442 CHAPTER 11 ADVANCED FILTERING TECHNIQUES The constructor creates an instance of VisAuditOutStream and passes the IP address and host name of client to the VisAuditOutStream constructor. It also creates a PrintWriter object based on the stream. The VisAuditOutStream will be used by static pages and servlets; the PrintWriter is used by JSP pages. The two other methods that the class overrides are getOutputStream() and getWriter(). These methods hand out your customized stream instead of the response s actual stream. The Filter Logic Finally, we get to the actual filter class in Listing 11-6, VisAuditFilter. You ll recognize the general organization from the preceding chapter s examples. Focus your attention on the doFilter() method. Listing 11-6. VisAuditFilter.java package com.apress.projsp; import java.io.*; import javax.servlet.*; public final class VisAuditFilter implements Filter { private FilterConfig filterConfig = null; public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { String clientAddr = request.getRemoteAddr(); String clientHost = request.getRemoteHost(); filterConfig.getServletContext().log(”in VisAuditFilter”); VisAuditResponseWrapper myWrappedResp = new VisAuditResponseWrapper(response, clientAddr, clientHost); chain.doFilter(request, myWrappedResp); PrintWriter writer = myWrappedResp.getWriter(); writer.close(); response.setContentType(myWrappedResp.getContentType()); ReplaceContentOutputStream rcos = (ReplaceContentOutputStream) myWrappedResp.getOutputStream(); byte[] result = rcos.getResult(); response.setContentLength(result.length); ServletOutputStream out = response.getOutputStream(); out.write(result);
Please visit our professional web hosting services to find out about cheap and reliable webhost service that will surely answer all your demands.

CHAPTER 11 ADVANCED FILTERING TECHNIQUES 441 a byte array as input this is the content written into the buffer by the downstream filters and processors. The return value is another byte array, which is the content that will be written to the client. In this case, the code looks for the closing tag to know where to insert the additional content. If the tag is found, the auditing information is added just before the end of the document. The Customized Response Wrapper Class The next class we ll define is the response wrapper called VisAuditResponseWrapper (Listing 11-5). It conveniently inherits from javax.servlet.http.HttpServletResponseWrapper. By using this wrapper class, we can readily wrap any HttpServletResponseobject and override only the methods that we want to customize. The HttpServletResponseWrapper class has provided trivial implementations of all the methods of the HttpServletResponse interface they all call the corresponding method of the class being wrapped. Listing 11-5. VisAuditResponseWrapper.java package com.apress.projsp; import java.io.PrintWriter; import javax.servlet.*; import javax.servlet.http.*; public class VisAuditResponseWrapper extends HttpServletResponseWrapper { private PrintWriter tpWriter; private VisAuditOutStream tpStream; public VisAuditResponseWrapper(ServletResponse inResp, String inAddr, String inHost) throws java.io.IOException { super((HttpServletResponse) inResp); tpStream = new VisAuditOutStream(inAddr, inHost); tpWriter = new PrintWriter(tpStream); } public ServletOutputStream getOutputStream() throws java.io.IOException { return tpStream; } public PrintWriter getWriter() throws java.io.IOException { return tpWriter; } }
Check Tomcat Web Hosting services for best quality webspace to host your web application.

440 CHAPTER 11 ADVANCED FILTERING TECHNIQUES The VisAuditOutStream Class Your custom stream is called VisAuditOutStream (see Listing 11-4), which inherits from a class called ReplaceContentOutputStream (Listing 11-7). ReplaceContentOutputStream is a utility library (abstract) class for creating custom streams to be used in response wrapping. It takes care of buffer management and intercepting the write, close, and flush calls by the downstream filters and processors. You will examine the source code for ReplaceContentOutputStream a little later. The constructor of your VisAuditOutStream takes the output stream to wrap as the first parameter. The second and third parameters contain the IP address and host name of the client accessing the page, and are passed directly from the filter when the custom stream is created. Listing 11-4. VisAuditOutStream.java package com.apress.projsp; class VisAuditOutStream extends ReplaceContentOutputStream { String addr; String host; public VisAuditOutStream(String inAddr, String inHost) { addr = inAddr; host = inHost; } public byte[] replaceContent(byte[] inBytes) { StringBuffer sb = new StringBuffer(inBytes.length); String result = new String(inBytes); String srchString = result.toLowerCase(); int endBody = srchString.indexOf(”“); if (endBody != -1) { sb.append(result.substring(0, endBody)); sb.append(”
Big Brother is watching you. “) .append(”You have accessed our page from “).append(addr) .append(” and on a machine called “).append(host) .append(”
“) .append(result.substring(endBody)); } else { sb.append(result); } return sb.toString().getBytes(); } } The single method that a child class must override, because the method is declared abstract in ReplaceContentOutputStream, is the replaceContent() method. This method takes
We would like to recommend you tested and proved virtual web hosting services, which you will surely find to be of great quality.

