/ Published in: Java
a simple solution that illustrates a very practical usage of java filters, in this example we try to block any Ddos attack, spam access and route clients or visitors to there corresponding pages.
note: please test before use, then use at your own risk.
note: please test before use, then use at your own risk.
Expand |
Embed | Plain Text
Copy this code and paste it in your HTML
import java.io.IOException; import java.util.Scanner; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; /** * Servlet Filter implementation class filter * @author prgrmmr.aben [at] gmail (dot) com * http://fivesnippets.blogspot.com/2014/08/servlet-filter-for-ddos-spam-etc.html * please give back a small donation if you find * this little educational snippet of code useful */ @WebFilter("/filter") public class filter implements Filter { /** * Default constructor. */ public filter() { // TODO Auto-generated constructor stub } /** * @see Filter#destroy() */ public void destroy() { // TODO Auto-generated method stub } /** * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) */ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpSession session; HttpServletRequest req = (HttpServletRequest)request; HttpServletResponse res = (HttpServletResponse)response; res.addHeader("X-FRAME-OPTIONS", "DENY" ); // I was using the test bellow when developing the app /*Scanner verify = new Scanner(System.in); if(verify.nextInt()==0){ req.getSession().invalidate(); }*/ session = req.getSession(false); if(req.getSession(false) == null){ session = req.getSession(true); sessionInit(session); req.getServletContext().getRequestDispatcher("/login.jsp").forward(request, response); }else{ if(session.getAttribute("spam").equals(true)) else if (timeElapsed<2000) { session.setAttribute("spam", true); }else if (session.getAttribute("logged").equals(false)) { req.getServletContext().getRequestDispatcher("/login.jsp").forward(request, response); }else{//if session.getAttribute("logged").equals(true) which should be set to true after user is logged if(requestedPath.equals("/login.jsp")) req.getServletContext().getRequestDispatcher("/main.jsp").forward(request, response); else req.getServletContext().getRequestDispatcher(requestedPath).forward(request, response); } } //chain.doFilter(request, response); } private void sessionInit(HttpSession session) { // TODO Auto-generated method stub session.setAttribute("spam", false); session.setAttribute("logged", true); } /** * @see Filter#init(FilterConfig) */ public void init(FilterConfig fConfig) throws ServletException { // TODO Auto-generated method stub } }
URL: http://fivesnippets.blogspot.com/2014/08/servlet-filter-for-ddos-spam-etc.html