How to add a custom header in Tomcat?

Question

We have an app running on Tomcat. Before any request comes to our server, it goes through a gateway. This gateway adds a custom http header called request-id. This is how we track the request throughout our subsystems.

At times it is possible that the gateway might fail to add this header. In that case I was wondering if I can write a filter or some other thing that adds this header if its missing and sets the value to a UUID. That way my business logic doesn't have to worry about the request id ever be missing.

I have searched the web but haven't found anything yet.

Answer 1

it has been a long since you have asked this question, but recently I have the same scenario where I had to detect if the request has Coookie header, otherwise, add Set-Cookie header with SameSite=None. I have acheived this with a filter. In my case, each request or response has to have a Cookie or Set-Cookie header respectively.

public class SameSiteCookieHeaderFilter implements Filter {

private static final String LOCALE_ID_COOKIE = "locale";

private static final String SET_COOKIE_HEADER = "Set-Cookie";

@Override
public void destroy() {
}

@Override
public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse,
                     final FilterChain filterChain) throws IOException, ServletException {
    final HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
    final HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
    final Collection<String> setCookieHeaders = httpServletResponse.getHeaders(SET_COOKIE_HEADER);

    for (final String setCookieHeader : setCookieHeaders) {
        httpServletResponse.addHeader(SET_COOKIE_HEADER, setCookieHeader + "; Secure; SameSite=None");
    }

    if (setCookieHeaders.size() == 0) {
        final Cookie[] cookies = httpServletRequest.getCookies();

        for (final Cookie cookie : cookies) {
            if (cookie.getName().equals(LOCALE_ID_COOKIE)) {
                httpServletResponse.addHeader(SET_COOKIE_HEADER, buildSessionIdCookie(cookie.getValue()));
            }
        }
    }

    filterChain.doFilter(servletRequest, servletResponse);
}

@Override
public void init(FilterConfig filterConfig) throws ServletException {
}

private String buildSessionIdCookie(final String value) {
    return LOCALE_ID_COOKIE + "=" + value + "; " + "Path=/; " + "SameSite=None; " + "Secure; HttpOnly;";
}

web.xml (application side)

<filter>
    <filter-name>SameSiteCookieHeaderFilter</filter-name>
    <filter-class>de.chemmedia.kw.core.filter.SameSiteCookieHeaderFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>SameSiteCookieHeaderFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
</filter-mapping>

FYI: Tomcat 7.0.104, Servlet 3.1 and Spring 4.2.x

I hope my answer helps somebody 🙂🙂