9.6. Example: An Access Time Filter
The LogFilter of Section 9.4 prints an entry in the log file every time the associated servlet or JSP page is accessed. Suppose you want to modify it so that it only notes accesses that occur at unusual times. Since “unusual” is situation dependent, the servlet should provide default values for the abnormal time ranges and let deployers override these values by supplying initialization parameters. To implement this functionality, the filter has the following capabilities.
A class that implements the Filter interface. This class is called LateAccessFilter and is shown in Listing 9.9. The init method of this class reads the startTime and endTime initialization parameters. It attempts to parse these values as type int, using default values if the parameters are null or not formatted as integers. It then stores the start and end times, the FilterConfig, the ServletContext, and the filter name in fields of the filter. Finally, LateAccessFilter provides an empty body for the destroy method.
A call to the doFilter method of the FilterChain. After printing the report, the filter calls the doFilter method of the FilterChain to invoke the next filter in the chain (or the servlet or JSP page if there are no more filters).
Registration with the Web application home page; definition of initialization parameters. First, the filter element associates the name LateAccessFilter with the class moreservlets.filters.LateAccessFilter. The filter element also includes two init-param subelements: one that defines the startTime parameter and another that defines endTime. Since the people that will be accessing the filtersRus home page are programmers, an abnormal range is considered to be between 2:00 a.m. and 10:00 a.m. Finally, the filter-mapping element uses a url-pattern of /index.jsp to associate the filter with the Web application home page. See Listing 9.10.
Disablement of the invoker servlet. This operation is shown in Section 9.2 and is not repeated here.
After the Web application is deployed on an external server and the logging filter is attached, a client request for the Web application home page results in an entry in the log file like “WARNING: hacker6.filtersrus.com accessed http://www.filtersrus.com/filters/index.jsp on Oct 30, 2001 9:22:09 AM.”
Listing 9.9. LateAccessFilter.java
package moreservlets.filters;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.util.*;
import java.text.*;
/** Filter that keeps track of accesses that occur
* at unusual hours.
*/
public class LateAccessFilter implements Filter {
private FilterConfig config;
private ServletContext context;
private int startTime, endTime;
private DateFormat formatter;
public void doFilter(ServletRequest request,
ServletResponse response,
FilterChain chain)
throws ServletException, IOException {
HttpServletRequest req = (HttpServletRequest)request;
GregorianCalendar calendar = new GregorianCalendar();
int currentTime = calendar.get(calendar.HOUR_OF_DAY);
if (isUnusualTime(currentTime, startTime, endTime)) {
context.log("WARNING: " +
req.getRemoteHost() +
" accessed " +
req.getRequestURL() +
" on " +
formatter.format(calendar.getTime()));
}
chain.doFilter(request,response);
}
public void init(FilterConfig config)
throws ServletException {
this.config = config;
context = config.getServletContext();
formatter =
DateFormat.getDateTimeInstance(DateFormat.MEDIUM,
DateFormat.MEDIUM);
try {
startTime =
Integer.parseInt(config.getInitParameter("startTime"));
endTime =
Integer.parseInt(config.getInitParameter("endTime"));
} catch(NumberFormatException nfe) { // Malformed or null
// Default: access at or after 10 p.m. but before 6 a.m.
// is considered unusual.
startTime = 22; // 10:00 p.m.
endTime = 6; // 6:00 a.m.
}
}
public void destroy() {}
// Is the current time between the start and end
// times that are marked as abnormal access times?
private boolean isUnusualTime(int currentTime,
int startTime,
int endTime) {
// If the start time is less than the end time (i.e.,
// they are two times on the same day), then the
// current time is considered unusual if it is
// between the start and end times.
if (startTime < endTime) {
return((currentTime >= startTime) &&
(currentTime < endTime));
}
// If the start time is greater than or equal to the
// end time (i.e., the start time is on one day and
// the end time is on the next day), then the current
// time is considered unusual if it is NOT between
// the end and start times.
else {
return(!isUnusualTime(currentTime, endTime, startTime));
}
}
} |
Listing 9.10. web.xml (Excerpt for access time filter)
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<!-- ... -->
<!-- Register the name "LateAccessFilter" for
moreservlets.filter.LateAccessFilter.
Supply two initialization parameters:
startTime and endTime.
-->
<filter>
<filter-name>LateAccessFilter</filter-name>
<filter-class>
moreservlets.filters.LateAccessFilter
</filter-class>
<init-param>
<param-name>startTime</param-name>
<param-value>2</param-value>
</init-param>
<init-param>
<param-name>endTime</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<!-- ... -->
<!-- Apply LateAccessFilter to the home page. -->
<filter-mapping>
<filter-name>LateAccessFilter</filter-name>
<url-pattern>/index.jsp</url-pattern>
</filter-mapping>
<!-- ... -->
</web-app> |