Servlet Filter API
A filter is an object used to execute filtering operations, such as conversion, logging, compression, encryption and decryption, input validation, and many more. When an application is pre-and post-processed, the invoked object is filtered.
<!--more-->
Filters are configured and used when performing filtering activities. The filter interface is found in the javax.servlet package.
To create a Filter class, we have to import javax. servlet and implement the Filter interface. Several filters can be created to perform different tasks according to the user and developer specifications.
Goal
The reader should be able to understand the following after reading this article:
- A servlet Filter's definition.
- The advantages of using filters.
- The Filter interfaces, such as the
Filterinterface, theFilterConfinginterface, and others. - Methods associated with the above interfaces and their functionalities.
- Using examples, learn how to use filters in a computer program.
Prerequisites
You will need the following tools to follow along with this article:
- Eclipse or another open-source Java editor should be installed on your machine.
- A web browser installed.
- Install the TomCat server or any other server. In this case, we will use TomCat version 9.
- A basic understanding of Java programming language.
- A basic understanding of a servlet is needed.
- Solid knowledge of building and running Java code using any Java IDE, Tomcat, or similar server.
Table of contents:
- What are Servlet Filters and How Do They Work
- Filter usage and its advantages
- Filter API
- Filter
- FilterChain
- FilterConfig
- Authentication Example using Filter
- Conclusion
What are servlet filters, and how do they work
Servlet filter definition
Filters are Java classes that perform and customize filtering operations and is accomplished by:
- Intercepting client requests before they get to a back-end resource
- To alter server responses before sending them back to the client.
How Servlet Filters Works
Explanation:
- When a request enters the Web Container, it is checked to see whether any filters have URL patterns that match the incoming URL.
- The Web
Containersends requests to the first filter with a matching URL pattern to execute its function.
The first filter then checks if a second Filter is available with matching URL, and the code of that filter is run, which will continue until no more filters with URL patterns match are found.
If there are no errors, the request is forwarded to the destination Servlet. As a result, we know that the request will only be delivered to the destination servlet after completing all relevant Filters successfully.
The servlet returns the response to the caller, and then the response is delivered to the Web Container, who then passes it on to the client.
Filter usage and its advantages
Filters are used in the following fields:
- Verification.
- Image Conversion.
- Compression of data.
- Encryption.
- Auditing and logging, to name a few.
Filter usage
We can come with the following usage of the filter based on the application areas mentioned above:
- Compression of data.
- Keeping track of all inbound requests.
- Assists in the activation of resource access events.
- Used in encryption and decryption of data.
- Used in the validation of input.
- Conversion.
Advantages
- Filters can be changed or replaced with a different Filter. In this case, the filter is pluggable.
- There is no dependent on another resource for one of the filters.
- Filters require less upkeep.
Filter API
The servlet filter has its API, namely: Filter, FilterChain, and FilterConfig explained as follows.
Filter
We must implement the Servlet 'Filter' Interface, part of the javax. servlet package to create a filter.
Creating a filter
The following steps are to create a Filter program:
- Create a Java class that implements the interface
Filter. - Set up the filter parameters.
- Finally, do a filter mapping.
Methods
void init(): Theinit()method initializes Filter parameters; it informs the web container that a filter needs to be activated. Only one parameter is required, namely,
public void init(FilterConfig parameterName) throws ServletException
void doFilters(): This method is the most significant in the Filter interface and calls the next filter.
It requires three parameters:
- ServletRequest obj
- ServletResponse obj
- FilterChain obj, implemented as follows:
Public void doFilters(ServletRequest request, ServletResponse response,FileterChain chain)throws ServletException,IOException
void destroy(): This method denotes that the filter has completed its duty or been removed from service. Users can override this method to write finishing logic, such as releasing resources, objects, and many more.
FilterChain
FilterChain's object is passed to the Filter interfaces when executing the next filter or resource in the chain.
Method.
void doFilter(): This method is only available in theFilterChaininterface and used when calling the followingFilterand passing all resources that are required:
public void doFilter(HttpServletRequest request, HttpServletResponse response);
FilterConfig
The web container generates a FilterConfig object to retrieve configuration information from the web.xml file.
FilterConfig interface methods
In the FilterConfig interface, there are four methods:
void init(): This method is only called once and is used to set up the filter.String getInitParameter: The parameter value for the parameter name provided is returned by this method.getInitParameterNames(): This method returns a list of all type enumeration parameter names.getServletContext(): This method returns theServletContextobject.
Authentication example using filter
This example demonstrates how a Filter is used to achieve authentication. We are using two filters here: one to verify if a password is more significant than seven characters, and the other to check the user name and password supplied by the user.
Filter 1 will forward the request to a second filter if the password length is correct. Otherwise, an error notice will appear.
If the user name and password are correct, the second filter will route the request to the Servlet page; otherwise, an error message will be displayed.
Steps to create authentication example
We assumed you already know how to use the eclipse IDE and configure the Tomcat server in this example.
Step one: Authentication example - dynamic web project
Open Eclipse IDE for Java EE developers. Create a web project by selecting Files -> New -> Dynamic Web Project and provide a project name. We will name it Authentication Example, -> select Finish.
Step two: Creating a login HTML page
By right-clicking on the Authentication Example in the Project Explorer, select new -> HTML file option -> finish by giving your HTML page a name. We'll call it login.html, in this case.
<!DOCTYPE html>
<html>
<head>
<meta charset="ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<form action="logInAction" method="post">
<input type="text" name="userName" placeholder="Enter user name" required>
<input type="password" name="uPassword" placeholder="Enter password" required>
<input type="submit" value="login">
</form>
</body>
</html>
Step three: Creating filter one and the 'com. demo' package
Create a package by right-clicking Authentication Example, selecting a new -> package, and finish by providing a package name of your choice. In this case, we will call it com. demo.
To navigate into the package you have created above, expand src/main/Java.
Right-click on the com. demo package on the Authentication Example Project, select new -> Filter and finish by giving your filter class a name. We will call it CheckPassword in this case.
package com. demo;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
@WebFilter("/logInAction")
public class CheckPassword implements Filter
{
public CheckPassword()
{
}
public void destroy()
{
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
{
HttpServletRequest reg=(HttpServletRequest)request;
PrintWriter out =response.getWriter();
String uPassword=request.getParameter("uPassword");
if(uPassword.length()>7)
{
chain.doFilter(request, response);
}
else
{
out.print("Password characters must be atlist 8");
}
}
public void init(FilterConfig fConfig) throws ServletException
{
}
}
Step four: Creating filter 2
Right-click on the com. demo package on the Authentication Example Project, select new -> Filter and finish by giving your Filter class a name. We will call it CheckCredentials in this case.
package com. demo;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
@WebFilter("/logInAction")
public class CheckCredentials implements Filter
{
public CheckCredentials()
{
}
public void destroy()
{
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
{
HttpServletRequest reg=(HttpServletRequest)request;
PrintWriter out =response.getWriter();
String userName=request.getParameter("userName");
String uPassword=request.getParameter("uPassword");
if("Africa".equals(userName)&& "12345678".equals(uPassword))
{
chain.doFilter(request, response);
}
else
{
out.print("Wrong credentials");
}
}
public void init(FilterConfig fConfig) throws ServletException
{
}
}
Step five: Creating the Servlet page
Right-click the com. demo package in the Authentication Example Project, choose to create -> Servlet and name your servlet class. We'll call it AuthenticationDemo, in this case.
package com.demo;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@WebServlet({ "/AuthenticationDemo", "/logInAction" })
public class AuthenticationDemo extends HttpServlet
{
private static final long serialVersionUID = 1L;
public AuthenticationDemo()
{
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
PrintWriter out =response.getWriter();
out.print("Welcom");
}
}
Right-click on the login.html page. Choose Run As-> Run on Server -> Login.html from the context menu of the login.html page. To launch the project, save all modifications and restart the server.
In the internal browser, a menu will open, inviting you to input the user name and password we specified on the CheckCredentials page, as shown.
String uPassword=request.getParameter("uPassword");
if("Africa".equals(userName)&& "12345678".equals(uPassword))
{
chain.doFilter(request, response);
}
Conclusion
In conclusion, we have seen how Filters work, their functions, the benefits of using them, and the three interfaces that are available on Filters, namely:
- Filter
- FilterConfig and
- FilterChain interface.
If certain conditions are met in a given Filter, the user content is sent to the next Filter or Servlet; if not, the error message is returned.
We used two filters in our example, one to check the password length and another to ensure that the user credentials are accurate.
Finally, this article will give you a solid foundation of Filters. To improve your understanding and enhance your coding skills, start exploring more.
Happy coding!
Peer Review Contributions by: Briana Nzivu
