Solved

Intercepting Filter design patterns

Posted on 2010-09-13
8
726 Views
Last Modified: 2012-05-10
Please see this Text

The Intercepting Filter design patterns provides interception and redirection of requests and response where needed. This pattern is applicable in application security and other rule-based access implementations. Implementing interception filters helps manage such complex scenarios by avoiding the necessity of coding access implementations within individual JSPs. One intercepting filter is implemented to handle all access concerns. Interception filters are usually servlets that implement the Filter servlet interface.

>>>>This pattern is applicable in application security
what kind of security ?

where this filter could be used for security ?
is it between  view and the controller  OR between  controller and the model ?
0
Comment
Question by:cofactor
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 20

Expert Comment

by:ChristoferDutz
ID: 33661469
Ok ... and I hope you won't keep this question open indeffinetely as you did with your question about the "Value List Handler Pattern" :-)

One widely used example of this pattern is the Servlet Filter Chain. (http://retail.oreilly.com/pub/a/onjava/2001/05/10/servlet_filters.html)

Assume you have a web-application and you want to access a resource in this application. Now if you want to restrict this access to logged-in users, then you can introduce an intercepting filter, that checks if the current user is logged in. If he is not logged I the filter can decide to send back an error-page instead or to redirect the user to a login-page.
0
 
LVL 20

Expert Comment

by:ChristoferDutz
ID: 33661490
I would say that it is in front of model, view and controller (My understanding of the view is for example JSP Files on the server and not treating the client as view)
0
 
LVL 10

Assisted Solution

by:Hegemon
Hegemon earned 116 total points
ID: 33661507
- what kind of security ? - application-level, type role-based security. Basically deciding what the user is/is not allowed to see/access.

- where this filter could be used for security ?
It is largely described in the question itself: in web applications where the code is not to be cluttered with security concerns, with these concerns separated into the filter

- is it between  view and the controller  OR between  controller and the model ?
I'd say it is part of the controller since it is the controller that makes navigation decisions.

0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 10

Expert Comment

by:Hegemon
ID: 33661519
BTW, I agree with ChristoferDutz re: Open questions
0
 
LVL 40

Expert Comment

by:gurvinder372
ID: 33661551
<<what kind of security ?>>
See this first
http://java.sun.com/blueprints/corej2eepatterns/Patterns/InterceptingFilter.html
http://www.coresecuritypatterns.com/patterns.htm
You can based on the request parameters decide whether to go forward the request to the servlet to which it was originally intended to go to, for example,
-- if the user id passed in the request is not registered/valid, you can forward the request to a error page rendering servlet
-- if the session of the request is not valid, you can forward the request to a error page rendering servlet
-- if the parameter value (say user type) suggest that this particular service (say an admin service is request by a user id of a normal consumer) is not applicable to this user id, you can forward the request to a error page rendering servlet
-- if the parameter values says that this request is coming from an iphone client rather than a desktop one or ipad one, you can render a different JSP or do some tweeking on the response
-- If the request header says that this browser client is not supported, you can show a message by changing the response
-- if the request header says that request is coming from an untrusted netwok and so on

0
 

Author Comment

by:cofactor
ID: 33668809
>>>One widely used example of this pattern is the Servlet Filter Chain

you mentioned "chain" ...why ?  We could just use one Filter class which could check all  security preprocessing.

Is there any specific reason why to use multiple filter classes to form a chain ?
0
 
LVL 40

Accepted Solution

by:
gurvinder372 earned 117 total points
ID: 33668963
Filter chain is an ordered collection of independent filters.
It takes care of the co-ordination of the processing of independent filters, each of them mapped to a resource requested by client.

Advantages
-- It just makes your code more maintainable and reusable.
0
 
LVL 20

Assisted Solution

by:ChristoferDutz
ChristoferDutz earned 117 total points
ID: 33669741
Welll the filters do not only do security stuff ... in my applications there usually is a logging-filter, a profiling filter, ...

You can think of a filter as some logic that would usually be placed all over your project. Immagine security code in every method of every class in your project). Placing a Security filter allows you to separate the security code from the rest of the code, that usually has nothing to do with security. Additionally you are enabled to secure an application without having to modify your services. Ans yet another benefit would be that you can exchange the security model without modifying the application (exchanging a simple Login Security against a complex Role-Based User-Group-Security model).
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
GUI builder for Eclipse? 8 37
Java DateChooser? 3 36
use lov values 2 50
spring jars download 1 29
For beginner Java programmers or at least those new to the Eclipse IDE, the following tutorial will show some (four) ways in which you can import your Java projects to your Eclipse workbench. Introduction While learning Java can be done with…
Introduction This article is the second of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers the basic installation and configuration of the test automation tools used by…
Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…
Viewers learn about the scanner class in this video and are introduced to receiving user input for their programs. Additionally, objects, conditional statements, and loops are used to help reinforce the concepts. Introduce Scanner class: Importing…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question