Recipe 19.6 Optionally Blocking a Request with a Filter

Recipe 19.6 Optionally Blocking a Request with a Filter


You want the option to block a request with a filter.


Do not call the FilterChain object's doFilter( ) method inside of the filter. Output the response to the client inside of the filter's doFilter( ) method instead.


A filter blocks a request from getting to a web component, such as a servlet, JSP, or HTML page, by never calling FilterChain.doFilter( ) inside the filter's own doFilter( ) method.

The BlockFilter class in Example 19-8 attempts to authenticate the user based on a request parameter. If the authentication fails, the filter uses the response object to output a response to the client, and the request is effectively blocked from reaching the requested servlet. A filter can output the final response to the client, not just initiate its filtering tasks .

Example 19-8. A filter optionally blocks the request and issues a response itself
 package com.jspservletcookbook;  import; import;  import javax.servlet.*; import javax.servlet.http.*;  public class BlockFilter implements Filter {  private FilterConfig config;          /** Creates new BlockFilter */     public BlockFilter( ) {}          public void  init(FilterConfig filterConfig)  throws ServletException{              this.config = filterConfig;     }        public void  doFilter(ServletRequest request, ServletResponse response,       FilterChain chain) throws IOException, ServletException {       HttpServletRequest req = null;  boolean authenticated = false;     PrintWriter out = null;           if (request instanceof HttpServletRequest){                   req = (HttpServletRequest) request;          String user = req.getParameter("user");//get the user name          authenticated = authenticateUser(user);//authenticate the user     }     if (authenticated){                   //they are authenticated, so pass along the request          chain.doFilter(request,response);          else {          //have the filter send back the response          response.setContentType("text/html");          out = response.getWriter( );                   out.println(              "<html><head><title>Authentication Response</title>");          out.println("</head><body>");          out.println("<h2>Sorry your authentication attempt failed</h2>");                     out.println("</body></html>");                  }     }// doFilter  public void destroy( ){         /*called before the Filter instance is removed          from service by the web container*/     }          private boolean authenticateUser(String userName){              //authenticate the user using JNDI and a database, for instance         //return false for demonstration purposes         return false;          }// authenticateUser } 

The code authenticates the user by getting the hypothetical username as a request parameter. The name is the parameter for the filter's authenticateUser( ) method, which returns false to demonstrate the filter's response to the client. The filter uses the PrintWriter from the javax.servlet.ServletResponse object, which is a parameter to the doFilter( ) method. The PrintWriter sends HTML back to the client. Figure 19-1 shows the response output in a web browser.

Figure 19-1. The HTML page returned by a blocking filter

If you regularly use filters to send responses to a client, consider creating a JavaBean to customize the response. Store the bean class in its package beneath WEB-INF/classes , and use the bean inside the filter.

See Also

Recipe 7.9 on using a filter to read request parameter values; Recipe 11.11 on using a filter to monitor session attributes; Recipe 18.3 on using a filter to alter then forward the request; Recipe 19.1-Recipe 19.4 on mapping filters to web components ; Recipe 19.5 on configuring init parameters for a filter; Recipe 19.7 on filtering the HTTP response; Recipe 19.8 on using filters with RequestDispatchers ; Recipe 19.9 on using filters to check request parameters; Recipe 19.10 on using filters to disallow requests from certain IP addresses.

Java Servlet & JSP Cookbook
Java Servlet & JSP Cookbook
ISBN: 0596005725
EAN: 2147483647
Year: 2004
Pages: 326 © 2008-2017.
If you may any questions please contact us: