filter实现拦截没有登录的用户和敏感词

@WebFilter("/*")  //注解配置过滤路径
public class LoginFilter implements Filter {

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
        //1.获取HttpServletRequest对象
        HttpServletRequest request=(HttpServletRequest)servletRequest;
        //获取访问的路径
        String uri = request.getRequestURI();
        //判断，如果访问路径是往登录界面走放行
        if (uri.contains("/login.jsp")||uri.contains("/loingServlet.action")) {
            chain.doFilter(servletRequest, servletResponse);
        }else{
            User user = (User)request.getSession().getAttribute("user");
            //如果用户存在，则放行
            if(user!=null){
                chain.doFilter(servletRequest, servletResponse);
            }else{
                //否则转发登录页面，提示消息
                request.setAttribute("login-msg","该页面，需要登陆后才能访问");
                request.getRequestDispatcher("/login.jsp").forward(servletRequest,servletResponse);
            }
        }
    }

}

Filter 实现铭感词过滤

　　1.使用init()方法加载文件的敏感词，存入一个集合

　　2.使用jdk动态代理request对象增强getParameter方法，对请求参数与铭感词逐个判断。

　　3.更改敏感词后返回给页面

/**
 * 敏感词过滤器，使用jdk动态代理，增强方法
 */
@WebFilter("/*")
public class SensitiveFilter implements Filter {
    //定义一个集合接受敏感词
    private List<String> list;

    @Override
    public void init(FilterConfig config) throws ServletException {

        try {
            //1.获取文件真实路径
            ServletContext context = config.getServletContext();
            String realPath = context.getRealPath("/WEB-INF/classes/敏感词汇.txt");
            //2.读取文件
            BufferedReader bf = new BufferedReader(new FileReader(realPath));
            //3.存入集合
            String line=null;
            while ((line=bf.readLine())!=null){
                list.add(line);
            }
            bf.close();
        } catch (Exception e) {
            e.printStackTrace();
        }

    }
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        //1.获取request对象
        HttpServletRequest request=(HttpServletRequest)servletRequest;
        request.getParameter("");
        //2.使用jdk动态代理request对象增强getParameter方法
        Proxy.newProxyInstance(request.getClass().getClassLoader(), request.getClass().getInterfaces(), new InvocationHandler() {
            @Override
            public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
                //3.当方法是getParameter开始判断
                if (method.getName().equals("getParameter")){
                    //4.获取请求参数
                    String value = (String)method.invoke(request, args);
                    if (value!=null){
                        //5.遍历敏感词，当请求参数包含敏感词的时候进入判断
                        for (String str : list) {
                            if (value.contains(str)){
                                //6.将用户输入的参数中的铭感词str替换成"***"
                                value=value.replaceAll(str,"***");
                            }
                        }
                    }
                    //返回参数
                    return value;
                }
                return null;
            }
        });
    }
}