How to Filter Requests & Responses with Java EE 8

No Comments
Java EE Servlet

We use filters a lot, whether, for image compression, logging, or authentication, they have been with us since J2EE 1.3, that’s in 2001!

Now before digging into Java EE 8, let’s check how we used to write filters until today.

The servlet api provides the interface javax.servlet.Filter  with 3 abstract methods to be implemented.

  • void init(javax.servlet.FilterConfig)
  • void doFilter(javax.servlet.ServletRequest, javax.servlet .ServletResponse, javax.servlet.FilterChain)
  • void destroy()

The init method is what the web container calls when creating the filter, we can also do some custom job inside the implementation. The destroy method is called by the web container to take the filter out of service, it useful for clear up some resources, however in many cases we had nothing to do with it, but it was just there. The doFilter method is the big daddy, it does the main filtering job that we need, we have access to the request and response, we can block the request or let it go through the chain. In the end, our Filter would look like this:

 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
package servlet;
 
import java.io.IOException;
 
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
 
@WebFilter(urlPatterns="/*")
public class MainFilter implements Filter {
 
    public void init(FilterConfig filterConfig) throws ServletException {
        //Do some init job
    }
 
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        chain.doFilter(request, response);
    }
 
    public void destroy() {
        //Do some destroy job
    }
}

Now let’s check Java EE 8!

The first change in Java EE 8 is that the init and destroy methods are no longer abstract, so at first sight, this means that for those cases where we had nothing to do with them, we no longer need to implement them.

A new addition to the family are classes called GenericFilter and HttpFilter. The GenericFilter is protocol-independent filter which can be extended (it already implements javax.servlet.Filter), it provides a set of useful methods such as:

  • String getInitParameter(String name)
  • Enumeration<String> getInitParameterNames()
  • ServletContext getServletContext()
  • void log(String msg)
  • String getFilterName()

The HttpFilter is an abstract class that extends the GenericFilter, it is the one to be used for Web Servlets, it adds another doFilter method but this time, instead of ServletRequest and ServletResponse as parameters, we have the HttpServletRequest and HttpServletResponse.

The future Filter would be something like this:

 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
package servlet;
 
import java.io.IOException;
 
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
 
@WebFilter(urlPatterns="/*")
public class MainFilter extends HttpFilter {
 
    private static final long serialVersionUID = 1L;
 
    protected void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws IOException, ServletException {
        chain.doFilter(req, res);
    }
}
Categories: Java, Java EE Tags: Tags:

Leave a Reply