Tomcat 是个Java应用程序, 作为一个Web容器, 带有请求/响应的HTTP服务器
Web容器
创建Servlet实例, 完成Servlet名称注册和URL模式对应, Web容器转发给Servlet处理,
请求过来时 创建HttpServletRequest 和 HttpServletResponse 对象, 请求结束时销毁,
Servlet
生命周期重要的3个方法, init() service() destory()
Serlvet ServletConfig GenericServlet, 3个类的关系, GenericServlet 类会把默认的配置init(ServletConfig servletConfig) 放入Servlet中
ServletContext 在整个Web应用程序加载容器完成之后会创建一个全局的ServletContext 对象 代表整个英雄程序, 可通过ServletConfig获取
监听器
ServletRequestListener , HttpSessionListener, ServletConttextListener
Session的属性变化监听,移除监听,
过滤器
请求的编码格式过滤
请求封装器, 在请求过来时替换<>这些防止xss攻击,SQL注入
package com.example.demo.filter;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.IOException;
@WebFilter
public class EscapeFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
System.out.println("EscapeFilter doFilter");
HttpServletRequestWrapper requestWrapper = new EscapeWrapper((HttpServletRequest) request);
chain.doFilter(requestWrapper, response);
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("EscapeFilter init");
}
@Override
public void destroy() {
System.out.println("EscapeFilter destroy");
}
}
Wrapper
package com.example.demo.filter;
import org.apache.commons.lang3.StringEscapeUtils;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
public class EscapeWrapper extends HttpServletRequestWrapper {
public EscapeWrapper(HttpServletRequest request) {
super(request);
}
@Override
public String getParameter(String name) {
String value = getRequest().getParameter(name);
return StringEscapeUtils.escapeHtml4(value);
//return super.getParameter(name);
}
}
响应封装器, 同请求封装器,大同小异