Christian Web Host - J2EE Hosting Sun Java, Mysql5, Java, Jsp, Servlet Developing Blog

CHAPTER 10 INTRODUCTION TO FILTERING 421 The very first version of Tomcat to support the Servlet 2.5 specification is Tomcat 5. While the 4.x series of Tomcat supports filters, the Servlet 2.4 functionality (namely support for filtering the request dispatcher pipeline) will be available only in the 5.x versions. Our First Filter SimpleFilter Before coding your first filter, let s take a quick look at one additional interface that you ll be using within the filters sample. The ServletContext Interface Using the getServletContext() method on the javax.servlet.FilterConfig object, the filter can obtain a reference to the current ServletContext that it s executing under. There is a ServletContext for each running web application. Because of this single-instance nature, the ServletContext is frequently used for sharing information globally. Using this reference, the filter can utilize the context s logger service. It can also use this interface to attach arbitrary attributes to the context during runtime. An attribute can be an arbitrary object associated with a String name. Attaching attributes to ServletContext is a popular way to pass information between processing agents during runtime. For example, state information can be passed between filter instances by using these attributes. Here are several of the most frequently used methods by filter writers, and you ll see them used in the sample filters later: Object getAttribute(String name): Obtains the value of a named attribute void setAttribute(String name, Object object): Attaches a named attribute to the ServletContext void removeAttribute(String name): Removes a previously attached attribute Enumeration getAttributeNames(): Returns a java.util.Enumerationconsisting of the names of all the currently attached attributes You ll need to write to the log file in your filters, using the following methods of the ServletContext object: void log(string msg): Writes a string to the currently active logging facility associated with the context void log(String msg, Throwable throw): Writes a string and a stack trace to the log Coding the Filter Your first filter is called SimpleFilter. Listing 10-1 shows the source code for SimpleFilter, which implements the Filter interface. To compile this class, you ll need to include the appropriate library JAR for the servlet API. This JAR is named servlet-api.jar and is located in the Tomcat commonlib directory. This simple filter won t do anything useful for now. It will simply make a log entry before calling FilterChain.doFilter()and another one right after it.
From our experience, we are can tell you that you can find a reliable and cheap webhost service at Java Web Hosting services.

420 CHAPTER 10 INTRODUCTION TO FILTERING filters.StopGamesFilter
starthour 8
stophour 22 Stop Games Filter For Engineering Department filters.StopGamesFilter
starthour 8
stophour 9 Interaction with the Filter Life Cycle When working with filter initial parameters, it s important to bear in mind that these parameters are set only once per filter instance: when the filter instance is first instantiated and before the arrival of the first filtered request. Subsequently, all new requests will be processed through the same filter instance potentially concurrently via multithreading. In containers that use multiple Java VMs, there will be one instance of a declared filter per container Java VM. You can use filterConfig.getInitParameter()to obtain the initial parameters values from inside the doFilter() method when you need them. The handling of these initial parameters is very similar to servlets parameter handling. If a filter instance is removed from service by the container (say, due to server system load), the container is responsible for ensuring that a new instance is created and initialized to process any future requests. Such removals and reinstantiations should be completely transparent to the filter creator. This concludes the initial conceptual coverage of filters. It s time to get your hands on some code and implement your very own filter. Hands-On Filter Development In this section, you ll discover how to set up a development and testing environment for filters. You ll also code, configure, and test some simple filters in this environment.
Searching for affordable and reliable webhost to host and run your web applications? Go to our java web server services and you will be pleased.

