CODEWITHSUNDEEP
javaservletsjbossservlet-filters
Kostadin Georgiev
Kostadin Georgiev

Reputation: 895

Jboss filter can't catch all client's HTTP requests

I have a big problem with jboss servlet filters. I have created a filter for specific url-pattern, but the filter can't catch all requests to the pattern, only catch the OPTIONS HTTP request from client.

My filter is declared in web.xml like this:

<filter>
    <filter-name>loginFilter</filter-name>
    <filter-class>myFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>loginFilter</filter-name>
    <url-pattern>myPattern</url-pattern>
</filter-mapping>

The problem for me is why i can't catch all request from the client...

PS. I'm using this package com.sun.jersey.spi.container.ContainerResponseFilter, also filter is available in javax.ws.rs.container.ContainerResponseFilter. I don't know what is the difference between them...

Upvotes: 1

Views: 1780

Answers (1)

M..
M..

Reputation: 900

I think this is what the problem is:-

First of all you need to use a RequestFilter and not a ResponseFilter.

com.sun.jersey.spi.container.ContainerResponseFilter is a jersey 1.x filter. API link here.

The latest version of jersey uses javax.ws.rs.container.ContainerResponseFilter. API link here

Looks like you have both jersey 1.x and 2.x jars in your classpath. You need to use the one you need and remove the other.

Assuming you are using the latest 2.x jars You need to implement your own RequestFilter which will look like:-

    @Provider
    public class YourReqeustFilter implements ContainerRequestFilter {
         @Override
        public void filter(ContainerRequestContext requestContext)
                        throws IOException {
             // Use ContainerRequestContext  to intercept the http request.
           }
        }
    }

Then your web.xml for the servlet should look like this:-

<servlet>
        <servlet-name>MY API</servlet-name>
        <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
        <init-param>
            <param-name>javax.ws.rs.container.ContainerRequestFilter</param-name>
            <param-value>yourReqeustFilter</param-value>
        </init-param>
        <init-param>
            <param-name>javax.ws.rs.container.ContainerResponseFilterr</param-name>
            <param-value>yourResponseFilter</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
 </servlet>

However please note that when your page is protected through declarative security in your web.xml and there is a filter on it; your filter wont be able to get a hold on the blocked HTTP requests on your page; due to the fact that the requests first go to your container and container protects it due to the declarative security and then the request finally comes to your filter. In short container takes precedence over your filter.

In such cases though you can separate the concerned page out of your declarative security and handle security part programatically in your filter.

For example in the above filter method you can get a hold on the SecurityContext using :-
requestContext.getSecurityContext() and and get access to methods that provide access to security.
A start on programmatic security here.

Upvotes: 1

Related Questions