0

I have a Java filter that allows continue or not the request depending of the URL, however I have a problem when the request come from a form.

Let's say I have a HTML form with an action and a submit button, then the filter evaluate the request, if the request is invalid I need to stop the request:

public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    String requestDestination = ((HttpServletRequest) servletRequest).getRequestURI();
    if ( requestDestination.contains("/url") ) {
        HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
        Cookie denied = new Cookie("denied", "url");
        httpResponse.addCookie(denied);
        return;
    }
}

The problem is that despite this action, the browser goes to this URL showing an empty page off course, but what I need is to stop this default behavior, just leaving the user in the same page.

I can't use JavaScript since I don't know exactly who is triggering the request.

Improve this question
1
  • sounds like a problem with your web.xml. The ordering of your filter and servlets can make behaviour like that happen. Commented Apr 19, 2018 at 14:31

3 Answers 3

Reset to default
1

You cannot "stop" the request. Once the browser has submitted the form, it will await a response and will render the content of that response body.

Thus if your servlet filter is blocking the request, it is the responsibility of your filter to also return appropriate content to the browser. This is typically some type of error page, the content of which is entirely up to you.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Right, I also tried with a response.getOutputStream() to flush any content, but this is not very practical since the browser will prompt the answer as a file to be downloaded
0

If you want to make the user return back to the previous page, you can try redirecting the user to the url taken from the Referer header:

if ( requestDestination.contains("/url") ) {
    String referer = request.getHeader("Referer");
    if (referer != null && referer.length() > 0) {
        HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
        httpResponse.sendRedirect(httpResponse.encodeRedirectURL(referer));
    } else {
        // just do nothing and display a blank page if there is no Referer
    }
}

But for this to work, you need to be sure that the 'previous page' always accepts such a duplicated request using GET method.

Improve this answer

1 Comment

I thought about this, but the Referer is hard to trust. I don't want to let the user just staring at a blank page. I'm thinking about setting my own header with the referer
0

It's not possible to do on server side -- because whatever server response is (and there is always a response, even for stopped requests), your browser will display it. Like empty response in your example.

There only thing you can try to archieve without JavaScript is to show user the same page he comes from:

  • you can just display the same page he comes from (with form, etc.)
  • you can redirect user to the same page with httpResponse.sendRedirect(httpRequest.getRequestURI())
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.