Java Servlets - Filter example
Posted on June 6th, 2008 in programming |
A little filter that detects if the The X-Forwarded-For (XFF) HTTP header is set.
If it’s set it means that the call arrived trough a proxy, and when the “getRemoteAddr()” method is called by the server it will return the last proxy in the IP array.
So basicly what this does is (if XFF is set) forces the “getRemoteAddr()/getRemoteHost()” methods to always return the first IP in the XFF header.
Here’s the filter class:
public final class EditHeader implements Filter {
private FilterConfig filterConfig;
public void init(FilterConfig filterConfig) throws
ServletException {
System.out.println("Filter initialized");
this.filterConfig = filterConfig;
}
public void destroy() {
System.out.println("Filter destroyed");
this.filterConfig = null;
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException {
chain.doFilter( new MyWrapper((HttpServletRequest) request), response);
}
}
Here you have the filter wrapper class:
public final class MyWrapper extends
HttpServletRequestWrapper {
public HttpServletRequest httpRequest = (HttpServletRequest) super.getRequest();
public String reqAddr = httpRequest.getRemoteAddr();
public String reqHost = httpRequest.getRemoteHost();
public MyWrapper(HttpServletRequest servletRequest) {
super(servletRequest);
}
public String getRemoteAddr() {
String callerChain = httpRequest.getHeader("X-Forwarded-For");
if (callerChain==null ||callerChain.equals(""))
return reqAddr+"abc";
StringTokenizer tempStringTokenizer = new StringTokenizer(callerChain, ",");
return (tempStringTokenizer.nextToken());
}
public String getRemoteHost() {
String callerChain = httpRequest.getHeader("X-Forwarded-For");
if (callerChain==null ||callerChain.equals(""))
return reqHost+"def";
StringTokenizer tempStringTokenizer = new StringTokenizer(callerChain, ",");
return (tempStringTokenizer.nextToken());
}
And here’s a little test servlet :
public class test extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
res.setContentType("text/html");
PrintWriter out = res.getWriter();
out.println("");
out.println("Test ");
out.println("");
out.println("Caller Host :" +req.getRemoteAddr() + "");
out.println("Caller Addr :" + req.getRemoteHost() +"");
out.println("");
}
}
The web.xml looks like this :
EditHeader EditHeader EditHeader test test test test test
Docs:
http://java.sun.com/products/servlet/Filters.html
http://www.onjava.com/pub/a/onjava/2004/03/03/filters.html
http://www.developer.com/java/ent/article.php/3467801
