Sitemap    
  Home Food Photographs IT Parenting Resources Learning  
JAVA
J2SE
JSP
Servlet
Filter usage to prevent malicious data 1
Filter usage to prevent malicious data 2
Spring
Struts2
Filter usage to prevent malicious data 1


Servlet Filter interface is very powerfull tool provided in Servlet API.
User's request for a web application resource can be forced to go through any number of filters, in a given order, and any of the filters may manipulate the request, including stopping it altogether

It can be used for various puposes. Like
1. Preventing malicious data being passed to the Servlet.
2. Compressing data before sending to the user for better performance.

In this article I will try to explain how we can use servlet filter to reject any malicious data.

Steps
1. Create Web application folders
2. Change application web.xml for filter and servlet
3. Create Filter and Servlet class
4. Run

1: Create web application folder structure
Note: Compiled classes shall go in classes folder

2: /WEB-INF/web.xml 
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4"
	xmlns="http://java.sun.com/xml/ns/j2ee"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
	<display-name>ServletApp</display-name>
	<welcome-file-list>
		<welcome-file>index.html</welcome-file>
	</welcome-file-list>
	<filter>
		<filter-name>FilterUsage1</filter-name>
		<filter-class>com.company.servlet.FilterUsage1</filter-class>
		<init-param>
			<param-name>param1</param-name>
			<param-value>param1-value</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>FilterUsage1</filter-name>
		<url-pattern>/Servlet1</url-pattern>
	</filter-mapping>

	<servlet>
		<display-name>Servlet1</display-name>
		<servlet-name>Servlet1</servlet-name>
		<servlet-class>com.company.servlet.Servlet1</servlet-class>
	</servlet>

	<servlet-mapping>
		<servlet-name>Servlet1</servlet-name>
		<url-pattern>/Servlet1</url-pattern>
	</servlet-mapping>

</web-app>
3: /WEB-INF/classes/com/company/servlet/FilterUsage1 
package com.company.servlet;
import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

public class FilterUsage1 implements Filter {
	public void doFilter(ServletRequest req, ServletResponse res,
			FilterChain chain) throws IOException, ServletException {
		System.out.println("Inside FilterUsage1::doFilter()");
		HttpServletRequest request = (HttpServletRequest) req;
		String maliciousStr = request.getParameter("maliciousStr");
		System.out.println("maliciousStr-" + maliciousStr);
		if (maliciousStr != null && maliciousStr.contains("'")) {
			request.setAttribute("errorMsg", "Single quote not allowed.");
			req.getRequestDispatcher("/jsp/filterusage1.jsp").forward(req, res);
			return;
		}
		chain.doFilter(req, res);
	}

	public void init(FilterConfig config) throws ServletException {
		String param1 = config.getInitParameter("param1");
		System.out.println("Param1 value: " + param1);
	}

	public void destroy() {
		// add code to release any resource
	}

}
4: /WEB-INF/classes/com/company/servlet/Servlet1 
package com.company.servlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class Servlet1 extends HttpServlet {
	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws javax.servlet.ServletException, java.io.IOException {
		process(request, response);
	}

	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws javax.servlet.ServletException, java.io.IOException {
		process(request, response);
	}

	public void process(HttpServletRequest request, HttpServletResponse response)
			throws javax.servlet.ServletException, java.io.IOException {
		System.out.println("Inside Servlet1::process()");
		request.setAttribute("errorMsg", "Data passed the filter");
		request.getRequestDispatcher("/jsp/filterusage1.jsp").forward(request,
				response);
	}
}

5: /jsp/filterusage1.jsp 
<%
	String ctx = request.getContextPath();
	String errorMsg = (String) request.getAttribute("errorMsg");
	if (errorMsg == null) {
		errorMsg = "";
	}
%>
<html>
<head>
<title>/jsp/filterusage.jsp</title>
</head>
<body>
<form name="Servlet1" method="post" action="<%=ctx%>/Servlet1">
<div>Malicious String: <input type="text" value="ab'c"
	name="maliciousStr" /><span style="color=red"><%=errorMsg%></span></div>
<div><input type="submit" value="Test" name="Test" /></div>
</form>
</body>
</html>

ADD TO DEL.ICIO.US ADD TO DIGG ADD TO FURL ADD TO REDDIT ADD TO STUMBLEUPON ADD TO TECHNORATI FAVORITES ADD TO SQUIDOO ADD TO YAHOO MYWEB ADD TO ASK ADD TO GOOGLE
Post your comments:
Your Name: 
Security check:
Your Comment: 1500 chars
Latest
Wheat Cookies
WheatCookie
Wheat cookies is a healthy snack for your fussy toddler......
Babyfood  2010-Aug-26
Wheat Cookies
WheatCookie
Wheat cookies is a healthy snack for your fussy toddler......
Veg Recipes Baking  2010-Aug-26
Encoding special characters in userinput or on server
Encoding can be done either in Javascript or JAVA encodeURIComponent, escape, java.net.URLEncoder..
Java JSP  2010-Aug-09
Jstl fmt tag i18n formatdate formatcurrency
fmt:setBundle, native2ascii.exe, fmt:message, fmt:setLocale, fmt:formatDate, fmt:formatNumber type=currency..
Java JSP  2010-Aug-05
How to read and write a file
How to read and write a file java.io.BufferedReader,java.io.FileReader, InputStreamReader ...
Java J2SE  2010-Aug-04
jQuery validate form using ajax 2
How to validate/submit form using ajax and jQuery input#, ($.ajax)..
Javascript  2010-Jul-23
jQuery validate form using ajax 1
How to validate/submit form using ajax and jQuery ($.ajax)..
Javascript  2010-Jul-23
Dosa
Dosa batterDosa
Masala dosa is my favourite South Indian dish and I relish it it whenever we go to a South Indian food joint......
Veg Recipes Parathas  2010-Jul-14
Palak Sukka/Spinach Sukka/Palakachi Sukhi Bhaji
Spinach leaves/images/food/vegrecipes/160X120/PALAK METHI SUKHI BHAJI 2 (2).JPG
If you are looking for a palak recipe apart from aloo palak or palak paneer, which quick yet delicious you are at the right place......
Veg Recipes Dry Veg  2010-Jul-13
How to create datasource in RAD Websphere
Create JDBC provider, datasource and JAAS security setup, JDBC connection URLs
Servers Websphere  2010-Jul-08
Get Started 4
Struts2 framework structure, how various components fit together
Java Struts2  2010-Jul-07
How to populate a form when JSP is called first time
This is achieved throught setting bean in request, using frameworks like Struts2, Spring3..
Java JSP  2010-Jul-07
Spring3 And Hibernate 4
Spring3 and Hibernate 3.5.3 working together @Controller, @RequestMapping, @InitBinder, HibernateTransactionManager, LocalSessionFactoryBean, HibernateTemplate
Java Spring  2010-Jul-07
Spring3 And Hibernate 3
Spring3 and Hibernate 3.5.3 working together @Controller, @RequestMapping, @InitBinder, HibernateTransactionManager, LocalSessionFactoryBean, HibernateTemplate
Java Spring  2010-Jul-07
Spring3 And Hibernate 1
Spring3 and Hibernate 3.5.3 working together @Controller, @RequestMapping, @InitBinder, HibernateTransactionManager, LocalSessionFactoryBean, HibernateTemplate
Java Spring  2010-Jul-07
Spring3 And Hibernate 2
Spring3 and Hibernate 3.5.3 working together @Controller, @RequestMapping, @InitBinder, HibernateTransactionManager, LocalSessionFactoryBean, HibernateTemplate
Java Spring  2010-Jul-07