How to Write Filters
By writing a Filter class you can analyze and modify a ServletRequest before it is processed by the container's regular dispatcher, and then analyze and modify the resulting ServletResponse. Filters can be chained, meaning the request and response may run through several filters before being processed by the original handler (which may be a servlet, JSP or the container's handler for static content).
The following filter writes all request parameters to the log:
package com.jarfiller.example;
import javax.servlet.*;
import java.io.*;
import java.util.*;
// Logs parameters of every request
public class LoggingFilter implements Filter {
private ServletContext ctx;
public void init(FilterConfig config) {
ctx = config.getServletContext();
ctx.log("LoggingFilter started");
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
for (String name: Collections.list((Enumeration<String>)request.getParameterNames()))
ctx.log(String.format("%s=%s", name, request.getParameter(name)));
chain.doFilter(request, response); // important! invoke the dispatcher (more)
}
public void destroy() {
ctx.log("LoggingFilter will destroyed now");
}
}
The filter's doFilter method is invoked for every filtered request. It allows the filter to manipulate the request and response before either the original handler or the next filter in the chain is being invoked explicitly via FilterChain.
Like servlets, filters need to be declared and mapped in your web.xml:
<filter> <!-- declares the Filter class --> <filter-name>logfilter</filter-name> <!-- name must be unique --> <filter-class>com.jarfiller.example.LoggingFilter</filter-class> </filter> <filter-mapping> <!-- maps the LoggingFilter --> <filter-name>logfilter</filter-name> <!-- must be the same as filter-name above --> <url-pattern>*.jsp</url-pattern> <!-- match all JSPs, --> <url-pattern>/work/*</url-pattern> <!-- plus everything in /work, --> <servlet-name>counter</servlet-name> <!-- plus the 'counter' servlet --> <dispatcher>REQUEST</dispatcher> <!-- filter regular requests (default if omitted), --> <dispatcher>FORWARD</dispatcher> <!-- filter forwards, --> <dispatcher>INCLUDE</dispatcher> <!-- filter includes, --> <dispatcher>ERROR</dispatcher> <!-- and filter errors --> </filter-mapping>
If several filter mappings match a request, they will be processed in the order of their declaration. Mappings for URL patterns are always processed before servlet name mappings.
Request/Response Wrapping
You can modify the request passed down the filter chain as well as the generated response by wrapping the request and response objects. The API provides you with two call-through wrappers, HttpServletRequestWrapper and HttpServletResponseWrapper, that you can extend. Note that even with those helper classes, writing a wrapper can be quite complex, especially if you want to modify the content body and thus also need to wrap the InputStream or OutputStream.
This example filter uses wrappers to remove all cookies from the request and also blocks any cookies the handler tries to set in the response:
package com.jarfiller.example;
import javax.servlet.http.*;
import javax.servlet.*;
import java.io.*;
// Removes cookies from request and response
public class CookieFilter implements Filter {
private ServletContext ctx;
public void init(FilterConfig config) {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
chain.doFilter(new NonCookieRequest(request), new NonCookieResponse(response));
}
public void destroy() {
}
static class CookieRemovingServletRequest extends HttpServletRequestWrapper {
public CookieRemovingServletRequest(ServletRequest request) {
super((HttpServletRequest)request);
}
public Cookie[] getCookies() {
return null; // no cookies visible
}
}
static class CookieRemovingServletResponse extends HttpServletResponseWrapper {
public CookieRemovingServletResponse(ServletResponse response) {
super((HttpServletResponse)response);
}
public void addCookie(Cookie cookie) {
// ignore!
}
}
}
Like Servlet implementations, filter classes can use the @Resource annotation.