CHAPTER 11 ADVANCED FILTERING TECHNIQUES 439 Figure 11-4. This sequence diagram shows how the various VisAudit classes cooperate to filter the response from a web component. Note that you must wrap the response with your own custom version during the request s inbound trip, before you call Chain.doFilter(). In fact, the following happens: 1. The filter supplies a custom wrapped version of the response to downstream filters when it calls the Chain.doFilter() method. 2. This custom wrapped response object hands down a custom OutputStreamor PrintWriter object that is actually a byte array managed in your own code. 3. When downstream filters, or the resource processor, write to your custom OutputStream or PrintWriter, you re buffering all the output. 4. When downstream filters, or the resource processor, flush or close your custom OutputStream or PrintWriter, you examine the buffered output for the closing tag and insert your auditing information just before it (if found). Any downstream filters on the inbound trip (including the actual resource processor) are writing their data into your custom stream. Of course, it s possible that some other downstream filters may perform further wrapping of your custom response with one of their own. The filter-chaining mechanism supports this successive nested wrapping of the response (and the request) as a means of multiple layers of content interception. In this case, your custom response wrapper object will add the Big Brother is watching you visual audit message to all resources that are accessed through this filter. End users will see this auditing message at the bottom of every resource that they access and won t be able to tell that the output originates from a filter. Now let s examine the source code for this filter.
Please visit our professional web hosting services to find out about cheap and reliable webhost service that will surely answer all your demands.

438 CHAPTER 11 ADVANCED FILTERING TECHNIQUES wrapper object) after the resource has completed processing the request. Figure 11-2 illustrates the interception. Figure 11-2. To allow upstream processing of a response, the standard response object is contained inside a response wrapper. In the VisAuditFilter example, you ll use your own custom OutputStream class (VisAuditOutputStream) and a wrapped response class (VisAuditResponseWrapper). The classes you ll use and their relationships are shown in Figure 11-3. Figure 11-3. This UML class diagram illustrates the classes in the VisAudit Filter example. Together, these classes will intercept the output of the web resource added to the auditing information footer. The interaction diagram in Figure 11-4 shows how this interception is carried out.
In case you need quality webspace to host and run your web applications, try our personal web hosting services.

CHAPTER 11 ADVANCED FILTERING TECHNIQUES 437 Figure 11-1. A request from a client constitutes the downstream (inbound) trip of a request/response cycle. The response from a web application constitutes the upstream (outbound) trip. Filter 1: A Visual Auditing Filter The first filter that you ll tackle is similar to the AuditFilter that you developed toward the end of Chapter 10. Like the AuditFilter, it will be deployed by using the following web.xml fragment: VisAudit Filter com.apress.projsp.VisAuditFilter VisAudit Filter /* Unlike the previous AuditFilter, instead of quietly writing the audit information to the log, this filter will include the auditing information in the output of the resource. Figure 11-5 in the section Configuring and Testing the Filter shows an example of this filter being applied to a JSP web page. Note the audit information at the bottom of the page this information is inserted by the filter, and it changes with every access to the page. Wrapping the Response Object for Content Modification The crucial concept to understand from this example is custom response wrapping. This is also one of the most difficult techniques to grasp for novice filter programmers. In custom response wrapping, you provide your own implementation of a custom response object to downstream filters and resources, with the response object that was passed to you wrapped inside. This means that you can modify the response content (inside your custom response
Looking for affordable and reliable webhost to host and run your business application? Then look no more and go to servlet web hosting services.

436 CHAPTER 11 ADVANCED FILTERING TECHNIQUES The Deployment Descriptor Now we need to create a deployment descriptor for this simple web application. Listing 11-3 shows a simple version of web.xml that will get us started. As we proceed through the chapter, we will add more entries to it. Listing 11-3. web.xml Pro JSP Example Filters 2 findprod com.apress.projsp.FindProd findprod /findprod A Brief Word on Terminology Before you read any further, let s clarify some of the terminology that is used throughout this chapter. Figure 11-1 shows a request from a client as the request flows through a set of filters and is handled by a web resource. Notice that Figure 11-1 shows filter 3 being applied twice to the request/response cycle. Although this is not a common practice, it is technically possible. For example, you could have an adapter filter that modifies a request. Using initialization parameters, you could control how the filter modifies the request. Thus one instance of the filter could modify one aspect of the request, and a second instance of the same filter could modify a different aspect of the request. The request originates from the client and goes through a chain of filters before reaching the final resource processor in this figure. First, the request travels from the client, through the first filter, through the second filter, and so on. We call this the downstream, or inbound, trip. The downstream trip is always toward the final goal: the resource processor. After the resource processor has finished with the request, a response then will travel upstream, or outbound, back through all the filters and onward to the client. Upstream trips are always away from the resource processor and toward the client. New to Servlet 2.4 is the ability of filters to participate in the forward and include redirection requests of the request dispatcher. This is a very important advance architecturally. We discuss this new feature in depth in the last section of this chapter.
Please visit our professional web hosting services to find out about cheap and reliable webhost service that will surely answer all your demands.

CHAPTER 11 ADVANCED FILTERING TECHNIQUES 435 The FindProd JSP Page Let s start with a simple JSP page. Listing 11-1 shows FindProd.jsp, which you may recall from the previous chapter. This trivial JSP page is used to test the handling of JSP resources. Listing 11-1. FindProd.jsp

You have submitted as the ${param.DEPT} department!