CHAPTER 10 INTRODUCTION TO FILTERING 419 Finally, an incoming request for http://tomcathost/myapp/servlet/mylocate will have the following filters applied in order: Audit Filter Authentication Filter Visual Audit Filter Initial Parameters for Filters You can specify as a child element of to provide initial parameters for the filter instance, as in the following snippet. This web.xml file segment controls the hours that the Stop Games Filter may operate (this filter blocks game playing): Stop Games Filter filters.StopGamesFilter
starthour 10
stophour 11 The container will associate the textual name Stop Games Filterwith the StopGamesFilter filter class. The parameters are accessed within the filter and instruct the filter to restrict gaming activities between 10 and 11 a.m. by default. The starthour and stophour will be accessible within the filter via a call to the FilterConfigobject: String startHour = filterConfig.getInitParameter(”starthour”); String stopHour = filterConfig.getInitParameter(”stophour”); Initialization for Multiple Instances of Same Filter Note that a container will create an instance of a filter for each definition encountered within the application. You can therefore define two instances of the same filter within the same web application each with different initialization parameters. Of course, the two instances should have different textual names. For example, you may want to set up an instance of a StopGamesFilter to block access from 8 a.m. to 10 p.m. for the Administration department, and another instance to block access from 8 a.m. to 9 a.m. for the Engineering department, (because if you don t block access, the engineers will play games right through breakfast): Stop Games Filter For Administration Department
We recommend high quality webhost to host and run your jsp application: christian web host services.

418 CHAPTER 10 INTRODUCTION TO FILTERING The filter application order has been determined by the order that the elements occur in the web.xml file. For example, consider the following set of filter mappings: Audit Filter /* Authentication Filter /* In this case, both Audit Filter and Authentication Filter are mapped to all resources served by this server both filters will be applied to all resources. The order of application will be Audit Filterfollowed by Authentication Filter. Remember that the order of chained filter execution on the incoming request is down the filter stack, whereas the order of chained filter execution on the outgoing path is up the filter stack. Given an incoming request, the container will go through the list of filter mappings to determine which filter to apply on a per-request basis. For example, say you have the following filter mappings defined in order: Audit Filter /* Authentication Filter /servlet/* Visual Audit Filter mylocate An incoming request for http://tomcathost/myapp/index.html will have the following filter applied: Audit Filter In contrast, an incoming request for http://tomcathost/myapp/servlet/listprodwill have the following filters applied in order: Audit Filter Authentication Filter
Looking for affordable and reliable webhost to host and run your business application? Then look no more and go to servlet web hosting services.

CHAPTER 10 INTRODUCTION TO FILTERING 417 This wrapped-response object can then provide its own version of OutputStream and PrintWriter for downstream filters or resources to work on. You ll delve into these wrapped- response and wrapped-request mechanisms in the next chapter. When working with dispatched requests, note that wrapped-response and wrapped- request objects will be passed down the processing chain except in the case of an error dispatch. In this case, it s the original container-generated request and response that will be passed to the error-processing resource (and any filters that may be associated with it). This is necessary because of the asynchronous nature of the error-handling mechanism. Tip Custom wrapped-response and wrapped-request classes can be used to provide downstream processors with enhanced functionality (through special extended APIs) not available with the default response or request classes. In these cases, the filter and processing resources must cooperate with one another. Mapping Requests Through a Filter Chain The order of elements in the web.xmlfile is significant. This is the order in which the container will build filter chains. Therefore, filter declarations within web.xml must be in the order that you want them to be applied to a resource. Applying filter A and then filter B to a request will not necessarily result in the same outcome as applying filter B followed by filter A. When the order of chaining for the same set of filters is changed, the final result can be completely different. This typically happens when a downstream filter depends on the result of an upstream filter for proper operations. For example, imagine a filter that transforms XML data from a resource to HTML by using XSL Transformations (XSLT), and another filter that translates the HTML document via cascading style sheets, level 1 (CSS1, another stylesheet language, typically for HTML). As shown in Figure 10-11, if you place the XSLT filter first in the chain, the XML resource will be translated to HTML and subsequently formatted by the CSS1 filter. If you place the CSS1 filter first, however, it won t work on the XML data (see Figure 10-11). As a result, only the XSLT transformation will be applied in this chain. Figure 10-11. In some cases, the order in which filters are applied can make a difference in
We recommend cheap and reliable webhost to host and run your web applications: Coldfusion Web Hosting services.

