Class RequestFilter

java.lang.Object
org.apache.catalina.filters.FilterBase
org.apache.catalina.filters.RequestFilter
All Implemented Interfaces:
Filter
Direct Known Subclasses:
RemoteAddrFilter, RemoteHostFilter

public abstract class RequestFilter extends FilterBase
Implementation of a Filter that performs filtering based on comparing the appropriate request property (selected based on which subclass you choose to configure into your Container's pipeline) against the regular expressions configured for this Filter.

This filter is configured by setting the allow and/or deny properties to a regular expressions (in the syntax supported by Pattern) to which the appropriate request property will be compared. Evaluation proceeds as follows:

  • The subclass extracts the request property to be filtered, and calls the common process() method.
  • If there is a deny expression configured, the property will be compared to the expression. If a match is found, this request will be rejected with a "Forbidden" HTTP response.
  • If there is a allow expression configured, the property will be compared to the expression. If a match is found, this request will be allowed to pass through to the next filter in the current pipeline.
  • If a deny expression was specified but no allow expression, allow this request to pass through (because none of the deny expressions matched it).
  • The request will be rejected with a "Forbidden" HTTP response.
  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    protected Pattern
    The regular expression used to test for allowed requests.
    protected Pattern
    The regular expression used to test for denied requests.
    protected int
    The HTTP response status code that is used when rejecting denied request.

    Fields inherited from class org.apache.catalina.filters.FilterBase

    sm
  • Constructor Summary

    Constructors
    Constructor
    Description
     
  • Method Summary

    Modifier and Type
    Method
    Description
    abstract void
    doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
    Extract the desired request property, and pass it (along with the specified request and response objects) to the protected process() method to perform the actual filtering.
     
     
    int
     
    protected boolean
    Determines if an exception when calling a setter or an unknown configuration attribute triggers the failure of the this filter which in turn will prevent the web application from starting.
    protected void
    process(String property, ServletRequest request, ServletResponse response, FilterChain chain)
    Perform the filtering that has been configured for this Filter, matching against the specified request property.
    void
    Set the regular expression used to test for allowed requests for this Filter, if any.
    void
    Set the regular expression used to test for denied requests for this Filter, if any.
    void
    setDenyStatus(int denyStatus)
    Set response status code that is used to reject denied request.

    Methods inherited from class org.apache.catalina.filters.FilterBase

    getLogger, init

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface jakarta.servlet.Filter

    destroy
  • Field Details

    • allow

      protected Pattern allow
      The regular expression used to test for allowed requests.
    • deny

      protected Pattern deny
      The regular expression used to test for denied requests.
    • denyStatus

      protected int denyStatus
      The HTTP response status code that is used when rejecting denied request. It is 403 by default, but may be changed to be 404.
  • Constructor Details

    • RequestFilter

      public RequestFilter()
  • Method Details

    • getAllow

      public String getAllow()
      Returns:
      the regular expression used to test for allowed requests for this Filter, if any; otherwise, return null.
    • setAllow

      public void setAllow(String allow)
      Set the regular expression used to test for allowed requests for this Filter, if any.
      Parameters:
      allow - The new allow expression
    • getDeny

      public String getDeny()
      Returns:
      the regular expression used to test for denied requests for this Filter, if any; otherwise, return null.
    • setDeny

      public void setDeny(String deny)
      Set the regular expression used to test for denied requests for this Filter, if any.
      Parameters:
      deny - The new deny expression
    • getDenyStatus

      public int getDenyStatus()
      Returns:
      response status code that is used to reject denied request.
    • setDenyStatus

      public void setDenyStatus(int denyStatus)
      Set response status code that is used to reject denied request.
      Parameters:
      denyStatus - The status code for deny
    • doFilter

      public abstract void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
      Extract the desired request property, and pass it (along with the specified request and response objects) to the protected process() method to perform the actual filtering. This method must be implemented by a concrete subclass.
      Parameters:
      request - The servlet request to be processed
      response - The servlet response to be created
      chain - The filter chain
      Throws:
      IOException - if an input/output error occurs
      ServletException - if a servlet error occurs
    • isConfigProblemFatal

      protected boolean isConfigProblemFatal()
      Description copied from class: FilterBase
      Determines if an exception when calling a setter or an unknown configuration attribute triggers the failure of the this filter which in turn will prevent the web application from starting.
      Overrides:
      isConfigProblemFatal in class FilterBase
      Returns:
      true if a problem should trigger the failure of this filter, else false
    • process

      protected void process(String property, ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
      Perform the filtering that has been configured for this Filter, matching against the specified request property.
      Parameters:
      property - The request property on which to filter
      request - The servlet request to be processed
      response - The servlet response to be processed
      chain - The filter chain
      Throws:
      IOException - if an input/output error occurs
      ServletException - if a servlet error occurs