ß - Through this description, only the NT component is permissible to control filtering

FreeView.ListenerServlet

debugjsp

Added to Compile JSPS with debug info

org.apache.jasper.servlet.jspservlet

ClassdebugInfo

True

3

debugjsp

*. jsp