6.禁止站点过滤器
如果你希望在你的过滤器检测到不正常的异常而中途中断后面的过滤过程时,可这样做:
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse res = (HttpServletResponse) response; if (isUnusualCondition(req)) { res.sendRedirect("http://www.somesite.com"); } else { chain.doFilter(req, res); }}
下例是一个禁止站点过滤器,如果不希望某些站点访问你的网站,你可以在web.xml的 param-value中列出它的站点,然后应用上面的原理跳出常规过滤,给出禁止访问的页面。
BannedAccessFilter.java
package com.zj.sample;import java.io.IOException;import java.io.PrintWriter;import java.net.MalformedURLException;import java.net.URL;import java.util.HashSet;import java.util.StringTokenizer;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;public class BannedAccessFilter implements Filter { private HashSet bannedSiteTable;/*** Deny Access if the request comes from a banned site or is referred here* by a banned site. */ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException { System.out.println("Within BannedAccessFilter:Filtering the Request..."); HttpServletRequest req = (HttpServletRequest) request; String requestingHost = req.getRemoteHost(); String referringHost = getReferringHost(req.getHeader("Referer")); String bannedSite = null; boolean isBanned = false; if (bannedSiteTable.contains(requestingHost)) { bannedSite = requestingHost; isBanned = true; } else if (bannedSiteTable.contains(referringHost)) { bannedSite = referringHost; isBanned = true; } if (isBanned) { showWarning(response, bannedSite); } else { chain.doFilter(request, response); } System.out.println("Within BannedAccessFilter:Filtering the Response..."); }/*** Create a table of banned sites based on initialization parameters.* Remember that version 2.3 of the servlet API mandates the use of the* Java 2 Platform. Thus, it is safe to use HashSet (which determines* whether a given key exists) rather than the clumsier Hashtable* (which has a value for each key).*/ public void init(FilterConfig config) throws ServletException { bannedSiteTable = new HashSet(); String bannedSites = config.getInitParameter("bannedSites"); // Default token set: white space. StringTokenizer tok = new StringTokenizer(bannedSites); while (tok.hasMoreTokens()) { String bannedSite = tok.nextToken(); bannedSiteTable.add(bannedSite); System.out.println("Banned " + bannedSite); } } public void destroy() {} private String getReferringHost(String refererringURLString) { try { URL referringURL = new URL(refererringURLString); return (referringURL.getHost()); } catch (MalformedURLException mue) { // Malformed or null return (null); } } // Replacement response that is returned to users // who are from or referred here by a banned site. private void showWarning(ServletResponse response, String bannedSite) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter ut = response.getWriter(); String docType = "<!DOCTYPE HTML PUBLIC /"-//W<st1:chmetcnv w:st="on" tcsc="0" numbertype="1" negative="False" hasspace="False" sourcevalue="3" u 记录沿途的心情。那样的生活才是我想要的。
