| [ Team LiB ] |
|
Recipe 19.6 Optionally Blocking a Request with a FilterProblemYou want the option to block a request with a filter. SolutionDo not call the FilterChain object's doFilter( ) method inside of the filter. Output the response to the client inside of the filter's doFilter( ) method instead. DiscussionA filter blocks a request from getting to a web component, such as a servlet, JSP, or HTML page, by never calling FilterChain.doFilter( ) inside the filter's own doFilter( ) method. The BlockFilter class in Example 19-8 attempts to authenticate the user based on a request parameter. If the authentication fails, the filter uses the response object to output a response to the client, and the request is effectively blocked from reaching the requested servlet. A filter can output the final response to the client, not just initiate its filtering tasks. Example 19-8. A filter optionally blocks the request and issues a response itselfpackage com.jspservletcookbook; import java.io.PrintWriter; import java.io.IOException; import javax.servlet.*; import javax.servlet.http.*; public class BlockFilter implements Filter { private FilterConfig config; /** Creates new BlockFilter */ public BlockFilter( ) {} public void init(FilterConfig filterConfig) throws ServletException{ this.config = filterConfig; } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = null; boolean authenticated = false; PrintWriter out = null; if (request instanceof HttpServletRequest){ req = (HttpServletRequest) request; String user = req.getParameter("user");//get the user name authenticated = authenticateUser(user);//authenticate the user } if (authenticated){ //they are authenticated, so pass along the request chain.doFilter(request,response); else { //have the filter send back the response response.setContentType("text/html"); out = response.getWriter( ); out.println( "<html><head><title>Authentication Response</title>"); out.println("</head><body>"); out.println("<h2>Sorry your authentication attempt failed</h2>"); out.println("</body></html>"); } }// doFilter public void destroy( ){ /*called before the Filter instance is removed from service by the web container*/ } private boolean authenticateUser(String userName){ //authenticate the user using JNDI and a database, for instance //return false for demonstration purposes return false; }// authenticateUser } The code authenticates the user by getting the hypothetical username as a request parameter. The name is the parameter for the filter's authenticateUser( ) method, which returns false to demonstrate the filter's response to the client. The filter uses the PrintWriter from the javax.servlet.ServletResponse object, which is a parameter to the doFilter( ) method. The PrintWriter sends HTML back to the client. Figure 19-1 shows the response output in a web browser. Figure 19-1. The HTML page returned by a blocking filter See AlsoRecipe 7.9 on using a filter to read request parameter values; Recipe 11.11 on using a filter to monitor session attributes; Recipe 18.3 on using a filter to alter then forward the request; Recipe 19.1-Recipe 19.4 on mapping filters to web components; Recipe 19.5 on configuring init parameters for a filter; Recipe 19.7 on filtering the HTTP response; Recipe 19.8 on using filters with RequestDispatchers; Recipe 19.9 on using filters to check request parameters; Recipe 19.10 on using filters to disallow requests from certain IP addresses.  |
| [ Team LiB ] |
|
