2
2
.
.
1
1
.
.
4
4
B
B
l
l
o
o
c
c
k
k
R
R
e
e
q
q
u
u
e
e
s
s
t
t
s
s
I
I
n
n
f
f
o
o
[
[
G
G
]
]
This tutorial shows how to use Filter to block HTTP Requests if they have wrong format (Request will not reach Controller)
If username Parameter doesn't exist, Filter returns error message to the User and doesn't forward Request to Controller.
This is achieved by simply returning from Filter, instead of calling chain.doFilter(request, response) to forward Request.
Filter generates Response by calling response.getWriter().println("Parameter username missing").
Application Schema [Results]
Spring Boot Starters
GROUP
DEPENDENCY
DESCRIPTION
Web
Spring Web
Enables: Controller Annotations, Tomcat Server
P
P
r
r
o
o
c
c
e
e
d
d
u
u
r
r
e
e
Create Project: springboot_filter_gethttprequestresponseparameters (add Spring Boot Starters from the table)
Create Package: controllers (inside main package)
– Create Class: MyController.java (inside controllers package)
Create Package: filters (inside main package)
– Create Class: MyFilter.java (inside controllers package)
MyController.java
package com.ivoronline.springboot_filter_blockrequests.controllers;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class MyController {
@ResponseBody
@RequestMapping("/Hello")
public String hello(@RequestParam String username) {
System.out.println("Hello from Controller");
return "Hello " + username;
}
}
MyFilter
MyController
Request
Response
http://localhost:8080/Hello
Request
Response
hello()
MyFilter.java
package com.ivoronline.springboot_filter_blockrequests.filters;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
@Component
public class MyFilter extends OncePerRequestFilter {
@Override
public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws IOException, ServletException {
//LOG
System.out.print("CHECKING REQUEST PARAMETERS: " + request.getQueryString());
//GET REQUESTS PARAMETERS
String parameterUsername = request.getParameter("username");
//CHECK REQUESTS PARAMETERS
if(parameterUsername == null) {
System.out.println(" (Parameter username missing)");
response.getWriter().println("Parameter username missing");
return;
}
System.out.println(" (Parameter username found)");
//FORWARD TO CONTROLLER
chain.doFilter(request, response);
}
}
R
R
e
e
s
s
u
u
l
l
t
t
s
s
http://localhost:8080/Hello?username1=myuser
http://localhost:8080/Hello?username=myuser
Console
CHECKING REQUEST PARAMETERS: username1=myuser (Parameter username missing)
CHECKING REQUEST PARAMETERS: username=myuser (Parameter username found)
Hello from Controller
Application Structure
pom.xml
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
</dependencies>