Solved

Intercepting Filter design patterns

Posted on 2010-09-13
8
728 Views
Last Modified: 2012-05-10
Please see this Text

The Intercepting Filter design patterns provides interception and redirection of requests and response where needed. This pattern is applicable in application security and other rule-based access implementations. Implementing interception filters helps manage such complex scenarios by avoiding the necessity of coding access implementations within individual JSPs. One intercepting filter is implemented to handle all access concerns. Interception filters are usually servlets that implement the Filter servlet interface.

>>>>This pattern is applicable in application security
what kind of security ?

where this filter could be used for security ?
is it between  view and the controller  OR between  controller and the model ?
0
Comment
Question by:cofactor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 20

Expert Comment

by:ChristoferDutz
ID: 33661469
Ok ... and I hope you won't keep this question open indeffinetely as you did with your question about the "Value List Handler Pattern" :-)

One widely used example of this pattern is the Servlet Filter Chain. (http://retail.oreilly.com/pub/a/onjava/2001/05/10/servlet_filters.html)

Assume you have a web-application and you want to access a resource in this application. Now if you want to restrict this access to logged-in users, then you can introduce an intercepting filter, that checks if the current user is logged in. If he is not logged I the filter can decide to send back an error-page instead or to redirect the user to a login-page.
0
 
LVL 20

Expert Comment

by:ChristoferDutz
ID: 33661490
I would say that it is in front of model, view and controller (My understanding of the view is for example JSP Files on the server and not treating the client as view)
0
 
LVL 10

Assisted Solution

by:Hegemon
Hegemon earned 116 total points
ID: 33661507
- what kind of security ? - application-level, type role-based security. Basically deciding what the user is/is not allowed to see/access.

- where this filter could be used for security ?
It is largely described in the question itself: in web applications where the code is not to be cluttered with security concerns, with these concerns separated into the filter

- is it between  view and the controller  OR between  controller and the model ?
I'd say it is part of the controller since it is the controller that makes navigation decisions.

0
How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

 
LVL 10

Expert Comment

by:Hegemon
ID: 33661519
BTW, I agree with ChristoferDutz re: Open questions
0
 
LVL 40

Expert Comment

by:gurvinder372
ID: 33661551
<<what kind of security ?>>
See this first
http://java.sun.com/blueprints/corej2eepatterns/Patterns/InterceptingFilter.html
http://www.coresecuritypatterns.com/patterns.htm
You can based on the request parameters decide whether to go forward the request to the servlet to which it was originally intended to go to, for example,
-- if the user id passed in the request is not registered/valid, you can forward the request to a error page rendering servlet
-- if the session of the request is not valid, you can forward the request to a error page rendering servlet
-- if the parameter value (say user type) suggest that this particular service (say an admin service is request by a user id of a normal consumer) is not applicable to this user id, you can forward the request to a error page rendering servlet
-- if the parameter values says that this request is coming from an iphone client rather than a desktop one or ipad one, you can render a different JSP or do some tweeking on the response
-- If the request header says that this browser client is not supported, you can show a message by changing the response
-- if the request header says that request is coming from an untrusted netwok and so on

0
 

Author Comment

by:cofactor
ID: 33668809
>>>One widely used example of this pattern is the Servlet Filter Chain

you mentioned "chain" ...why ?  We could just use one Filter class which could check all  security preprocessing.

Is there any specific reason why to use multiple filter classes to form a chain ?
0
 
LVL 40

Accepted Solution

by:
gurvinder372 earned 117 total points
ID: 33668963
Filter chain is an ordered collection of independent filters.
It takes care of the co-ordination of the processing of independent filters, each of them mapped to a resource requested by client.

Advantages
-- It just makes your code more maintainable and reusable.
0
 
LVL 20

Assisted Solution

by:ChristoferDutz
ChristoferDutz earned 117 total points
ID: 33669741
Welll the filters do not only do security stuff ... in my applications there usually is a logging-filter, a profiling filter, ...

You can think of a filter as some logic that would usually be placed all over your project. Immagine security code in every method of every class in your project). Placing a Security filter allows you to separate the security code from the rest of the code, that usually has nothing to do with security. Additionally you are enabled to secure an application without having to modify your services. Ans yet another benefit would be that you can exchange the security model without modifying the application (exchanging a simple Login Security against a complex Role-Based User-Group-Security model).
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Configure a Bean in an XML file 4 49
ejb entity bean example issue 2 27
wild fly 8 startup error 2 41
How to fix  socket closed error 11 28
This was posted to the Netbeans forum a Feb, 2010 and I also sent it to Verisign. Who didn't help much in my struggles to get my application signed. ------------------------- Start The idea here is to target your cell phones with the correct…
Introduction Java can be integrated with native programs using an interface called JNI(Java Native Interface). Native programs are programs which can directly run on the processor. JNI is simply a naming and calling convention so that the JVM (Java…
Video by: Michael
Viewers learn about how to reduce the potential repetitiveness of coding in main by developing methods to perform specific tasks for their program. Additionally, objects are introduced for the purpose of learning how to call methods in Java. Define …
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question