Servlet & JSP by Budi Kurniawan

Author:Budi Kurniawan [Kurniawan, Budi]
Language: eng
Format: epub
Publisher: Brainy Software Inc.
Published: 0101-01-01T00:00:00+00:00

Example 2: Image Protector Filter

The Image Protector Filter in this example prevents an image from being downloaded by typing the image URL in the browser's Address box. An image in the application will only show if the link to the image is clicked on a page. The filter works by checking the value of the referer HTTP header. A null value means the current request has no referrer, in other words the resource is being requested directly by typing its URL. A resource with a non-null referer header will have the page of origin as its referrer. Note that the header name is spelled with one r between the second e and the third e.

The filter class, ImageProtectorFilter, is given in Listing 9.2. From the WebFilter annotation you know that the filter is applied to all resources having png, jpg, or gif extension.

Listing 9.2: The ImageProtectorFilter class

package filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; @WebFilter(filterName = "ImageProtetorFilter", urlPatterns = { "*.png", "*.jpg", "*.gif" }) public class ImageProtectorFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException { } @Override public void destroy() { } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { System.out.println("ImageProtectorFilter"); HttpServletRequest httpServletRequest = (HttpServletRequest) request; String referrer = httpServletRequest.getHeader("referer"); System.out.println("referrer:" + referrer); if (referrer != null) { filterChain.doFilter(request, response); } else { throw new ServletException("Image not available"); } } }

The init and destroy methods are empty. The doFilter method reads the value of the referer header and either invokes the resource or throws an exception:

String referrer = httpServletRequest.getHeader("referer"); System.out.println("referrer:" + referrer); if (referrer != null) { filterChain.doFilter(request, response); } else { throw new ServletException("Image not available"); }

To test the filter, try opening the logo.png image by typing this URL in your browser's Address box:

http://localhost:8080/app09a/image/logo.png

You'll get an “Image not available” error message.

Now, invoke the image.jsp page:

http://localhost:8080/app09a/image.jsp

You should see the image. The reason why this works is because the image.jsp page contains this link that instructs the browser to download the image:

<img src='image/logo.png'/>

When the browser asked for the image for the link, it also sent the URL of the page (in this case, http://localhost:8080/app09a/image.jsp) to the server as the value of the referer header.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.