Page 1 of 1
About Question enthuware.jwpv6.2.735 :
Posted: Thu Aug 08, 2013 2:18 pm
by alex
Hi,
I guess there is a typo
Apply a filter to the servlet and pass a HttpServletResponseWrapper instead of the original HttpServletResponse to the servlet.
We don't pass HttpServletResponseWrapper to servlet, we wrap original HttpServletResponse and pass it to browser.
Re: About Question enthuware.jwpv6.2.735 :
Posted: Fri Aug 09, 2013 7:04 am
by admin
No, the given statement is correct. In the filter, we can wrap the original HttpServletRequest as well as HttpServletResponse object into a HttpServletRequestWrapper/HttpServletResponseWrapper objects and pass those to the target servlet.
Browser has no knowledge of these (or any of the Java classes). Browser only see the content that is generated by the servlet container using the HttpServletResponse object.
HTH,
Paul.
Re: About Question enthuware.jwpv6.2.735 :
Posted: Wed Sep 24, 2014 11:51 am
by dhanuddhara
I think explanation would be
"Apply a filter to the servlet and pass a HttpServletResponseWrapper instead of the original HttpServletResponse to the client."
client < filter < servlet
Within the filter we can encrypt and wrap the original response object and send to the client.
Correct me if i am wrong.
Re: About Question enthuware.jwpv6.2.735 :
Posted: Wed Sep 24, 2014 7:55 pm
by admin
No, a client doesn't receive HttpServletResponse or HttpServletResponseWrapper object. These objects exists on server side only.
Re: About Question enthuware.jwpv6.2.735 :
Posted: Mon Jul 13, 2015 3:07 pm
by ednilsoncampos
Why alternative 1 is wrong?
Re: About Question enthuware.jwpv6.2.735 :
Posted: Mon Jul 13, 2015 9:40 pm
by admin
Alternative 1 is wrong because it does not specify that you have wrap HttpServletResponse into HttpServletResponseWrapper to the servlet. Without that you can't encrypt the response in the filter.
Re: About Question enthuware.jwpv6.2.735 :
Posted: Sun Jun 19, 2016 3:48 pm
by himaiMinh
Can the third option be correct?
My reason is we can encrypt the raw user input data (eg checking account number) in the request inside the doFilter method of a filter, use the request wrapper to decorate the request and pass it to the servlet. The servlet will decrypt the data (checking account number).
Re: About Question enthuware.jwpv6.2.735 :
Posted: Sun Jun 19, 2016 7:41 pm
by admin
No, the objective is to encrypt the data that is to be sent to the customer from the servlet to be encrypted.
Re: About Question enthuware.jwpv6.2.735 :
Posted: Mon Jun 20, 2016 5:01 pm
by himaiMinh
How to implement this?
Is it like the following pseudo code:
Code: Select all
public class EncryptFilter implements Filter{
public void doFilter(ServletRequest request, ServletResponse response, FilterChain fc) throws
IOException, ServletException{
EncryptResponseWrapper rwrapper = new EncryptResponseWrapper(response);
//Suppose this is passed to the servlet to get the data that the browser queries for.
fc.doFilter(request, response);
//... do encryption for the response here
//assume there is a variable called encryptedData;
rwrapper.getWriter().println(encryptedData);
}
}
Code: Select all
public class EncryptResponseWrapper extends HttpServletResponseWrapper{
//override some HttpServletResponseWrapper methods
...
}
Re: About Question enthuware.jwpv6.2.735 :
Posted: Mon Jun 20, 2016 8:44 pm
by admin
Yes, something like that.
-Paul.