Working on security for my final year project.(Testing )

Filters:Little bit on life cycle
The init() method is used to initialize any code that is used by Filter. Also note that, init() method will get an object of FilterConfig which contains different Filter level information as well as init parameters which is passed from Web.xml (Deployment descriptor).

The doFilter() method will do the actual logging of information. You can modify this method and add your code which can modify request/session/response, add any attribute in request etc.

The destroy() method is called by the container when it wants to garbage collect the filter. This is usually done when filter is not used for long time and server wants to allocate memory for other applications.

Tested a very simple web project.

web.xml(only the flter configuration showed)

    <filter>

        <filter-name>LogFilter</filter-name>

        <filter-class>com.in.Filter.LogFilter</filter-class>

        <init-param>

            <param-name>test-param</param-name>

            <param-value>This is for testing</param-value>

        </init-param>

    </filter>

    <filter-mapping>

        <filter-name>LogFilter</filter-name>

        <url-pattern>/*</url-pattern>

    </filter-mapping>

     </web-app>

the FILTER

public class LogFilter implements Filter {

    private static final boolean debug = true;

    // The filter configuration object we are associated with.  If

    // this value is null, this filter instance is not currently

    // configured. 

    private FilterConfig filterConfig = null;

    public LogFilter() {

    }

    private void doBeforeProcessing(ServletRequest request, ServletResponse response)//abstract methods

            throws IOException, ServletException {

    }

    private void doAfterProcessing(ServletRequest request, ServletResponse response)

            throws IOException, ServletException {

        RequestDispatcher rd = null;

        HttpServletRequest req = (HttpServletRequest) request;

        HttpServletResponse res = (HttpServletResponse) response;

        rd = getFilterConfig().getServletContext().getRequestDispatcher("/LoginServlet");

        if (rd != null) {

            rd.include(req, res);

        }

    }

    public void doFilter(ServletRequest request, ServletResponse response,

            FilterChain chain)

            throws IOException, ServletException {

        Throwable problem = null;

        try {

            chain.doFilter(request, response);

        } catch (Throwable t) {

            // If an exception is thrown somewhere down the filter chain,

            // we still want to execute our after processing, and then

            // rethrow the problem after that.

            problem = t;

            t.printStackTrace();

        }

        // If there was a problem, we want to rethrow it if it is

        // a known type, otherwise log it.

        if (problem != null) {

            if (problem instanceof ServletException) {

                throw (ServletException) problem;

            }

            if (problem instanceof IOException) {

                throw (IOException) problem;

            }

            sendProcessingError(problem, response);

        }

        //Get the IP address of client machine.

        String ipAddress = request.getRemoteAddr();

        //Log the IP address and current timestamp.

        System.out.println("IP " + ipAddress + ", Time "

                + new Date().toString());

   HttpServletRequest req = (HttpServletRequest) request;

        HttpServletResponse res = (HttpServletResponse) response;

        String name=req.getParameter("user");

        System.out.println(""+name);//as it is a filter and in xml see the mapping.the url pattern is /*.so after     //getting the servlet i again shows the value in the filter.from this we can know abut any unauthorized //access.

        doAfterProcessing(request, response);

        chain.doFilter(request, response);

    }

    /**

     * Return the filter configuration object for this filter.

     */

    public FilterConfig getFilterConfig() {

        return (this.filterConfig);

    }

    /**

     * Set the filter configuration object for this filter.

     *

     * @param filterConfig The filter configuration object

     */

    public void setFilterConfig(FilterConfig filterConfig) {

        this.filterConfig = filterConfig;

    }

    /**

     * Destroy method for this filter 

     */

    public void destroy() {

    }

    /**

     * Init method for this filter 

     */

    public void init(FilterConfig filterConfig) {

        this.filterConfig = filterConfig;

        

        //Get init parameter

        String testParam = filterConfig.getInitParameter("test-param");

        //Print the init parameter

        System.out.println("Test Param: " + testParam);

    }

    /**

     * Return a String representation of this object.

     */

    @Override

    public String toString() {

        if (filterConfig == null) {

            return ("LogFilter()");

        }

        StringBuffer sb = new StringBuffer("LogFilter(");

        sb.append(filterConfig);

        sb.append(")");

        return (sb.toString());

    }

    private void sendProcessingError(Throwable t, ServletResponse response) {

    }

    public static String getStackTrace(Throwable t) {

        String stackTrace = null;

        try {

        } catch (Exception ex) {

        }

        return stackTrace;

    }

    public void log(String msg) {

        filterConfig.getServletContext().log(msg);

    }

}