Free electronic library

com.


Listing 5.13 web.xml (Excerpt for prohibited-site filter) (continued)
Chapter 5 ?–  Servlet and JSP Filters 234
5.9 Modifying the Response
So filters can block access to resources or invoke them normally. But what if filters
want to change the response that a resource generates? There don??™t appear to be any
methods that provide access to the response that a resource generates. The second
argument to doFilter (the ServletResponse) gives the filter a way to send new
output to a client, but it doesn??™t give the filter access to the output of the servlet or
JSP page. How could it? When the doFilter method is first invoked, the servlet or
JSP page hasn??™t even executed yet. Once you call the doFilter method of the FilterChain
object, it appears to be too late to modify the response??”data has already
been sent to the client. Hmm, a quandary.
The solution is to change the response object that is passed to the doFilter method
of the FilterChain object. You create a response object that looks like an ordinary
HttpServletResponse object to the servlet or JSP page. However, when the servlet
or JSP page calls response.getWriter or response.getOutputStream and
starts sending output, the output doesn??™t really get sent to the client. Instead, it gets
buffered up into a large string where the filter can examine or modify it before really
sending it to the client. The servlet API provides a useful resource for this purpose: the
HttpServletResponseWrapper class.


Pages:
261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285