Open in app

Sign in

Write

Sign in

Develop a Custom Tomcat Filter for WSO2 Identity Server

Prabod Dunuwila
3 min readSep 29, 2024

--

A filter is an object that is invoked at the preprocessing and postprocessing of a request on the server. Filter API (or interface) includes some methods which help us in filtering requests.

When you use WSO2 Identity Server for your use cases, you may come across requirements such as below,

  • Filter a specific request (let’s say /oauth2/token request) and capture some information sent with the request and validate them
  • Filter all the requests reach the server and check if some header is available (let’s say checking for a unique id such as x-request-id) and also respond the same with the response

For scenarios such as above, you can implement the ‘javax.servlet.Filter’ and deploy the customisation in the IS server.

For example, let’s say you want to,

  • Check if a request contains the ‘x-request-id’ header
  • If it doesn’t contain a header generate a UUID and assign it as ‘x-request-id’
  • The same ‘x-request-id’ needs to respond to the client

Let’s see how you can achieve the above requirement.

Please note that I’m using IS 5.11.0 server for deploying this customisations and testing the scenario.

Implementing the Filter class

So here I have created a maven project and created a class implementing ‘javax.servlet.Filter’,

package org.example;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.UUID;

public class RequestFilter implements Filter {

    private static final String REQUEST_HEADER_NAME = "x-request-id";

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {

        HttpServletRequest httpRequest = (HttpServletRequest) request;
        HttpServletResponse httpResponse = (HttpServletResponse) response;

        // Check if X-Request-ID header is already present in the request
        String requestId = httpRequest.getHeader(REQUEST_HEADER_NAME);

        // If not present, generate a new request ID
        if (requestId == null || requestId.isEmpty()) {
            requestId = UUID.randomUUID().toString();
        }

        // Add the X-Request-ID to the response header
        httpResponse.setHeader(REQUEST_HEADER_NAME, requestId);

        // Continue with the next filter in the chain
        chain.doFilter(request, response);
    }

    @Override
    public void destroy() {

    }
}

And the pom.xml will be as follows.

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>org.example</groupId>
    <artifactId>RequestFilter</artifactId>
    <version>1.0-SNAPSHOT</version>
    <packaging>jar</packaging>

    <properties>
        <maven.compiler.source>11</maven.compiler.source>
        <maven.compiler.target>11</maven.compiler.target>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    </properties>

    <dependencies>
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>javax.servlet-api</artifactId>
            <version>3.1.0</version>
            <scope>provided</scope>
        </dependency>
    </dependencies>

    <build>
        <finalName>request-filter</finalName>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-jar-plugin</artifactId>
                <version>3.1.1</version>
            </plugin>
        </plugins>
    </build>
</project>

Deploying the jar file

After building the project, you can deploy the ‘request-filter.jar’ in the ‘<IS-HOME>/repository/components/lib’ directory.

Adding configurations

And in the ‘<IS-HOME>/repository/conf/deployment.toml’ file, you can make the below changes.

[[tomcat.filter]]
name = "RequestFilter"
class = "org.example.RequestFilter"

[[tomcat.filter_mapping]]
name = "RequestFilter"
url_pattern = "/*"

Then restart the server. Let’s see what happens when we invoke the requests.

Scenario 01: Sending the x-request-id with the request

Scenario 02: Not sending the x-request-id with the request (So that an UUID will be assigned)

So that’s all about it.

References

[1] https://github.com/rksk/response-header-filter/tree/master

[2] https://www.geeksforgeeks.org/java-servlet-filter-with-example/

Wso2
Identity Server
Tomcat
Filters
Java

--

--

Prabod Dunuwila
Prabod Dunuwila

Written by Prabod Dunuwila

37 Followers
116 Following

Software Engineer @ WSO2 | MIT @ University of Kelaniya, Sri Lanka.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams