hi...... filters in servlet

Question

sach_ak47 -2 Newbie Poster

16 Years Ago

hi , actully i have read filters in servlet.
but i didnt understand , the actual working of filters ( in practicle environment).
i want to know that , when i am sending request to server and i am using filter before request went to server. so that process is happening on server side or client side ?

and i want to send password in encrypted format from html page to servlet how to do this ?
please if any one have any idea please response ( Atleast tell the process how to proceed).

java-jsp

4 Contributors
3 Replies
98 Views
2 Days Discussion Span
Latest Post 16 Years Ago Latest Post by ~s.o.s~

jwenting 1,889 duckman

16 Years Ago

Servlet filters always run on the server.
They can provide services that have to run before the web application processes the request, like authentication.
A filter can intercept the requests, look up credentials and permissions, and deny the request (with an error message) if the request is issued by someone who's not allowed to do so.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

jaka.ramdani -1 Newbie Poster · Answer 1 · 2008-09-06T08:50:44+00:00

hi , actully i have read filters in servlet.
but i didnt understand , the actual working of filters ( in practicle environment).
i want to know that , when i am sending request to server and i am using filter before request went to server. so that process is happening on server side or client side ?
and i want to send password in encrypted format from html page to servlet how to do this ?
please if any one have any idea please response ( Atleast tell the process how to proceed).

filter always run in server env.

here's the way to send your encrypted password to server
1. add one hidden field in your login form i.e with name hashed_pass, and assume your password filed named pass
2. add onSubmit action in your form which will do these:
- hash your inputted plain password (try lo look some md5 hash javascript, there's a lot out of there)
- change you hashed_pass field value to hashed value of your inputted password
- set your password field to empty since you don't want plain value of your password is submitted
- submit the form
- authenticate using the hashed password
3. done

it may like these, except i don't provide the md5 javascript code, and assume the method to perform md5 hash is md5()

function hashOnSubmit(theForm) {
   var passwd_field = theForm.pass;
   var hashedpasswd_field = theForm.hashed_pass;
   var hashed = md5(passwd_field.value);
   hashedpasswd_field.value = hashed;
   passwd_field.value = "";
   theForm.submit();
}

and in the html, form part:

<form name="login_form" action="bla_bla" method="post" onSubmit="hashOnSubmit(this);">
....//the fileds here
</form>

hope will help.

regards,

~s.o.s~ 2,560 Failure as a human Team Colleague Featured Poster · Answer 2 · 2008-09-07T13:04:25+00:00

> here's the way to send your encrypted password to server [ snip ]

Which of course fails if Javascript is disabled on the clients' computer. And of course, using a Javascript equivalent of the hashing algorithm exposes your entire hashing logic. A better way would be to use a secure connection to send/receive critical user information like https.