aspose file tools*
The moose likes Servlets and the fly likes Info on Servlet Filters Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Info on Servlet Filters" Watch "Info on Servlet Filters" New topic
Author

Info on Servlet Filters

chandra kambham
Ranch Hand

Joined: Jun 09, 2008
Posts: 74
Hi,

I have an WebServer with the Servlet version 2.2 , Can i Use Filters in My WebServer?
After some initial searching i found that Filters are Supported from the Servlet version 2.3 onwards...

Could you please let me know if there is any possibility to use Filters With Servlet 2.2 version.

Many Thanks ,
K.Chandra Sekhar
Shailesh Narkhede
Ranch Hand

Joined: Jul 10, 2008
Posts: 368
As servlet version 2.2 spacification is not metioned filter in that, so we can not use filter with Servlet 2.2
Could you please let me know if there is any possibility to use Filters With Servlet 2.2 version.

what you want do with the help filter ?


Thanks,
Shailesh
chandra kambham
Ranch Hand

Joined: Jun 09, 2008
Posts: 74
Hi Shailesh,

Recently our Web App has undergone some security scannings and found cross site scripting vulnerabilities.
The security team has suggested to use a framework which has been developed using the Filters.
So i want to use the Filters to avoid the problems with Cross site scripting..

Please let me know if there is a way to implement the filter functionality even with Servlet 2.2 version..

Many Thanks,
K.Chanrda
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42929
    
  68
If it's security you're concerned about, then I'd say it would probably be a good thing to upgrade the server to a newer version (which would also support a newer Servlet API version). If the server only supports Servlet API 2.2, then it's probably at least 7 years old, and likely hasn't seen security updates in a good long time.
chandra kambham
Ranch Hand

Joined: Jun 09, 2008
Posts: 74
hi Ulf Dittmer,

Thank you very much for your reply.

The servers are pretty old but the application have been running on them fro the past 8 years and the server team don't have any plans to upgrade the servers in near future , but they still want us to workn on these Security vulnerabilities..
Can you please advice me an approach to achieve this..
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42929
    
  68
You don't *need* filters for this; you can sanitize all user inputs at the point where you get them using "getParameter".
chandra kambham
Ranch Hand

Joined: Jun 09, 2008
Posts: 74
Hi Ulf,


As you siad i don't need a filter to do this.. but there are around 80 Jsps and 40 Servlets in our application and i need to modify all these files to perform the sanitation.
If there is an centralized way of performing the sanitation for all the requests then i don't need to change all the files...
By using filters i can achieve the centralized way of performing the sanitation.

Is there any better approach than modifying each and every file?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42929
    
  68
One solution would be to have a utility method that does the sanitizing. Then you can do a search/replace of "request.getParameter(XYZ)" with "Utils.sanitize(request.getParameter(XYZ))" (assuming that the data sanitization needs are the same for all parameters, of course). You'd need to make sure that the method is thread-safe, of course.
chandra kambham
Ranch Hand

Joined: Jun 09, 2008
Posts: 74
Hi Ulf,

I have implemented a Utility Code that verifies all the request parameters and if there are any possibilities of XSS then i am redirecting the request to an error page.
FOr this i have implemented a seperate jsp and i am just including this jsp in all the existing jsps so that the request paramters get verified..

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Info on Servlet Filters