Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B31BD7576 for ; Fri, 23 Dec 2011 08:41:53 +0000 (UTC) Received: (qmail 96989 invoked by uid 500); 23 Dec 2011 08:41:50 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 96935 invoked by uid 500); 23 Dec 2011 08:41:49 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 96926 invoked by uid 99); 23 Dec 2011 08:41:48 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 23 Dec 2011 08:41:48 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of knst.kolinko@gmail.com designates 209.85.212.45 as permitted sender) Received: from [209.85.212.45] (HELO mail-vw0-f45.google.com) (209.85.212.45) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 23 Dec 2011 08:41:42 +0000 Received: by vbip1 with SMTP id p1so2503603vbi.18 for ; Fri, 23 Dec 2011 00:41:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=8pB/NfDldthN7xpZ3WJVJaSpZXv8UKrSRcrgxucXh24=; b=f5oOMnkbkQwPNxH4GoLKT73RPy7rjePPnoMb15N4G9oLoMxdfXReT3wE1LzEqDOv1j Yoxcw4CoeJ/UTRgSfbDp8J8wZUUuOdqo9luAI4DLoye7646htjW20CfN3/NPf10W6B2o WphwT74sMp0UMSmPPnbLryNiIZldHqt7MDq0U= MIME-Version: 1.0 Received: by 10.52.20.35 with SMTP id k3mr8056973vde.34.1324629681464; Fri, 23 Dec 2011 00:41:21 -0800 (PST) Received: by 10.52.93.243 with HTTP; Fri, 23 Dec 2011 00:41:21 -0800 (PST) In-Reply-To: <4EF3A70F.8030007@christopherschultz.net> References: <4EF3A70F.8030007@christopherschultz.net> Date: Fri, 23 Dec 2011 12:41:21 +0400 Message-ID: Subject: Re: Servlet Filter Examples From: Konstantin Kolinko To: Tomcat Users List Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org 2011/12/23 Christopher Schultz : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > All, > > At the ApacheCon NA Tomcat meetup back in November, there was general > interest in seeing some example servlet Filters in the Tomcat examples > directory. I said I'd write some. It's time to put my money where my > mouth was. > > I have the following filters already in my current project would could > be edited a bit and put into Tomcat's examples. Is there any interest > in the following: Only examples, or add them to catalina.filters ? > > 1. BrokenLocaleFilter -- fixes Opera 9's non-spec-compliant > =A0 Accept-Language locale formatting (O9 uses en_US instead of en-us) Fixed in Opera 9.01 [1], and latest version is 11.60. Is it still relevant? Anyway a broken browser will fail on a number of web sites. If I treat it as a an example of implementing a filter, I do not expect it to be of great demonstrative value. [1] http://www.opera.com/docs/changelogs/windows/901/ The language value in Accept-Language is defined as Language-Tag =3D Primary-subtag *( "-" Subtag ) Primary-subtag =3D 1*8ALPHA Subtag =3D 1*8(ALPHA / DIGIT) The above is from RFC 2616 errata + RFC 3066 http://skrb.org/ietf/http_errata.html (http://purl.org/NET/http-errata) The '_' is not a valid ALPHA character, so I think the value must be ignored. Usually there will be "en" in the list of languages sent by browser as well, so the web site might fall back to that. > > 2. EncodingFilter -- sets request's character encoding when the client > =A0 does not specify one. I think this is already in Tomcat -- I'll check SetCharacterEncodingFilter. I yesterday proposed its backport to 6.0 and 5.5 - one may vote. > 3. CredentialFilter -- looks for a Printipal in the request and a > =A0 missing User object in the HttpSession, and loads a User from > =A0 (wherever) and puts it into the session. Essentially, this allows > =A0 a webapp to do a "real" "login" after contained-manager > =A0 authentication has done its job. I would say that that "whatever" part will be very specific to your requirements. > > 4. HttpResponseSplittingPreventionFilter -- prevents HTTP response > =A0 headers from containing CR or LF characters (features response > =A0 wrapping) > > I also have this one sitting around. I think I wrote it on a dare for > the tomcat-user list: Maybe use a different name and provide stronger validation of headers and it might go into catalina.filters. > > 5. HttpConversationRecorderFilter -- this captures an entire HTTP > =A0 request and response and dumps them to (somewhere -- currently > =A0 stdout) after the request completes. > =A0 Features wrapping the request and response objects. > =A0 Features massive buffering (!) It might be interesting for debugging. It might be interesting as an example of wrapping. Is that buffering something special? I do not understand "massive" adjective here. > > I'd also be happy to try my hand at other filters the community thinks > would be generally useful as well as educational. > As a start I'd suggest to file them as separate issues in Bugzilla. I think we can go on from there. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org