Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 733
  • Last Modified:

Intercepting Filter design patterns

Please see this Text

The Intercepting Filter design patterns provides interception and redirection of requests and response where needed. This pattern is applicable in application security and other rule-based access implementations. Implementing interception filters helps manage such complex scenarios by avoiding the necessity of coding access implementations within individual JSPs. One intercepting filter is implemented to handle all access concerns. Interception filters are usually servlets that implement the Filter servlet interface.

>>>>This pattern is applicable in application security
what kind of security ?

where this filter could be used for security ?
is it between  view and the controller  OR between  controller and the model ?
0
cofactor
Asked:
cofactor
  • 3
  • 2
  • 2
  • +1
3 Solutions
 
ChristoferDutzCommented:
Ok ... and I hope you won't keep this question open indeffinetely as you did with your question about the "Value List Handler Pattern" :-)

One widely used example of this pattern is the Servlet Filter Chain. (http://retail.oreilly.com/pub/a/onjava/2001/05/10/servlet_filters.html)

Assume you have a web-application and you want to access a resource in this application. Now if you want to restrict this access to logged-in users, then you can introduce an intercepting filter, that checks if the current user is logged in. If he is not logged I the filter can decide to send back an error-page instead or to redirect the user to a login-page.
0
 
ChristoferDutzCommented:
I would say that it is in front of model, view and controller (My understanding of the view is for example JSP Files on the server and not treating the client as view)
0
 
HegemonCommented:
- what kind of security ? - application-level, type role-based security. Basically deciding what the user is/is not allowed to see/access.

- where this filter could be used for security ?
It is largely described in the question itself: in web applications where the code is not to be cluttered with security concerns, with these concerns separated into the filter

- is it between  view and the controller  OR between  controller and the model ?
I'd say it is part of the controller since it is the controller that makes navigation decisions.

0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
HegemonCommented:
BTW, I agree with ChristoferDutz re: Open questions
0
 
Gurvinder Pal SinghCommented:
<<what kind of security ?>>
See this first
http://java.sun.com/blueprints/corej2eepatterns/Patterns/InterceptingFilter.html
http://www.coresecuritypatterns.com/patterns.htm
You can based on the request parameters decide whether to go forward the request to the servlet to which it was originally intended to go to, for example,
-- if the user id passed in the request is not registered/valid, you can forward the request to a error page rendering servlet
-- if the session of the request is not valid, you can forward the request to a error page rendering servlet
-- if the parameter value (say user type) suggest that this particular service (say an admin service is request by a user id of a normal consumer) is not applicable to this user id, you can forward the request to a error page rendering servlet
-- if the parameter values says that this request is coming from an iphone client rather than a desktop one or ipad one, you can render a different JSP or do some tweeking on the response
-- If the request header says that this browser client is not supported, you can show a message by changing the response
-- if the request header says that request is coming from an untrusted netwok and so on

0
 
cofactorAuthor Commented:
>>>One widely used example of this pattern is the Servlet Filter Chain

you mentioned "chain" ...why ?  We could just use one Filter class which could check all  security preprocessing.

Is there any specific reason why to use multiple filter classes to form a chain ?
0
 
Gurvinder Pal SinghCommented:
Filter chain is an ordered collection of independent filters.
It takes care of the co-ordination of the processing of independent filters, each of them mapped to a resource requested by client.

Advantages
-- It just makes your code more maintainable and reusable.
0
 
ChristoferDutzCommented:
Welll the filters do not only do security stuff ... in my applications there usually is a logging-filter, a profiling filter, ...

You can think of a filter as some logic that would usually be placed all over your project. Immagine security code in every method of every class in your project). Placing a Security filter allows you to separate the security code from the rest of the code, that usually has nothing to do with security. Additionally you are enabled to secure an application without having to modify your services. Ans yet another benefit would be that you can exchange the security model without modifying the application (exchanging a simple Login Security against a complex Role-Based User-Group-Security model).
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now