Implementing the Intercepting Filter Pattern in Your Enterprise Java Applications, Page 2

Servlet Implementation

Because this pattern is very useful, the creators of the Servlet API felt they need to provide its implementation. Therefore, the Servlet specification 2.3 included a filter and filter chain API. It also takes care of filter configuration via a main web.xml file. Moreover, intercepting filters can be set up transparently from the target Servlet or JSP and can wrap the request object. This implementation eliminates the need to write a lot of custom code, but on the other hand, it has limitations due to its predefined interfaces, and a requirement for a developer to learn its APIs.

Here is a part of the web.xml file that shows two filters that will intercept all requests to any URL pattern. However, the URL pattern can be set to be as specific as one Servlet only.

<servlet>
   <servlet-name>mainservlet</servlet-name>
   <servlet-class>intercepting_filter.MainServlet</servlet-class>
</servlet>

<servlet-mapping>
   <servlet-name>mainservlet</servlet-name>
   <url-pattern>/mainservlet</url-pattern>
</servlet-mapping>

<filter>
   <filter-name>servletfilter</filter-name>
   <filter-class>intercepting_filter.ServletFilter</filter-class>
</filter>
<filter-mapping>
   <filter-name>servletfilter</filter-name>
   <url-pattern>/*</url-pattern>
   <dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter>
   <filter-name>scanfilter</filter-name>
   <filter-class>intercepting_filter.ScanFilter</filter-class>
</filter>
<filter-mapping>
   <filter-name>scanfilter</filter-name>
   <url-pattern>/*</url-pattern>
   <dispatcher>FORWARD</dispatcher>
</filter-mapping>

This configuration tells the container to invoke the filter first on any request before handling the request object to the main Servlet. For example, ScanFilter can check whether the request type is "multipart form data" (a special type for file upload) and scan all attached files before the request is passed forward. This filter can be reused in different applications because it is not tied with any specific application code.

Here is a sample of ScanFilter that uses the O'Reilly package to work with multipart requests.

import com.oreilly.servlet.multipart.*;

public class ScanFilter extends HttpServlet implements Filter {
   private FilterConfig filterConfig;

   public void init(FilterConfig filterConfig)
      throws ServletException {
      this.filterConfig = filterConfig;
   }

   //Process the request/response pair
   public void doFilter(ServletRequest request,
       ServletResponse response,
      FilterChain filterChain) {
   try {
      String contentType = request.getContentType();
      // Only filter this request if it is multipart encoding
      if (contentType.startsWith("multipart/form-data")) {

         MultipartParser mp = new MultipartParser(request,
                                                  10*1024*1024);
         Part part;
         while ((part = mp.readNextPart()) != null) {
            String name = part.getName();
         if (part.isFile()) {
            // it's a file part
            FilePart filePart = (FilePart) part;
            if (filePart != null) {
               // scan it for viruses
            }
         }
      }
   }    // end if

   filterChain.doFilter(request, response);
   } catch (ServletException sx) {
      filterConfig.getServletContext().log(sx.getMessage());
   } catch (IOException iox) {
      filterConfig.getServletContext().log(iox.getMessage());
   }
}

Conclusion

In this article, I focused on the Intercepting Filter design pattern. It is one of the externally useful patterns in the category of enterprise Web development and should not be overlooked. It can simplify Web application development, maintenance, and reusability, as well as promote logic separation. As Web development technologies evolve, this pattern will probably change as well, but the main concepts should remain. Whether you will use a Servlet API or a custom solution to implement Intercepting Filter, you will benefit from its concepts in the long run.

Download Source

• Simple Decorator
• Complex Decorator
• Intercepting filter

References

• "Securing J2EE Applications with a Servlet Filter" by Michael Klaene
• "Thinking in Patterns with Java" by Bruce Eckel
• Core J2EE Patterns: Best Practices and Design Strategies by Deepak Alur, John Crupi, and Dan Malks. Publisher: Prentice Hall/Sun Microsystems Press, ISBN:0130648841; 1st edition (June 26, 2001)
• http://java.sun.com/blueprints/corej2eepatterns/Patterns/InterceptingFilter.html
• Decorator Design Pattern

About the Author

Vlad Kofman is a Senior System Architect. He has implemented enterprise-scale projects for the major Wall Street firms, defense contracts, and the U.S. government. His main interests are object-oriented programming methodologies and design patterns.

Page 2 of 2