anyone out there care about this stuff? please? :-) > Hi there, > > I've got some questions about Servlet API 2.3 Filters and the Tomcat 4.0 m4 > implementation of them. > > I've been thinking about implementing one of those new-fangled Filter > things. I've been reading the spec, and I've found a few things which are > unclear. I've also read the source for Tomcat 4.0 m4 where appropriate to > try and figure out what is currently implemented, and I'd like to know how > the implementation relates to the unclear areas that I've found in the spec. > > The areas I'm confused about follow: > > 1) Filters and UnavailableException > > Filters can throw UnavailableException, but the 2.3 PFD doesn't seem to > specify what to do with them if it does. It looks like Tomcat 4.0 m4 > disables the Servlet that the request referenced. This doesn't seem like a > very good idea to me, primarily because there is not necessarily a 1:1 > mapping between a Filter and the Servlet it is filtering. > > For example, imagine if you had an authentication filter which was > protecting a few static files in a subdir of your context. If the filter > died and thew UnavailableException, that would mean that the DefaultServlet > which is serving all the static content for your webapp would be disabled. > > Perhaps in this case the Filter itself ought to be disabled? It would be > more work, but it would seem more consistent. > > 2) Filters and RequestDispatcher > > Filters are apparently allowed to call the include() and forward() methods > of RequestDispatcher. However, the 2.3 PFD doesn't seem to mention if those > calls should invoke the filter chain again or if they are supposed to > reference the target servlet directly. It looks like Tomcat 4.0 m4 > references them directly. I'm not sure which is the best way, but I can see > some potential problems with the way Tomcat is doing it. > > For example, imagine if you had a nice site you'd written in XML and which > used an XSLT filter transform the content into HTML. Then, you wrote an > authentication filter which is inserted in the filter chain before the XSLT > filter. It forward()s to "login-error.xml" when the user enters the wrong > password. What happens? the login-error.xml is sent to the client directly, > without the XSLT transformation. Not nice. > > Would anyone care to comment on what they think is the right behaviour in > these cases, or to clarify my confusion? > > Cheers > > Geoff