416 CHAPTER 10 INTRODUCTION TO FILTERING Note that the mechanism of chaining is inherently different from most other conventional filtering or server extension mechanisms (such as Apache modules and Microsoft s Internet Information Server and Internet Server API). Unique Properties of Filter Chaining Note the following interesting properties regarding this approach to extending server functionality: Each of the FilterChain.doFilter() method calls are stacked upon one another, so program flow is blocked in a nested fashion across all the filters involved. After the actual resource access, the FilterChain.doFilter() method on the chain s last filter returns. At this point, the response object is filled with header information and content from the actual resource access. This last filter now has the freedom to examine and modify the response header and body content at will. When the filter finishes, the thread of execution will return from doFilter(). The next filter up the chain then gets a chance to process the response, and so on. The logic in a filter s doFilter()method has full access to the request in its incoming flow, prior to the FilterChain.doFilter() call. The logic in a filter s doFilter()method has full access to the response in its outgoing flow, after the FilterChain.doFilter() call. The local variables declared within the doFilter() method are consistent and available to both the incoming flow-processing logic and the outgoing flow-processing logic because the same thread will be executing both pieces of the logic. These properties of the chaining mechanism are perhaps the hardest filtering concepts to understand. In essence, filter chaining is not a call and forget mechanism provided by container intervention, but rather a nested call mechanism assisted by the container. Of course, you must realize that even though filter chaining is built into every filter, the processing logic within the filter is not obliged to chain to the next filter. In fact, this is one major application area for filters blocking access to the actual resource. For example, an authorization filter can determine that the client isn t allowed to access a resource and can generate a refusal response all on its own without further chaining. A Fly in the Filtering Ointment The avid reader (and indeed experienced JSP and servlet programmer) will realize that not all containers buffer their resource response in the response object after the resource completes processing. JSP pages and servlets may write and flush their output stream as the response is generated. This places dubious value on the processing window that each filter gets during a response s return trip through the filter chain. Although this processing window is perfect for resources and containers that do encapsulate the entire output in the response object, you must also deal with the reality of those that don t. The way that filters deal with processing resources that generate output on the fly is via a customized wrapped-response object. That is, the filter will pass a specialized version of the response object to the FilterChain.doFilter() method instead of the one that it received as its invocation parameter.
From our experience, we are can tell you that you can find a reliable and cheap webhost service at Java Web Hosting services.

CHAPTER 10 INTRODUCTION TO FILTERING 415 Figure 10-10. The design of the Filter API provides an inherent chaining capability. The container works with each filter to filter and process the request as specified in the deployment descriptor. Here is an explanation of what happens: 1. The container parses the filter mappings defined in the web.xml file of the application. 2. A request arrives, accessing a resource in the application. 3. The container determines the filter chain that will be applied to this request. 4. The container invokes the doFilter()method of the first filter in the chain, passing in the request, a response (holder), and a FilterChainobject reference. The container loads the filter chain information into the FilterChain object that is passed in. 5. The filter performs its doFilter()logic. 6. The filter completes its filter logic and calls the doFilter() method of the FilterChain object reference, passing in the request and response. All filters are required to do this, because all filters are intrinsically chainable. 7. Logic in the doFilter() method of the FilterChain object calls the doFilter() method of the next filter chain to be called. Steps from step 4 are repeated until the last filter in the chain has completed its work. The FilterChain.doFilter() call on the last filter in ce to occur.
Searching for affordable and reliable webhost to host and run your web applications? Go to our java web server services and you will be pleased.

