Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to return HTTP error code from servlet filter?

I have pages in my web application which are accessible only by the administrator. I wrote filter, but I don't understand how to return HTTP error code(403) from the filter if user isn't the admin.

public class AdminFilter implements Filter {
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String username = servletRequest.getParameter("username");
        String password = servletRequest.getParameter("password");

        UserDao userDaoImpl = new UserDaoImpl();
        if(userDaoImpl.findByUsername(username).getPassword().equals(password)) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            //respond with 403
        }
    }
}

I understand that I can redirect to my custom 403 page but I'm wondering how to return HTTP error code.

like image 710
Artmal Avatar asked Aug 29 '17 19:08

Artmal


People also ask

How does filter work in servlet?

Servlet Filters are pluggable java components that we can use to intercept and process requests before they are sent to servlets and response after servlet code is finished and before container sends the response back to the client.

Is servlet filter thread safe?

Servlets are normal java classes and thus are NOT Thread Safe.

Where filters are defined in servlet?

The filter API is defined by the Filter , FilterChain , and FilterConfig interfaces in the javax. servlet package. You define a filter by implementing the Filter interface. A filter chain, passed to a filter by the container, provides a mechanism for invoking a series of filters.

How do you set a status response?

To set a different HTTP status code from your Servlet, call the following method on the HttpServletResponse object passed in to your server: res. setStatus(nnn); where nnn is a valid HTTP status code.


2 Answers

You need to cast servletResponse to HttpServletResponse first:

HttpServletResponse response = (HttpServletResponse) servletResponse;

Then use its sendError() method:

response.sendError(HttpServletResponse.SC_FORBIDDEN);

SC_FORBIDDEN stands for code 403.

By the way, you don't redirect to 403 page, you just respond with that status. If you do that, the servlet container will serve a special 403 page to the user. You can configure that page in your web.xml:

<error-page>
    <error-code>403</error-code>
    <location>/error-403.htm</location>
</error-page>

This instructs the container to serve your custom page /error-403.htm when you set 403 status.

If you want a redirect, you could use response.sendRedirect() (it issues a 302 redirect).

like image 62
Roman Puchkovskiy Avatar answered Oct 26 '22 23:10

Roman Puchkovskiy


I have solved in this way:

((HttpServletResponse) response).setStatus(HttpServletResponse.SC_BAD_REQUEST);
(HttpServletResponse) response).sendError(HttpServletResponse.SC_BAD_REQUEST, "HMAC Failed - X-Authenticated-Id not available");
return;
like image 25
Andrea Girardi Avatar answered Oct 26 '22 23:10

Andrea Girardi