servlet.png
When to Use Filters for Pre-Processing and Post-Processing
Request objects and response objects are typically passed directly between the servlet container and a servlet. The servlet specification, however, allows servlet filters, which are Java programs that execute on the server and can be interposed between servlets and the servlet container to wrap and preprocess requests or to wrap and postprocess responses. A filter is invoked when there is a request for a resource that the filter has been mapped to in the servlet configuration.
Filters can effectively transform requests and responses. Use filters if you want to apply preprocessing or postprocessing for a group of servlets. (If you want to modify the request or response for just one servlet, there is no need to create a filter. You can just do what is required directly in the servlet itself.)
You can use filters in scenarios such as accessing a resource, or processing a request to that resource, prior to the request being invoked; or wrapping a request or response in a customized request object or response object, respectively. You can act on a servlet with a chain of filters in a specified order.
One example is an encryption filter. Servlets in an application may generate response data that is sensitive and should not go out over the network in clear-text form, especially when the connection has been made using a nonsecure protocol such as HTTP. A filter can encrypt the responses. (Of course, in this case the client must be able to decrypt the responses.) Other examples are filters for authentication, logging, auditing, data compression, and caching.
If there are two filters, for example, the key steps of this mechanism would be as follows:
- The target servlet is requested. The container detects that there are two filters and creates the filter chain.
- The first filter in the chain is invoked by its doFilter() method.
- The first filter completes any preprocessing, then calls the doFilter() method of the filter chain. This results in the second filter being invoked by its doFilter() method.
- The second filter completes any preprocessing, then calls the doFilter() method of the filter chain. This results in the target servlet being invoked by its service() method.
- When the target servlet is finished, the chain doFilter() call in the second filter returns, and the second filter can do any postprocessing.
- When the second filter is finished, the chain doFilter() call in the first filter returns, and the first filter can do any postprocessing.
- When the first filter is finished, execution is complete.
When to Use Event Listeners for Servlet Notification
The servlet specification adds the capability to track key events in your Web applications through event listeners. You can implement listeners to notify your application of application events, session events, or request events. This functionality allows more efficient resource management and automated processing based on event status.
Use event listeners if there is reason for your application to be notified of any of the following.
- For the servlet context:
- The servlet context is newly created or is about to be shut down.
- Servlet context attributes are added, removed, or replaced.
- For a session:
- A session is newly created or is newly invalidated or timed out.
- Session attributes are added, removed, or replaced.
- A session is newly active or passive.
- An object is newly bound to or unbound from a session.
- For a request:
- A request is being newly processed.
- Request attributes are added, removed, or replaced.
四、过滤器和拦截器区别
主要区别如下:
1、拦截器主要是基于java的反射机制的,而过滤器是基于函数回调
2、拦截器不依赖于servlet容器,过滤器依赖于servlet容器
3、拦截器只能对action请求起作用,而过滤器则可以对几乎所有的请求起作用
4、拦截器可以访问action上下文、值栈里的对象,而过滤器不能访问
5、在action的生命周期中,拦截器可以多次被调用,而过滤器只能在容器初始化时被调用一次
网友评论