As in above image the request is first processed by the servlet filter. Then servlet filter decides what to do next. It may
☛ forward the request to the target servlet
☛ forward to another servlet or jsp
☛ forward to next filter (If there are multiple filters)
☛ decides to response to the request by itself
☛ etc.....
In following example I am going to show you how to create a simple servlet filter.This filter checks the clients IP address and let him to access the target servlet(HelloServlet) only if the IP is not contained in the prohibted IPs list.
First create a dynamic web project. I name it as FilterTest.
To create a servlet, right click the src folder ⇨ new ⇨ Servlet.
I name the servlet as HelloServlet and the package as test.serv.
Now change the doGet method of the servlet so that final view of your class would be as below. As you can understand we have overridden the doGet() method to send a html page saying "You are welcome".
package test.serv;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class HelloServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
PrintWriter writer = response.getWriter();
writer.println("<html>");
writer.println("<head>");
writer.println("</div>");
writer.println("<body>");
writer.println("<h1>You are welcome</h1>");
writer.println("<html>");
writer.close();
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
}
}
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class HelloServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
PrintWriter writer = response.getWriter();
writer.println("<html>");
writer.println("<head>");
writer.println("</div>");
writer.println("<body>");
writer.println("<h1>You are welcome</h1>");
writer.println("<html>");
writer.close();
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
}
}
package test.filter;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.*;
public class IPFilter implements Filter {
List<string> prohibitedIpsList = new ArrayList<string>();</string></string>
public void init(FilterConfig fConfig) throws ServletException {
prohibitedIpsList.add("127.0.0.1");
//You can add more ips here
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
String ipAddress = request.getRemoteAddr();
System.out.println("IP=" + ipAddress);
if(prohibitedIpsList.contains(ipAddress)) {
PrintWriter pw = response.getWriter();
pw.println("<html><head></head>><body><h1>
We don't trust you.</h1>
</body></html>");
pw.close();
} else {
chain.doFilter(request, response);
}
}
public void destroy() {
}
}
import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.*;
public class IPFilter implements Filter {
List<string> prohibitedIpsList = new ArrayList<string>();</string></string>
public void init(FilterConfig fConfig) throws ServletException {
prohibitedIpsList.add("127.0.0.1");
//You can add more ips here
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
String ipAddress = request.getRemoteAddr();
System.out.println("IP=" + ipAddress);
if(prohibitedIpsList.contains(ipAddress)) {
PrintWriter pw = response.getWriter();
pw.println("<html><head></head>><body><h1>
We don't trust you.</h1>
</body></html>");
pw.close();
} else {
chain.doFilter(request, response);
}
}
public void destroy() {
}
}
The first method that the servlet container calls after creating the Filter object is init(). In this method we are adding the prohibited IP addresses to the prohibitedIpsList. You can see we have overridden the doFilter() method. In this method we check whether the prohibitedIpsList contains clients IP address. If so the filter does not forward the message to the HelloServlet. Instead the filter itself send a HTML page to the client saying "We don't trust you.".
Now open the WEB-INF folder. You can find it inside the WebContent folder. In WEB-INF folder you can see the auto generated web.xml file. Open it. The content of the file will be as below.
Change the url-pattern of the HelloServlet and IPFilter to "/hello".
Finally the web.xml should looks like this.
Look at the web.xml. HelloServlet and the IPFilter both uses the same url-pattern. It means if a request come which matches to this url-pattern, both IPFilter and HelloServlet are responsible to serve it.
But who serves first?
Actually servlet container first deliver the request to the servlet filter. If there are multiple filters configured in web.xml which matches the sames url, then servlet container processes them in the order that they appear in the web.xml.
Now right click the FilterTest project and go to Run As ⇨ Run On Server.
Select tomcat server and click Finish.
The server will start and your application will be deployed in it.
Now open the web browser and enter this url.
http://localhost:8080/FilterTest/hello
Note that I assume that your Tomcat server is running at port 8080.
Since our local host address 127.0.0.1 is in our prohibited IP addresses list in IPFilter, you should get the following page.
If you remove the IP address 127.0.0.1 from the prohibited IP addresses list, it should show the following page which is sent you by the HelloServlet.
That is it.
Note:-
In web.xml, inside the the node, instead of specifying a url-pattern you can define a servlet name as below.
If you configured the filter as above it means all the requests which are sent to the HelloServlet should be processed by the IPFilter. Change the web.xml as above and run your project. The result will be the same.
Now open the WEB-INF folder. You can find it inside the WebContent folder. In WEB-INF folder you can see the auto generated web.xml file. Open it. The content of the file will be as below.
Change the url-pattern of the HelloServlet and IPFilter to "/hello".
Finally the web.xml should looks like this.
Look at the web.xml. HelloServlet and the IPFilter both uses the same url-pattern. It means if a request come which matches to this url-pattern, both IPFilter and HelloServlet are responsible to serve it.
But who serves first?
Actually servlet container first deliver the request to the servlet filter. If there are multiple filters configured in web.xml which matches the sames url, then servlet container processes them in the order that they appear in the web.xml.
Now right click the FilterTest project and go to Run As ⇨ Run On Server.
Select tomcat server and click Finish.
The server will start and your application will be deployed in it.
Now open the web browser and enter this url.
http://localhost:8080/FilterTest/hello
Note that I assume that your Tomcat server is running at port 8080.
Since our local host address 127.0.0.1 is in our prohibited IP addresses list in IPFilter, you should get the following page.
If you remove the IP address 127.0.0.1 from the prohibited IP addresses list, it should show the following page which is sent you by the HelloServlet.
That is it.
Note:-
In web.xml, inside the the
If you configured the filter as above it means all the requests which are sent to the HelloServlet should be processed by the IPFilter. Change the web.xml as above and run your project. The result will be the same.
No comments:
Post a Comment