Solved

Intercepting Filter design patterns

Posted on 2010-09-13
8
724 Views
Last Modified: 2012-05-10
Please see this Text

The Intercepting Filter design patterns provides interception and redirection of requests and response where needed. This pattern is applicable in application security and other rule-based access implementations. Implementing interception filters helps manage such complex scenarios by avoiding the necessity of coding access implementations within individual JSPs. One intercepting filter is implemented to handle all access concerns. Interception filters are usually servlets that implement the Filter servlet interface.

>>>>This pattern is applicable in application security
what kind of security ?

where this filter could be used for security ?
is it between  view and the controller  OR between  controller and the model ?
0
Comment
Question by:cofactor
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 20

Expert Comment

by:ChristoferDutz
ID: 33661469
Ok ... and I hope you won't keep this question open indeffinetely as you did with your question about the "Value List Handler Pattern" :-)

One widely used example of this pattern is the Servlet Filter Chain. (http://retail.oreilly.com/pub/a/onjava/2001/05/10/servlet_filters.html)

Assume you have a web-application and you want to access a resource in this application. Now if you want to restrict this access to logged-in users, then you can introduce an intercepting filter, that checks if the current user is logged in. If he is not logged I the filter can decide to send back an error-page instead or to redirect the user to a login-page.
0
 
LVL 20

Expert Comment

by:ChristoferDutz
ID: 33661490
I would say that it is in front of model, view and controller (My understanding of the view is for example JSP Files on the server and not treating the client as view)
0
 
LVL 10

Assisted Solution

by:Hegemon
Hegemon earned 116 total points
ID: 33661507
- what kind of security ? - application-level, type role-based security. Basically deciding what the user is/is not allowed to see/access.

- where this filter could be used for security ?
It is largely described in the question itself: in web applications where the code is not to be cluttered with security concerns, with these concerns separated into the filter

- is it between  view and the controller  OR between  controller and the model ?
I'd say it is part of the controller since it is the controller that makes navigation decisions.

0
 
LVL 10

Expert Comment

by:Hegemon
ID: 33661519
BTW, I agree with ChristoferDutz re: Open questions
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 40

Expert Comment

by:gurvinder372
ID: 33661551
<<what kind of security ?>>
See this first
http://java.sun.com/blueprints/corej2eepatterns/Patterns/InterceptingFilter.html
http://www.coresecuritypatterns.com/patterns.htm
You can based on the request parameters decide whether to go forward the request to the servlet to which it was originally intended to go to, for example,
-- if the user id passed in the request is not registered/valid, you can forward the request to a error page rendering servlet
-- if the session of the request is not valid, you can forward the request to a error page rendering servlet
-- if the parameter value (say user type) suggest that this particular service (say an admin service is request by a user id of a normal consumer) is not applicable to this user id, you can forward the request to a error page rendering servlet
-- if the parameter values says that this request is coming from an iphone client rather than a desktop one or ipad one, you can render a different JSP or do some tweeking on the response
-- If the request header says that this browser client is not supported, you can show a message by changing the response
-- if the request header says that request is coming from an untrusted netwok and so on

0
 

Author Comment

by:cofactor
ID: 33668809
>>>One widely used example of this pattern is the Servlet Filter Chain

you mentioned "chain" ...why ?  We could just use one Filter class which could check all  security preprocessing.

Is there any specific reason why to use multiple filter classes to form a chain ?
0
 
LVL 40

Accepted Solution

by:
gurvinder372 earned 117 total points
ID: 33668963
Filter chain is an ordered collection of independent filters.
It takes care of the co-ordination of the processing of independent filters, each of them mapped to a resource requested by client.

Advantages
-- It just makes your code more maintainable and reusable.
0
 
LVL 20

Assisted Solution

by:ChristoferDutz
ChristoferDutz earned 117 total points
ID: 33669741
Welll the filters do not only do security stuff ... in my applications there usually is a logging-filter, a profiling filter, ...

You can think of a filter as some logic that would usually be placed all over your project. Immagine security code in every method of every class in your project). Placing a Security filter allows you to separate the security code from the rest of the code, that usually has nothing to do with security. Additionally you are enabled to secure an application without having to modify your services. Ans yet another benefit would be that you can exchange the security model without modifying the application (exchanging a simple Login Security against a complex Role-Based User-Group-Security model).
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Java contains several comparison operators (e.g., <, <=, >, >=, ==, !=) that allow you to compare primitive values. However, these operators cannot be used to compare the contents of objects. Interface Comparable is used to allow objects of a cl…
Introduction This article is the last of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers our test design approach and then goes through a simple test case example, how …
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now