The document provides an introduction to using Servlets and JSPs to build dynamic web applications. It discusses the web application architecture and how requests are handled by the container. Servlets are Java classes that handle requests and responses, while JSPs simplify creating dynamic web pages by mixing HTML with Java code. The document outlines the servlet lifecycle and the differences between GET and POST requests. It also discusses how to retrieve and set request and response parameters, headers, and attributes to communicate between the client and server.
2. PLAN
1. Why use Servlets & JSPs: an introduction
2. Web App Architecture: high-level overview
3. Being a Servlet: request AND response
4. Being a Web App: attributes and listeners
5. Conversational state: session management
6. Being a JSP: using JSP
7. Script-free pages: scriptless JSP
8. JSTL
9. Keep it secret, keep it safe: web app security
10. The Power of Filters
22
3. 1. Why use Servlets & JSPs: an
introduction
To build a good web application you need Java , you need JSPs
and Servlets
JSPs and Servlets allow us to build dynamic web site not like the old
plain static HTML pages
Servlets are a java code with HTML
JSP are a HTML with java code
Thats mean that the servlets are a JSPs
33
4. 2. Web App Architecture
q What’s a container :
Classes like servlets don’t have a main() they are under the control
of the container ( like tomcat , Jboss, GlassFish…).
Those classes are deployed in the container so the container who
gives to the servlet the HTTP response and request (we will talk
about this later just keep in mind this ;) ).
44
5. 2. Web App Architecture
q What does the container give you
Communication support : so you dont have to focus on how your
server will communicates with the client, you dont have to
buildServerSocket, Builduing streams or listen on a port … all of
that make you focus on the business logic of your application.
Life Cycle management : the container take car of loading,
initializing and instantiating your servlets, invoque their methods
and make her eligible to the GC (garbage collector).
Multithreading supports : the container creates a new java thread
of any servlets when it recieves a request (you can use the
synchroniziation issues too)
55
6. 2. Web App Architecture
Declarative security : you use a XML deployment descriptor to
configure, modify secutiry you don’t have to hard code , you
don’t have to touche your java source files or recompilling them.
JPS support : we will see how cool is a JSP later but if you remember
i said that jsp (HTML+java) = servlet (Java+HTML) the container take
care of translating the JSP into Java code
66
7. 2. Web App Architecture
q How the container handles a requet
1. The User clicks on the page that has a url to the servelt
2. The container find that the request is for a servlet so
He creates 2 objects HttpServletRequest and
HttpServletResponse.
3. The container find the appropriate servlet and creates a new thread of her and
passes to it those two objects
4. The servlet calls the method service() it will calls either one of the methods like
doGet() and doPost() (there are others methods)
5. The method will generate a dynamic page and stuffs it into the response ( the
container always has a reference to the response)
6. The thread terminates the container translate the response object into HTTP
response and sends it to the client and deletes the objects.
77
8. 2. Web App Architecture
PrintWriter out = response.getWriter(); : you can get a printWriter to write a html text
into the response (there are some option to send a picture for exemple)
88
9. 2. Web App Architecture
q Using deployment descriptor to map URL to Servlets:
When you deploy your servlet you create a file.xml (DD) tells to the
container how he will run the servlets and JSPs.
There are 2 elements to map URL into a Servlets :
1. <servlet> : maps internal name to a fully-qualified class name
2. <servlet-mapping> : maps internal name to a public URL name
99
10. 2. Web App Architecture
Be careful there is a lot you can do with DD
Like security roles, error pages we will see all of
That later just keep in mind what is the DD
1010
11. 2. Web App Architecture
q MVC design pattern
Model* View* Controler* is the separation business logic out of servlet
and put it in a Model a plain old java class
1111
12. 3.Being a Servlet
q Servlet’s life cycle
1. Your servlet class runs his no-args
constructor
2.
3. Calls init() : only once in the servlet’s
life and must finish before container
can call service().
4.
5. Service() : doGet / doPost/… (at least
one of them ). You should not
override it from HttpServlet !!! It will
determines the HTTP method
(GET,POST,…)
q
1212
13. 3.Being a Servlet
q Servlets and Threads
Servlet is always called in its own stack
1. Servlet initialization : (Thread A) the container calls init() after the
servlet instance created and before runs service().
2. client request 1 : (Thread B) the container starts new thread and
invoque service() – after determines the HTTP request method –
it will run the doMethode (doPost) .
3. client request n : (Thread C) the container do the same thinks
new thread -> service() -> doGet
the Servlet can be instanciate only one time.
1313
14. 3.Being a Servlet
q ServletConfig and ServletContext
What makes an Object become a Servlet :
A ServletConfig Object : 1 ServletConfig per Servlet, Use it to access
the servlet context , or to pass deploy-time information to the
servlet that you don’t want to make it into it.
servletConfig parameters are configured in the DD
A ServletContext Object : 1 ServletContext per WebApp. Use it to
acces web parameters or to get server’s informations
v The true job of theses objects is to handle clients request
1414
15. 3.Being a Servlet
q Request and Response
HttpServletXXXX adds methods
For the HTTP protocol like cookies,
Header, …
In other word what a servlet uses to
Communicate with the client/server
1515
16. 3.Being a Servlet
q The difference between GET and POST
POST has a BODY.!
In fact you both Post and Get can send parameters, but with Get
the data parameters is limited yo what you can stuff into the
request line.
In the next page you will understand the Post and Get request
1616
18. 3.Being a Servlet
But there is other differences like when you use Get request can
bookmarked (end-user can bookmark a request page)
The probleme with get is that the parameters data shows up in the
browsers input bar (imagine you write a password )
so besides the size, sercurity and bookmarking you must know when
you use them :
GET : Hi server, im Get and i need some data just getting things i will
not change anything 0:)
POST : Hi server, im Post and i has some data to be processed 3:)
(think about update)
1818
19. 3.Being a Servlet
q Idempotent
Idempotent is good . It means you can do the same thing over and
ver again without any side effect .
For exemple when you hits a buttom and you though he didnt work so
you click again and again until the refresh of page meanwhile the
server process all your hits . Thats not idempotent
Get is idempotent because there is no update so no side effects
Post is not idempotent be careful
1919
20. 3.Being a Servlet
q Sending Post or Get request
To get the parameters String param =
request.getParameter(‘’name of the parameter in the form’’)
If the parameter contains lot of values « like checkBox » then String
[] tabParam = request.getParameterValues(’’ ’name of the
parameter in the form’’)
2020
21. 3.Being a Servlet
Other methods :
String client =request.getHeader(‘’user’’); client’s platform and
browser info
Cookie[] cookies = request.getCookies(); cookies associated with
request
HttpSession session = request.getSession(); session associated with
the client
String method = request.getMethod(); the http method of the
request
InputStream input = request.getInputStream(); an input stream from
the request
2121
22. 3.Being a Servlet
q Sending response
most of time we use response to send data to the client using
getContents() and getWriter() methods after that you simply
doing I/O to write HTML to the stream.
But we can use the response to send errors, set header and add
coockies … .
2222
24. 3.Being a Servlet
q Response.setContentType
To tell the browser what you’are sending back
He is the same type of MIME type he is http header must included in
the http response
2424
25. 3.Being a Servlet
q Output choices : Characters or Bytes
Its Plain Old Java.IO gives you only to two Streams :
1.ServletOutputStream for bytes:
2.PrintWriter for characters:
2525
26. 3.Being a Servlet
q Setting and adding response Headers
setHeader() :Overwrites the existing value
addHeader() add an additional value
They both takes name and value
When you say resp.setContentType(‘’test/html ’’) you setting
header its like you said resp.setHeader(‘’content-
type’’,’’text/html’’);
2626
27. 3.Being a Servlet
q Redirection
Some time you want something else handle the response for your
request
--Sending redirect make the
browser do the work.
q Dispatching
dispatcher the request to other component in your web app ,
The work on the server side
2727
28. 4.Being a Web App
In this chapter you will make you understand how the pieces of the
web app interact
We will understand the DD and explore other functionalities.
q Inti parameters
When you have to put informations that is gonna be change by the
time and you don’t want to have to recompile your servlet code
just to change it, you can initialize it in the DD.
28
29. 4.Being a Web App
Keep that in mind you can’t use servlet init param until the servlet is
initialized
Thats mean that you can’t call it in the constructor
When the container initializes a servlet he makes a unique servlet
config for it
The container the servlet reads init param only once
Servlet init param available to only the servlet for which the was
configured.
You can make a lot of int param
29
30. 4.Being a Web App
But what if we want to use it with other components like JSP ?
There is no JSPConfig and ServletConfig only for servlets :’(
Hmm we have Context init param :D it make param available to
the entire webApp
In the DD (web.xml):
In the servlet code :
30
31. 4.Being a Web App
q ServletContext
Only one servletcontext per application
Only one servletContext per JVM if we have distributed app
servletContext it makes the class a real servlet
Its like a bridge between the components of the webapp and the
container
31
32. 4.Being a Web App
q ServletContextListener
Listeners make us execute code before serving clients before
execute service().
We can use it to connect into databases..
Servlet don’t have main thats why we use listeners
We can make separate class listen to 2 key events (initialization and
distruction) this class implements
javax.servlet.ServletContextListener
32
33. 4.Being a Web App
We configure listeners in the DD (web.xml)
We cannot insert in init param an Object only string , the listeners
help us with these problems we can create the object inside it .
There are eight listeners
33
35. 4.Being a Web App
q Attributes
It’s object you pinned her so the others can get it
3 types:
Session
Request
Application / Context
2 Methods Get and Set
setAttribute(String name,Object value);
getAttribute(String name) and dont forget to cast the return type
35
36. 4.Being a Web App
ContextAttribute isn’t a thread safe
And this is bad so how we make her thread-safe
what we Synchronize the service method using Synchronized ?
This will stop other threads from the same servlet from accessing the
attributre what about the others servlets*
We need to lock the context not the servlet
36
37. 4.Being a Web App
to protect SessionAttribute we need to synchronize the session its
not thread safe but imagine that
A client connect with other browser
q SingleTreadModel
If you implement this interface
You ensures that your servlet
Handle only one request at a time,
The servlet container can make this guarantee by synchronizing
access to a single instance of the servlet, or by maintaining a
pool of servlet instances and dispatching each new request to a
free servlet ( you don’t need to focus on that a lot)
37
38. 4.Being a Web App
q RequestDispatcher
RequestDispatcher view = request.getRequestDispatcher(“result.jsp”); :
get a dispatcher for the view JSP
view.forward(request, response); : to tell to the jdp take over the
request and here are the request and response objects.
RequestDispater have only 2 methods forward and include
Getting a RequestDispatcher from a ServletRequest RequestDispatcher
view = request.getRequestDispatcher(“result.jsp”); he will looks in
result.jsp at the same logical location the request is in.
Getting a RequestDispatcher from a ServletContext must add forward
slash /result.jsp
38
39. 4.Being a Web App
If you forward a request AFTER a response is sent. The Container will
throw an IllegalStateException.
39
40. 5. Conversational state
q HttpSession
HttpSession object can hold conversational state across multiple
requests from the same client
How does the container know who the client is?
The client must have a unique ID
On the client’s first request the container generates a unique
session ID
The client sends back the session ID with each subsequent request
40
41. 5. Conversational state
The client and container exchange the Session ID is through cookies
When you write HttpSession s = request.getSession() :
The container will generate an ID he will make a new cookie object
and set her into the response
The same method used for getting session id from the request.
Session.isNew() returns boolean true if the client has not yet
responded with this session ID.
Request.getSession(false) : returns a pre-existing session or null if
there was no session associated ith this client
41
42. 5. Conversational state
You can do sessions even if the client doesn’t accept cookies :
If the client disable the cookies we can put the ID in the URL
URL+jsessionid=007
This will work only when the cookies fail or you use the encodeURL
Response.encodeURL(‘’/servlet.do’’) : extra session ID info to this url
the url encoding is the last hope it means the container will first
check cookies
If you want to redirect the request to different URL with the same
session uses response.encodeRedirectURL(‘’’’);
42
43. 5. Conversational state
q Session Time out
q
q
q
We can change timeout of a particular session instance witout
touching the DD
30 minutes
Sessions can die by 3 ways : timeOut, call invalidate(),App goes
down
43
44. 5. Conversational state
q Cookies
Ø Cookies is a little piece of data (name/value) exchanged between
the client and the server
Ø We can customize a cookie
Ø Cookie lives as long as a session
Ø
Ø
44
45. 6.Being a JSP
A JSP is just a Servlet.
The container translates your JSP into a Servlet.java and compiles it
into servlet.class and loads and initializes it as a servlet object.
In a jsp you must enter the fully qualified class name like any other
class java, or use import
<%out.println(pkg1.pk2.Dog.getname()) ; %> or
<%@ page import = “pkg1.pk2.*” %> ….. <
%out.println(Dog.getName()); %>
45
46. 6.Being a JSP
To import multiple packages
<%@ page import=“…. , …. , ….”>
If you see something like that <%@ , it’s a directive
We can replace out.println with <%= and we remove the ;
So there are 3 JSP elements types :
Scriptlet : like <% %>
Directive : like <%@ %>
Expression : like <%=> adding sign to scriptlet
46
47. 6.Being a JSP
Declaring variables in a scriptlet <% int nbProduit = 0 ; %> are
always local variable they will be declared in the service method
when the container translates the JSP to a servlet
To declate an instance variable or a variable outside the service we
use the JSP elements called declaration <%! Int nbProduit =0; %>
47
48. 6.Being a JSP
q What the container do
Ø Looks at the directives, for information it might need during translation.
Ø Creates an HttpServlet subclass. For Tomcat 5, the generated servlet extends:
org.apache.jasper.runtime.HttpJspBase
Ø If there’s a page directive with an import attribute, it writes the import statements at
the top of the class file, just below the package statement. For Tomcat 5, the
package statement (which you don’t care about) is: package org.apache.jsp;
Ø If there are declarations, it writes them into the class file, usually just below the class
declaration and before the service method. Tomcat 5 declares one static
variable and one instance method of its own.
Ø Builds the service method. The service method’s actual name is _jspService(). It’s
called by the servlet superclass’ overridden service() method, and receives the
HttpServletRequest and HttpServletResponse. As part of building this method, the
Container declares and initializes all the implicit objects.
Ø Combines the plain old HTML (called template text), scriptlets, and expressions into
the service method, formatting everything and writing it to the PrintWriter response
output.
48
50. 6.Being a JSP
To configure a jsp page
We must also define the url mapping, jsps are like servlets
q Overriding jspInit()
it will be called from the servlet
method init()
50
51. 6.Being a JSP
JSP makes you use implicit objects to get and set attriibute
corresponding to the four attributes scope.
JSP allows you to get and set any attribute at any scope with
pageConext implicit object
51
52. 6.Being a JSP
You can use findAttribute() to find attributes when you don’t know the
scope.
q Three directive
Page directive <% page import =‘’foo.* ’’ session = ‘’false’’ %>
Defines page-specific properties (content type, character encoding…)
Taglib directive <% taglibs tagdir=‘’…..’’ %>
Defines tag library to JSP, custom tags …
Include directive <% include file=‘’img.html’’ %>
lets you build reusable chunks that can be added to each page without
having to duplicate code
52
53. 6.Being a JSP
Directive page contains lots of attribute like
import (java.lang, javax.servlet.jsp…)
isThreadSafe defines whether the generated servlet needs to implement the
singleThreadModel
contentType for the MIME type
isELIgnored to tell ‘’ ignore the EL expressions when you translate the page
isErrorPage to defines wether the current page represents another JSP’s error
page
errorPage defines a URL to the resource to wich uncaught throwable should
be sent
The are others like session,language…
53
54. 6.Being a JSP
To use simple tags that cause java methods to run without having
to put actual java ode into page , we can use EL Expression
Language because using lot of java n our jsp (html it’s a bad
idea)
EL offer a simpler way to invoke java code
From <% application.getAttribute(‘’mail’’) %> to $
{applicationScope.mail} with EL
You can disable scripting by adding in you DD
54
55. 6.Being a JSP
To ignore EL we add to DD <el-ignored> true </…>
55
56. 7.Script-free pages
We can use on javaBeans the bean related standard actions
Without standard action :
<% foo.Dog d = (foo.Dog) request.getAttribute(‘’person’’); %>
<%= p.getName() %>
With standard actions :
<jsp:useBean id=‘’dog’’ class = ‘’foo.Dog’ scope=‘’request’’ />
<jsp:getProperty name=‘’dog’’ property=‘’name’’ />
56
57. 7.Script-free pages
Jsp:useBean can create a bean if it dosen’t find one
You can initilize your object with jsp:setProperty
<jsp:useBean id=‘’dog’’ class=‘’’dog.Dog’ scope=‘’’page’ >
<jsp:setProperty name=‘’’dog’ property=‘’name’’ value=‘’Rita’’ />
<!– this is a body-->
</jsp:useBean>
The body will run if the bean isn’t found and new one is created
57
58. 7.Script-free pages
q Jsp:useBean and the polymorphic
The class attribute determines the class of the new object and also
the type of reference variable
Class =‘’foo.Dog’’ ===> foo.Dog g = new foo.Dog()
To make polymor we need to add the type
Class = ‘’foo.Dog’’ type=‘’foo.Animal’’ ===> Animal a = new Dog();
If type used without class the bean must already exist
58
59. 7.Script-free pages
Param attribute lets you set value of a property to the value of a
request parameter just by naming the request parameter
Bean tags convert primitive properties automatically for exemple it
takes a string request parameter and converts it to an int
Automatic string-to-primitive conversion does not work if you use
scripting
59
60. 7.Script-free pages
In the property you can’t say dog.name !
So if you want to call the name of d dog object you must uses EL
without scripting
${dog.name} : the first variable is either an implicit object or an
attribute
Implicit object are not like jsp scripting (param, pageScope )except
pageConext all implicit objects are a map objects except
pageContext too
The second variable is a map key or a bean property
We can change the dot with [‘’name’’] it’s a good way when the
dog is an array or a list
60
61. 7.Script-free pages
If you don’t use the brackets its like you tell the container go find an
attribute named X use the Value of that attribute as the key into
the map or return null.
61
62. 7.Script-free pages
q Implicit object
Param implicit object is fine when you have only one parameter for
that particular parameter name else use paramValues $
{param.name} , ${paramValues.name[“0”]}
Header implicit object to get the server host information $
{header.host} or ${header[‘’host’’]}
requestScope is not the request object so if you want to call your
request object use the page context $
{pageContext.request.method}
+ the request Scope useful because it lets you switch to the [}
operator,that can take String names that don’t conform to JNR java
naming rules
62
63. 7.Script-free pages
Cookies imp object now we can call a specific cookie without any
hard code ${cookie.userName.Value}
Context init parameter imp object with scriptiong <%=
application.getInitParameter(“mail1”) %> and with EL $
{initParam.mainEmail}
63
64. 7.Script-free pages
q EL functions
We use EL functions when we want to call methods without
scripting using TLD (the tag library Descriptor ) we create this file
and it contains the tag <function> </function> for oour method
EL is null-friendly even if we had a null value and it can’t find an
attribute it treats the null value as ZERO in aruthmetic and FALSE
for logicl expressions
64
65. 7.Script-free pages
q Reusable template pieces
When we uses directives like include its like we tell the container
insert the header of the page x into this page
v The include Directive
Ø <%@ include file =‘’headerof the page x.jsp’’%> : a copy
Ø <js:include page =‘’….jsp’’ /> : insert the response of ….jsp
Ø The include directive happens at translation time
Ø The include standard happens at runtime
65
66. 7.Script-free pages
If you want to forward your client from a jsp to another uses
<jsp:forward page =‘’other.jsp’’/>
66
67. 8.JSTL
Looping with jstl
<c:forEach var=‘’movie’’ items =‘’….’’></forEach>
Conditional include with
<c:if test=‘’${userName eq ‘haikal’ }’’> </c:if> without if
<c:choose> if you have else u can do this jstl tags
<c:when test=‘’’’></c:when>
<c:otherwise></c:otherwise>
</c:choose>
67
68. 8.JSTL
<c:set var=‘’nomeDog’’ scope=‘’session ’’ value =‘’spike’’/> : the
value doesn’t have to be string
<c:set target=‘’${PetMap}’’ property =‘’dogName’’
value=‘’clover’’ />c : the target must not be null
Property is like if targer is a bean set the value of the prerty
dogname if it’s a map set the value of a key named dogName
You can’t do value + var only one of them
<c:remove> to remove from session
68
69. 8.JSTL
<c:import url=‘’’’/> adds the content from the value of the url attribute to the
current page, the import can reach outside the web app unlike the import
q Make our own error pages
<%@ page isErrorPage=‘’true’’%>
<%@ page errorPage=‘errorpage.jjsp’’%> if somthing goes wrong forward the
request to errorpage.jsp
We can use <error-page> dd tag for type exception or http errors
In your DD add <error-page>*
<exception-type>java.lang.Throwable</exception-type> or <error-
code>404</error-code>
<location>/errorpage.jsp</location>
</error-page>
q
69
70. 8.JSTL
To handle an exception use <c:catch> like try/catch </c:atch>
Add var=‘’myExceeption’’ to assign the exception to it
70
72. 9. Keep it secret, keep it safe: web
app security
Here we will talk about the security authentifcation authorization ,
confidentiality and data integrity
The container contains a security table if the URL in it that means
that the resource is constrained
The container will supply a vendor-specific table containing
usernames and their pswd
You can add user in the realm (where the authentication
information is stored) in tomcat it calls tomcat-users.xml
72
73. 9. Keep it secret, keep it safe: web
app security
<role rolename=‘’guest’’ / >
<role rolename=‘’Membre’’/>
<user username=‘’haikal’’ password=‘’haikal’’ roles =‘’member,
guest’’ /> becareful this is a part of vendor specific not DD
To get the container to ask for a username and pswd we must add
