Solved

Intercepting Filter design patterns

Posted on 2010-09-13
8
723 Views
Last Modified: 2012-05-10
Please see this Text

The Intercepting Filter design patterns provides interception and redirection of requests and response where needed. This pattern is applicable in application security and other rule-based access implementations. Implementing interception filters helps manage such complex scenarios by avoiding the necessity of coding access implementations within individual JSPs. One intercepting filter is implemented to handle all access concerns. Interception filters are usually servlets that implement the Filter servlet interface.

>>>>This pattern is applicable in application security
what kind of security ?

where this filter could be used for security ?
is it between  view and the controller  OR between  controller and the model ?
0
Comment
Question by:cofactor
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 20

Expert Comment

by:ChristoferDutz
ID: 33661469
Ok ... and I hope you won't keep this question open indeffinetely as you did with your question about the "Value List Handler Pattern" :-)

One widely used example of this pattern is the Servlet Filter Chain. (http://retail.oreilly.com/pub/a/onjava/2001/05/10/servlet_filters.html)

Assume you have a web-application and you want to access a resource in this application. Now if you want to restrict this access to logged-in users, then you can introduce an intercepting filter, that checks if the current user is logged in. If he is not logged I the filter can decide to send back an error-page instead or to redirect the user to a login-page.
0
 
LVL 20

Expert Comment

by:ChristoferDutz
ID: 33661490
I would say that it is in front of model, view and controller (My understanding of the view is for example JSP Files on the server and not treating the client as view)
0
 
LVL 10

Assisted Solution

by:Hegemon
Hegemon earned 116 total points
ID: 33661507
- what kind of security ? - application-level, type role-based security. Basically deciding what the user is/is not allowed to see/access.

- where this filter could be used for security ?
It is largely described in the question itself: in web applications where the code is not to be cluttered with security concerns, with these concerns separated into the filter

- is it between  view and the controller  OR between  controller and the model ?
I'd say it is part of the controller since it is the controller that makes navigation decisions.

0
 
LVL 10

Expert Comment

by:Hegemon
ID: 33661519
BTW, I agree with ChristoferDutz re: Open questions
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 40

Expert Comment

by:gurvinder372
ID: 33661551
<<what kind of security ?>>
See this first
http://java.sun.com/blueprints/corej2eepatterns/Patterns/InterceptingFilter.html
http://www.coresecuritypatterns.com/patterns.htm
You can based on the request parameters decide whether to go forward the request to the servlet to which it was originally intended to go to, for example,
-- if the user id passed in the request is not registered/valid, you can forward the request to a error page rendering servlet
-- if the session of the request is not valid, you can forward the request to a error page rendering servlet
-- if the parameter value (say user type) suggest that this particular service (say an admin service is request by a user id of a normal consumer) is not applicable to this user id, you can forward the request to a error page rendering servlet
-- if the parameter values says that this request is coming from an iphone client rather than a desktop one or ipad one, you can render a different JSP or do some tweeking on the response
-- If the request header says that this browser client is not supported, you can show a message by changing the response
-- if the request header says that request is coming from an untrusted netwok and so on

0
 

Author Comment

by:cofactor
ID: 33668809
>>>One widely used example of this pattern is the Servlet Filter Chain

you mentioned "chain" ...why ?  We could just use one Filter class which could check all  security preprocessing.

Is there any specific reason why to use multiple filter classes to form a chain ?
0
 
LVL 40

Accepted Solution

by:
gurvinder372 earned 117 total points
ID: 33668963
Filter chain is an ordered collection of independent filters.
It takes care of the co-ordination of the processing of independent filters, each of them mapped to a resource requested by client.

Advantages
-- It just makes your code more maintainable and reusable.
0
 
LVL 20

Assisted Solution

by:ChristoferDutz
ChristoferDutz earned 117 total points
ID: 33669741
Welll the filters do not only do security stuff ... in my applications there usually is a logging-filter, a profiling filter, ...

You can think of a filter as some logic that would usually be placed all over your project. Immagine security code in every method of every class in your project). Placing a Security filter allows you to separate the security code from the rest of the code, that usually has nothing to do with security. Additionally you are enabled to secure an application without having to modify your services. Ans yet another benefit would be that you can exchange the security model without modifying the application (exchanging a simple Login Security against a complex Role-Based User-Group-Security model).
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

After being asked a question last year, I went into one of my moods where I did some research and code just for the fun and learning of it all.  Subsequently, from this journey, I put together this article on "Range Searching Using Visual Basic.NET …
Are you developing a Java application and want to create Excel Spreadsheets? You have come to the right place, this article will describe how you can create Excel Spreadsheets from a Java Application. For the purposes of this article, I will be u…
Viewers learn about the third conditional statement “else if” and use it in an example program. Then additional information about conditional statements is provided, covering the topic thoroughly. Viewers learn about the third conditional statement …
This theoretical tutorial explains exceptions, reasons for exceptions, different categories of exception and exception hierarchy.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now