tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: Servlet Filter Examples
Date Fri, 23 Dec 2011 08:41:21 GMT
2011/12/23 Christopher Schultz <chris@christopherschultz.net>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> All,
>
> At the ApacheCon NA Tomcat meetup back in November, there was general
> interest in seeing some example servlet Filters in the Tomcat examples
> directory. I said I'd write some. It's time to put my money where my
> mouth was.
>
> I have the following filters already in my current project would could
> be edited a bit and put into Tomcat's examples. Is there any interest
> in the following:

Only examples, or add them to catalina.filters ?

>
> 1. BrokenLocaleFilter -- fixes Opera 9's non-spec-compliant
>   Accept-Language locale formatting (O9 uses en_US instead of en-us)

Fixed in Opera 9.01 [1], and latest version is 11.60. Is it still
relevant? Anyway a broken browser will fail on a number of web sites.

If I treat it as a an example of implementing a filter, I do not
expect it to be of great demonstrative value.

[1] http://www.opera.com/docs/changelogs/windows/901/

The language value in Accept-Language is defined as

   Language-Tag = Primary-subtag *( "-" Subtag )
   Primary-subtag = 1*8ALPHA
   Subtag = 1*8(ALPHA / DIGIT)

The above is from RFC 2616 errata + RFC 3066
http://skrb.org/ietf/http_errata.html
(http://purl.org/NET/http-errata)

The '_' is not a valid ALPHA character, so I think the value must be
ignored. Usually there will be "en" in the list of languages sent by
browser as well, so the web site might fall back to that.

>
> 2. EncodingFilter -- sets request's character encoding when the client
>   does not specify one. I think this is already in Tomcat -- I'll check

SetCharacterEncodingFilter.

I yesterday proposed its backport to 6.0 and 5.5 - one may vote.

> 3. CredentialFilter -- looks for a Printipal in the request and a
>   missing User object in the HttpSession, and loads a User from
>   (wherever) and puts it into the session. Essentially, this allows
>   a webapp to do a "real" "login" after contained-manager
>   authentication has done its job.

I would say that that "whatever" part will be very specific to your
requirements.

>
> 4. HttpResponseSplittingPreventionFilter -- prevents HTTP response
>   headers from containing CR or LF characters (features response
>   wrapping)
>
> I also have this one sitting around. I think I wrote it on a dare for
> the tomcat-user list:

Maybe use a different name and provide stronger validation of headers
and it might go into catalina.filters.

>
> 5. HttpConversationRecorderFilter -- this captures an entire HTTP
>   request and response and dumps them to (somewhere -- currently
>   stdout) after the request completes.
>   Features wrapping the request and response objects.
>   Features massive buffering (!)

It might be interesting for debugging.
It might be interesting as an example of wrapping.
Is that buffering something special? I do not understand "massive"
adjective here.

>
> I'd also be happy to try my hand at other filters the community thinks
> would be generally useful as well as educational.
>

As a start I'd suggest to file them as separate issues in Bugzilla. I
think we can go on from there.

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message