This JSP page prints out a message containing the department name by using EL and expects the client to supply the DEPT parameter. In a new web application, we would control the client that calls FindProd.jspto ensure that it does supply the required parameter. (In Chapter 10, we did that by specifying the URL to be entered to access the resource.) The FindProd Servlet Now we ll simulate a legacy resource. Listing 11-2 shows a servlet named FindProd. This servlet simulates a legacy resource being accessed by a user. It s hard-coded to display the DEPT parameter (department information). We re going to assume that we ve had the opportunity to update the servlet to process this department information. However, we re also going to assume that the legacy clients are out of our control, so they can t be updated to provide the department information. Later, we ll create a filter that automatically provides this parameter even though the client system accessing the legacy resource doesn t know how to supply it. Save this code in the WEB-INFclasses directory. To compile the servlet, you ll need to add Tomcat s servlet-api.jar file to your CLASSPATH. Listing 11-2. FindProd.java package com.apress.projsp; import javax.servlet.http.*; import java.io.*; public class FindProd extends HttpServlet { public void doGet(HttpServletRequest req, HttpServletResponse res) throws java.io.IOException { res.setContentType(”text/html”); PrintWriter out = res.getWriter(); out.println(”“); out.println(”

You have called from the ” + req.getParameter(”DEPT”)); out.println(” department!

“); out.close(); } }
Check Tomcat Web Hosting services for best quality webspace to host your web application.

434 CHAPTER 11 ADVANCED FILTERING TECHNIQUES First we ll present the functionality and design considerations for each filter. Then we ll provide the actual code, annotated with detailed comments highlighting the design issues addressed. Finally, we ll give detailed deployment, configuration, and testing information for each filter. Many filter applications fall into one or more of the five problem domains, so the code we ll present serves as a base for your own filter development. Furthermore, during the development of several of this chapter s filters, we ll pause to cover the main techniques used in filter programming. These are the very same filter application patterns that you ll see again and again when designing filters they re an encapsulation of the type of work that a filter can perform, on a conceptual level. An understanding of these patterns can prove helpful in your own experimentation and application of filters. Table 11-2 lists the techniques used in the various filter examples of this chapter. Table 11-2. Techniques and Filters Covered in This Chapter Technique Illustrated Filter Transforming incoming request headers Adapter filter Stopping downstream request flow Authorization filter Authentication filter Generating response Authorization filter Authentication filter Transforming outgoing response content Auditing filter Dynamically adapting filter behavior based on incoming requests Authentication filter Wrapping request objects Adapter filter Wrapping response objects Auditing filter Adding to or modifying the attributes of a request in a processing Pipeline processing filter pipeline Authentication filter Interacting with the request dispatcher s include() and forward() Pipeline processing filter actions Be warned that this chapter is extremely code intensive. By the end of the chapter, you ll be fluent in filter concepts, design, and programming. To boot, you ll have an extensive code framework and library to start your filter projects immediately. Setting Up the Development Environment If you download the code for this book, you will find that most of the code for the filters in this chapter is in a package called com.apress.projsp. The classes are located under the filters2WEB-INFclasses directory. In this chapter, several resources will be used to show the results of filter processing. As with Chapter 10, for the most part we won t care about the actual resource, so the processing done by the JSP or other resource will be minimal.
We would like to recommend you tested and proved virtual web hosting services, which you will surely find to be of great quality.

Advanced Filtering Techniques CHAPTER 11 In the previous chapter, we discussed Servlet filtering. Filtering offers the ability to intercept and process requests and responses before and after processing by the underlying resource. Filters can add great value to many Java EE web applications by transforming the behavior of existing servlets, JSP pages, or even static pages. Chaining multiple filters together combines their transformations, offering the application developer or deployer great flexibility when configuring the final behavior of a web application. Now that you ve built and configured some simple filters in the preceding chapter to experiment with the basic concepts, you ll turn your attention to the more advanced techniques used in applied filter programming. This chapter is a cookbook for the application of filters. Our goal is to deliver sample code that covers a broad spectrum of the most frequently applied areas for filters. We ve designed each sample to illustrate several subtleties or important points to consider when you program each type of filter. Filters for Five Problem Domains You ll build, test, and deploy five filters in this chapter. These five filters, as shown in Table 11-1, cover five problem domains that you might encounter while developing web applications. These are not the only domains where filters might be useful. However, looking at these five filters will give you the tools to develop filters for many other possible uses. Table 11-1. The Five Filters Developed in This Chapter Application Domain Filter Sample Auditing A visual auditing filter that includes audit information inline with every resource that it services Authorization A filter that disallows access to the server during certain hours of the day Adapter (legacy) An adapter filter that allows newly formatted queries to work with a legacy set of resources Authentication An ad hoc authentication filter that can add simple login protection to any (group of) resources Pipeline processing A data-processing filter that takes advantage of the request flow along the processing pipeline 433
Looking for affordable and reliable webhost to host and run your business application? Then look no more and go to servlet web hosting services.