In my app, I added a Servlet filter to protect it from cross site framing (sad thing is that this filter really does very little except adding X-FRAME-OPTIONS header...)
I added it to my web.xml file and it seems to be working in some cases but not others.
Does anyone know of a way to watch, log, monitor, or whatever, these filters in Websphere 8 so I can figure out what can be going wrong?
Claude Moore wrote:Why don'y you use a frontendcontroller / gateway approach ? You may define a servlet which receives all requests for your application, and forwards to second-line servlets all requestes after logging them and having set a custom-header value. Second level servlets may check for this custom header and refuse to fullfill any request that has no such header - so that only requests filtered by your "Gateway" servlet are considerated valid.
What you are descirbing sounds an awful lot like a servlet filter.
Servlet filters are actually pretty foolproof. As long as the incoming URL matches on the URL pattern filter-mapping, the filter WILL be invoked. So if the filter doesn't seem to get used, first try widening the URL mapping.
Beyond that, make sure that any exceptions that get thrown and intercepted within the filter don't get silently eaten (this is a capital offense if you pass code on to me!) In other words, if there's an exception caught, make sure it either gets re-thrown or it gets logged.