Servlet Parameter Change Filter Project

Click here to download eclipse supported ZIP file




 

    
package com.cv.servlet.filter.param;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.log4j.Logger;

/**
 * Servlet implementation class LoginServlet
 
 @author Chandra Vardhan
 
 */

public class LoginServlet extends HttpServlet {

  private final String userID = "ardnahc";

  private static final Logger LOGGER = Logger.getLogger(LoginServlet.class);

  /**
   * Constructor of the object.
   */
  public LoginServlet() {
    super();
  }

  /**
   * Destruction of the servlet. <br>
   */
  public void destroy() {
    super.destroy()// Just puts "destroy" string in log
    // Put your code here
  }

  /**
   * The doGet method of the servlet. <br>
   *
   * This method is called when a form has its tag value method equals to get.
   
   @param request
   *            the request send by the client to the server
   @param response
   *            the response send by the server to the client
   @throws ServletException
   *             if an error occurred
   @throws IOException
   *             if an error occurred
   */

  protected void doGet(HttpServletRequest request,
      HttpServletResponse responsethrows ServletException, IOException {
    LOGGER.info("Entered into doGet(HttpServletRequest ,HttpServletResponse ) of LoginServlet class... ");

    String user = request.getParameter("dangerousParamName");
    LOGGER.info("dangerousParamName parameter value is : " + user);
    if (userID.equals(user)) {
      HttpSession session = request.getSession();
      LOGGER.info("dangerousParamName attribute value setting is : "
          + user);
      LOGGER.info("dangerousParamName value is changed by filter : "
          + user);
      session.setAttribute("dangerousParamName", user);
      LOGGER.info("sendRedirecting to success.jsp...");
      response.sendRedirect("success.jsp");
    else {
      RequestDispatcher rd = getServletContext().getRequestDispatcher(
          "/login.html");
      PrintWriter out = response.getWriter();
      out.println("<font color=red>user name is wrong. Please look at logs... </font>");

      LOGGER.info("Enter username = 'chandra'  ");

      rd.include(request, response);
    }

  }

  /**
   * The doPost method of the servlet. <br>
   *
   * This method is called when a form has its tag value method equals to
   * post.
   
   @param request
   *            the request send by the client to the server
   @param response
   *            the response send by the server to the client
   @throws ServletException
   *             if an error occurred
   @throws IOException
   *             if an error occurred
   */
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    LOGGER.info("Entered into doPost(HttpServletRequest ,HttpServletResponse ) of LoginServlet class... ");
    doGet(request, response);
  }

  /**
   * Initialization of the servlet. <br>
   *
   @throws ServletException
   *             if an error occurs
   */
  public void init() throws ServletException {
    // Put your code here
  }

}


 

    
package com.cv.servlet.filter.param;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

import org.apache.log4j.Logger;

/**
 * Servlet Filter implementation class RequestParameterChangeFilter
 
 @author Chandra Vardhan
 
 */

public class RequestParameterChangeFilter implements Filter {

  private static final Logger LOGGER = Logger.getLogger(RequestParameterChangeFilter.class);

  private ServletContext context;

  public void init(FilterConfig fConfigthrows ServletException {
    LOGGER.info("init ... RequestParameterChangeFilter");
    this.context = fConfig.getServletContext();
    this.context.log("RequestParameterChangeFilter initialized");
  }

  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
      throws IOException, ServletException {
    LOGGER.info("doFilter ... RequestParameterChangeFilter");
    
    // pass the request along the filter chain
    chain.doFilter(new FilteredRequest(request), response);
  }

  public void destroy() {
    // we can close resources here
    LOGGER.info("destroy ... RequestParameterChangeFilter");
  }

  static class FilteredRequest extends HttpServletRequestWrapper {

    public FilteredRequest(ServletRequest request) {
      super((HttpServletRequestrequest);
    }

    public String sanitize(String input) {
      String result = "";
      for (int i = input.length()-1; i >= 0; --i) {        
          result += input.charAt(i);
        }
      return result;
    }

    public String getParameter(String paramName) {
      String value = super.getParameter(paramName);
      if ("dangerousParamName".equals(paramName)) {
        value = sanitize(value);
      }
      return value;
    }

    public String[] getParameterValues(String paramName) {
      String values[] super.getParameterValues(paramName);
      if ("dangerousParamName".equals(paramName)) {
        for (int index = 0; index < values.length; index++) {
          values[index= sanitize(values[index]);
        }
      }
      return values;
    }
  }