414 CHAPTER 10 INTRODUCTION TO FILTERING For any single filter mapping, you can specify one or more of these values, thereby allowing fine-grained control over filter action. Using these values enables you to apply some filters under all circumstances and selectively apply others. Error Filters Using ERROR as the value of the element will cause the filter to be called whenever a request is forwarded to an error-handling resource. This use of the element enables specific filters to be configured to work with the error-handling resource the filters will be applied before the request reaches the actual error-handling resource. Filter Chaining Chaining is the action of passing a request through multiple filters in sequence before accessing the resource requested. For example, you may want an authentication filter on an XML-based resource that is also processed by an XSLT transformation filter. The good news is that all filters are inherently chainable. Unlike most other chaining mechanisms, however, filter chaining also means passing the response from the resource back through the chains of filters in the reverse order. This is an important concept and is an essential component in the versatility of filters. The FilterChain Interface The container and the filter implementation work together to ensure that every filter is chain- able. This is done through a filter chain object that implements the javax.servlet.FilterChain interface. This filter chain object is passed into the core doFilter()method of a filter by the container. This object allows the filter to directly call the next filter in the chain after its own processing. The interface contains this doFilter()method: public void doFilter(ServletRequest req, ServletResponse res) throws IOException, ServletException Calling this method invokes the doFilter() method of the next filter in the chain. If the filter is the very last filter in the chain, the actual resource processing will occur. This method doesn t return until all downstream filters have returned from their doFilter() calls. Also note that from the point of view of the filter, all of the nonfilter logic request processing is folded into the call to the doFilter()method of FilterChain. This allows us to do something that is typically very difficult to perform in other request/response intercepting mechanisms. Because all the processing of the request and response occurs in the same doFilter() method and in the same thread, we can easily share variables between the preprocessing and the postprocessing logic. All Filters Are Chainable Compatibility with filter chaining is an integral requirement of every filter. Filter chaining is provided by a series of interactions between the container and the filter. Figure 10-10 is a UML diagram of the interactions.
In case you need affordable webhost to host your website, our recommendation is ecommerce web host services.

CHAPTER 10 INTRODUCTION TO FILTERING 413 Figure 10-9. Zero or more filters can be applied to the request and response when a resource forwards a request to another resource. Filter interactions with the dispatcher are controlled by the subelement of , as you saw earlier. Let s take a more detailed look at this new subelement. The Element The subelement in is optional. If omitted, the declaration is backward compatible with Servlet 2.3 containers. In this case, the mapped filter will work only on the request level, and not when the request is dispatched via a request dispatcher. This compatibility mode is entirely equivalent to specifying the following segment: F1 /* REQUEST REQUEST, FORWARD, INCLUDE, or ERROR Values Table 10-2 shows the allowed values inside a element. Table 10-2. Valid Subelements of the Tag Value Description REQUEST Enables filter mapping for incoming requests FORWARD Enables filter mapping for forwarded requests by using the request dispatcher INCLUDE Enables filter mapping when the request dispatcher is used to include the output of multiple processing resources ERROR Enables filter mapping when the request is forwarded to an error-handling resource
Note: In case you are looking for affordable and reliable webhost to host and run your j2ee application check Vision J2ee Web Hosting services.

412 CHAPTER 10 INTRODUCTION TO FILTERING Figure 10-8. When a resource in a Servlet 2.4 or 2.5 container includes another resource, zero or more filters can be applied as part of the include action. Now filters can be applied in-between the first processing resource and any included resources. For example, if the first JSP page included the output from multiple JSP pages or servlets, filters could be applied to each included resource. Next, you ll look at the case when the request dispatcher forwards processing to a web resource. Consider the following filter mapping: F1 /* REQUEST FORWARD F2 /* REQUEST FORWARD F3 /* REQUEST FORWARD In this case, the filter chain will operate on both the standard request processing and the forwarded web-resource processing, as shown in Figure 10-9. This time the first web resource uses the request dispatcher s forwarding capability. The resource that the request is forwarded to is responsible for generating the actual output for the client. Here, the filter is applied before the primary web resource, and before the resource being forwarded to.
In case you need quality webspace to host and run your web applications, try our personal web hosting services.