Announcement Announcement Module
No announcement yet.
Adding a simple servlet filter using Spring Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Adding a simple servlet filter using Spring

    I'm experienced with Spring but not with using it in a web context. I have implemented a Servlet and have to authenticate users by parsing credentials and the invoking a remote HTTP authentication service which will return a pass or fail response. (Not the greatest security, but this is a requirement to deal with legacy issues). I was thinking of adding a servlet filter that intercepts all requests to my Servlet and handles the authentication. My servlet implements the spring HttpRequestHandler and is already managed using Spring configuration. Can someone recommend how to add my custom authentication Filter using Spring configuration such that it gets invoked whenever a user tries to access my servlet?

    My simple web.xml:

    <?xml version="1.0" encoding="UTF-8"?>

    <description>Spring Listener</description>
    <listener-class>org.springframework.web.context.ContextLoade rListener</listener-class>

    <servlet-class> RequestHandlerServlet</servlet-class>


    And my simple spring configuration:


    <bean id="SpringTestServlet" class="springtest.servlet.SpringTestServlet">



  • #2
    Please use [ code][/code ] tags when posting code.

    1) Your Servlet doesn't have to be a servlet it can simply be a plain class implementing the HttpRequestHandler interface
    2) Simply implement the Filter interface and register it in your web.xml
    3) Create a filter-mapping

    Also I'm still not sure what your servlet does, is it calling the authentication service is it doing something else? At least it looks strange.


    • #3
      Thanks for the tip, i'll use the code tags next time.

      The design is as follows - I'm creating a servlet that will receive Jar uploads from remote clients via HTTP. The job of the servlet is to accept the Jar upload, unpack it, and process the contents within. The next piece is to authenticate the client requests. I can't disclose all of the details, but the credentials passed in the client requests will have to be forwarded to a remote HTTP service that will return a pass or fail response. After the pass or fail is received, my servlet can then process the Jar upload. I want the authentication logic completely abstracted from the Servlet itself, so I figured this could be handled from within a Servlet Filter.

      I did some experimenting and I believe I have the solution. It uses Spring's DelegatingFilterProxy.

      I added this to my web.xml
      And added a bean that implements the Filter interface to my spring xml:

      	<bean id="SpringTestFilter" class="">  
      When client requests come in, the DelegatingFilterProxy invokes my spring managed Filter bean to handle the authentication prior to the invocation my Jar upload servlet.