in the DD <login-config><auth-method>BASIC</auth-
method></login-config>
73
74. 9. Keep it secret, keep it safe: web
app security
Authorization step 1 :
Add security role iin the DD to map its vendor spec role information
with role name in our DD
<security-role><role-name>guest</role-name></security-role>
Step 2 :
Defining resource/method constraints using in you DD
<security-constrain>
<web-resource-collection>
<web-resource-name>UpdateDog</web-resource-name>
74
75. 9. Keep it secret, keep it safe: web
app security
<url-pattern>/a/*</url-pattern> : element define the resources to be
contrained
<http-method>GET</http-method> the http method which it’s
constrained
</web-resoirce-collection>
<auth-constraint>
<role-name>Admin</role-name> who is allowed to do the http
method constsrained
</auth-constraint>
75
76. 9. Keep it secret, keep it safe: web
app security
We match up roles in the DD with roles in a servlet when we call for
example if request.isUserInRole(‘’ ’guest’’ )==true, before this method is
called the user needs to be authentificated
q The 4 auth-mehod:
Basic = transmits the login information not encrypted
DIGEST = secure way but there are containers does not support the
encryption mechanism
CLIENT-CERT = secure form using public key but my clients must
have a certificate before they can login to my system
FORM = allows me to custom login form but the username and
psswd are send back in http request with no encryption
76
77. 9. Keep it secret, keep it safe: web
app security
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/loginPage.html</form-login-page>
<form-error-page>/loginError.html</form-error-page>
</form-login-config>
</login-config>
77
78. 9. Keep it secret, keep it safe: web
app security
q Protecting transport layer connection
Ø Ssecuring the http over TCP (SSL)
Ø Adds in the <security-constraint> <user-data-guarantee>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-guarantee> </security-constraint> if you write <auth-
constraint> and </web-resource-collection> this mean only x can
make a POST/GET… request to the resource yyy and make t secure
Ø
78
79. 9. Keep it secret, keep it safe: web
app security
Remember that <security-constraint> is about what happens after
the request
Thus , we need to protect the data coming in from a request thats
why we uses confidental to change the protocol http to https
79
80. 9. The Power Filters
Sometimes you want to keep track of system’s response times
across all of its different user interactions.
Filters are java components similar to servlets
Intercept and process requet before they are sent to the servlet
And before the response goes back to the client
80
81. 9. The Power Filters
Filters doesn’t care which filters ran before it did or next
The DD controls the order in wich filters run
In the DD you can link the firlts by telling the container for these url
run filtre x then filtre a … then run my servlet
Of course we can delete one or swap it
Why the filters like servlets :
The container knows their API by implementing the Filter interface
He manages their lifecycle (they have init() , destroy(), doPost()/Get
+doFiltre()
They’re declared in the DD
81
83. 9. The Power Filters
Every filtre must implements init and do filter and destroy
The doFilter( is called every time the container determines that the
filter should be applied to the current request
q Declaring and ordering filters
83
84. 9. The Power Filters
<init-param> is optional and we can have many
<servlet-name> element defines which single web app resource will
use this filter
Filters can be applied to request dispatchers too
84
85. 9. The Power Filters
We cannot filtre the response because it’s too late the out put
goes straight from the servlet back to the client
But we can swap our real response object with a custom response
(wrapper classes) when we passing him to the servlet
Whenever you want to create a custom request or response object,
just subclass one of the convenience request or response
“wrapper” classes. A wrapper wraps the REAL request or
response object, and delegates (passes through) calls to the real
thing, while still letting you do the extra things you need for your
custom request or response.
85
86. 9. The Power Filters
ServletRequestWrapper
HttpServletRequestWrapper
ServletResponseWrapper
HttpServletResponseWrapper
public void doFilter( request, response, chain)
{ CompressionResponseWrapper wrappedResp = new
CompressionResponseWrapper(response);
chain.doFilter(request, wrappedResp);
}
86