}



<%@ page language="java" contentType="text/html; charset=US-ASCII"
pageEncoding="US-ASCII"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII">
<title>Login Success Page</title>
</head>
<body>
<%String userName = null;
if (session.getAttribute("user1") == null) {
if(application.getAttribute("user2") != null) {
userName = (String)application.getAttribute("user2");
} else {
response.sendRedirect("login.html");
}
}

String sessionID = null;
Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
if (cookie.getName().equals("user")) {
userName = cookie.getValue();
}
}
}
%>
<h3>Hi ${userName}, do the checkout.</h3>
<br>
<form action="LogoutServlet" method="post">
<input type="submit" value="Logout">
</form>
</body>
</html>



<!DOCTYPE html>
<html>
<head>
<meta charset="US-ASCII">
<title>Login Page</title>
</head>
<body>
<form action="LoginServlet" method="post">
Username: <input type="text" name="dangerousParamName"> <br> 
 <br> <input
type="submit" value="Login">
</form>
</body>
</html>



<%@ page language="java" contentType="text/html; charset=US-ASCII"
pageEncoding="US-ASCII"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII">
<title>Login Success Page</title>
</head>
<body>
<%
//allow access only if session exists
String user = null;
if (session.getAttribute("dangerousParamName") != null) {

user = (String) session.getAttribute("dangerousParamName");

} else {

response.sendRedirect("login.html");
}


%>
<br>
Hi
<%=user%>, Login successful.
<br> User : <%=user%>
<br>
</body>
</html>



#By default enabling Console appender
# Root logger option
log4j.rootLogger=INFO, stdout

# Redirect log messages to console
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.Target=System.out
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%-5p [%c]:%L -->> %m%n

# Redirect log messages to a log file
#log4j.appender.file=org.apache.log4j.RollingFileAppender
#log4j.appender.file.File=C:\\servlet-application.log
#log4j.appender.file.MaxFileSize=5MB
#log4j.appender.file.MaxBackupIndex=10
#log4j.appender.file.layout=org.apache.log4j.PatternLayout
#log4j.appender.file.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n




<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <artifactId>ServletParameterChangetFilterProject</artifactId> <version>1.0</version> <packaging>war</packaging> <properties> <log4j.version>1.2.16</log4j.version> <java.version>1.8</java.version> </properties> <build> <plugins> <plugin> <artifactId>maven-compiler-plugin</artifactId> <version>3.3</version> <configuration> <source>${java.version}</source> <target>${java.version}</target> </configuration> </plugin> <plugin> <artifactId>maven-war-plugin</artifactId> <version>2.6</version> <configuration> <warSourceDirectory>WebContent</warSourceDirectory> <failOnMissingWebXml>false</failOnMissingWebXml> </configuration> </plugin> </plugins> </build> <dependencies> <dependency> <groupId>javax.servlet</groupId> <artifactId>servlet-api</artifactId> <version>3.0-alpha-1</version> </dependency> <dependency> <groupId>commons-fileupload</groupId> <artifactId>commons-fileupload</artifactId> <version>1.3.1</version> </dependency> <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>${log4j.version}</version> </dependency> <dependency> <groupId>javax.servlet.jsp</groupId> <artifactId>jsp-api</artifactId> <version>2.0</version> </dependency> <dependency> <groupId>jstl</groupId> <artifactId>jstl</artifactId> <version>1.2</version> </dependency> <dependency> <groupId>taglibs</groupId> <artifactId>standard</artifactId> <version>1.1.2</version> </dependency> </dependencies> <groupId>com.cv.servlet.zip</groupId> </project>




 
<?xml version="1.0" encoding="UTF-8"?> 
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1"> <servlet> <servlet-name>LoginServlet</servlet-name> <servlet-class>com.cv.servlet.filter.param.LoginServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>LoginServlet</servlet-name> <url-pattern>/LoginServlet</url-pattern> </servlet-mapping> <filter> <filter-name>RequestParameterChangeFilter</filter-name> <filter-class>com.cv.servlet.filter.param.RequestParameterChangeFilter</filter-class> </filter> <filter-mapping> <filter-name>RequestParameterChangeFilter</filter-name> <url-pattern>/LoginServlet</url-pattern> </filter-mapping> <welcome-file-list> <welcome-file>login.html</welcome-file> </welcome-file-list> </web-app>


No comments:

Post a Comment