Servlet Filters as poor man's AOP
I was just discussing this idea of Servlet Filters with a friend and I was trying to explain to him how Filters work and how they are really aspects in the AOP world. I think filters are really incredibly helpful and yet very few developers know about them and even fewer developers implement them. So my thought was that if we started using buzzwords like AOP around filters, suddenly Filters become sexy and everyone's jumping over to implement Filters. 
The filter API was introduced in the Servlet 2.3 specification and is defined by the Filter, FilterChain, and FilterConfig interfaces in the javax.servlet package. You define a filter by implementing the Filter interface. A filter chain, passed to a filter by the container, provides a mechanism for invoking a series of filters. A filter config contains initialization data. The most important method in the Filter interface is the doFilter() method, which is the heart of the filter. Filters intercept request to your web application based on the url-pattern specified in the web.xml, where the filters are defined.
I have used Filters extensively and have a few Filters ready to go when I am called into debug applications in production that are misbehaving or just broken. One of the filters I use quite often is a simple authentication filter that makes is easy to ensure consumers of the web application is authenticated. Here's a simple snippet:
[code lang="java"]
/**
* The doFilter() method performs the actual filtering work. In its doFilter() method, each filter
* receives the current request and response, as well as a FilterChain containing the filters that still must be
* processed.
*
* This filter is just used to capture and log information about the user being passed in to the login servlet
* for tracking purposes.
*
* @param request Servlet request object
* @param response Servlet response object
* @param chain Filter chain
* @exception IOException
* @exception ServletException
*/
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
if (req != null) {
HttpServletRequest request = (HttpServletRequest) req;
//could pass in false in the getSession() to return null for new session.
HttpSession mySession = request.getSession();
String loginStatus = (String) mySession.getAttribute("LOGIN");
if ((loginStatus != null) && (loginStatus.equals(Boolean.TRUE.toString()))) {
log.debug("FOUND A LOGGED IN USER - PASSING THRU");
//Logged in - Let's pass thru the user
chain.doFilter(req, res);
} else {
log.debug("FOUND A NEW USER - CHECKING STATUS");
if ((request.getRequestURI().indexOf("login") != -1) ||
(request.getRequestURI().indexOf("index.jsp") != -1) ||
(request.getRequestURI().indexOf("images") != -1) ||
(request.getRequestURI().indexOf("ipo.css") != -1)) {
//User is going to or being redirected to login page or loading images - Let's pass thru the user
log.debug("NEW USER -> LOADING CSS, IMAEGS or BEING REDIRECTED TO THE INDEX OR LOGIN PAGE");
log.debug("request.getRequestURI() = " + request.getRequestURI());
chain.doFilter(req, res);
} else {
log.debug("NEW USER - LET's FORWARD TO THE INDEX JSP AGE");
log.debug("request.getRequestURI() = " + request.getRequestURI());
RequestDispatcher ds = ctx.getRequestDispatcher("/index.jsp?timeout=true");
ds.forward(request, res);
}
}
}
}
[/code]
Here's a copy of the original documented Filter java class.
Tags: AOP, development, filters, J2EE, java, servlet, web, WebLogic, xml
{ 1 comment… read it below or add one }
[...] 6, 2004 @ 1:47 pm · Filed under General Earlier in the month, I blogged about Servlet Filters and how I see them as Aspects in the AOP [...]