This chapter describes how to create custom filters that can be used to intercept and possibly modify the content presented to or generated by another function.
This chapter contains the following sections:
The NSAPI interface might change in a future version of Sun Java System Web Proxy Server. To keep your custom plug-ins upgradeable:
Make sure plug-in users know how to edit the configuration files such as magnus.conf and obj.conf manually. The plug-in installation software should not be used to edit these configuration files.
Keep the source code so you can recompile the plug-in.
Sun Java System Web Proxy Server 4 extends NSAPI by introducing a new filter interface that complements the existing Server Application Function (SAF) interface. You use filters to intercept and possibly modify data sent to and from the server. The server communicates with a filter by calling the filter’s filter methods. Each filter implements one or more filter methods. A filter method is a C function that performs a specific operation, such as processing data sent by the server.
This section describes the filter methods that a filter can implement, which are:
For more information about these methods, see Chapter 4, NSAPI Function Reference
The C prototypes for the filter methods are:
int insert(FilterLayer *layer, pblock *pb); void remove(FilterLayer *layer); int flush(FilterLayer *layer); int read(FilterLayer *layer, void *buf, int amount, int timeout); int write(FilterLayer *layer, const void *buf, int amount); int writev(FilterLayer *layer, const struct iovec *iov, int iov_size); int sendfile(FilterLayer *layer, sendfiledata *sfd);
The layer parameter is a pointer to a FilterLayer data structure, which contains variables related to a particular instance of a filter. Following is a list of the most important fields in the FilterLayer data structure:
context->sn — Contains information relating to a single TCP/IP session. This pointer is the same sn pointer that’s passed to SAFs.
context->rq — Contains information relating to the current request. This pointer is the same rq pointer that is passed to SAFs.
lower — A platform-independent socket descriptor used to communicate with the next filter in the stack.
The meaning of the context->data field is defined by the filter developer. Filters that must maintain state information across filter method calls can use context->data to store that information.
For more information about FilterLayer, see FilterLayer.
The insert filter method is called when an SAF such as insert-filter calls the filter_insert function to request that a specific filter be inserted into the filter stack. Each filter must implement the insert filter method.
When insert is called, this method can determine whether the filter should be inserted into the filter stack. For example, the filter could inspect the Content-Type header in the rq->srvhdrs pblock to determine whether the type of data that will be transmitted is relevant. If the filter should not be inserted, the insert filter method should return REQ_NOACTION.
If the filter should be inserted, the insert filter method provides an opportunity to initialize this particular instance of the filter. For example, the insert method could allocate a buffer with MALLOC and store a pointer to that buffer in layer->context->data.
The filter is not part of the filter stack until after insert returns. As a result, the insert method should not attempt to read from, write to, or otherwise interact with the filter stack.
insert in Chapter 4, NSAPI Function Reference
The remove filter method is called when a filter stack is destroyed when the corresponding socket descriptor is closed, when the server finishes processing the request the filter was associated with, or when an SAF such as remove-filter calls the filter_remove function. The remove filter method is optional.
The remove method can be used to clean up any data the filter allocated in insert and to pass any buffered data to the next filter by calling net_write(layer->lower, ...).
remove in Chapter 4, NSAPI Function Reference
The flush filter method is called when a filter or SAF calls the net_flush function. The flush method should pass any buffered data to the next filter by calling net_write(layer->lower, ...). The flush method is optional, but it should be implemented by any filter that buffers outgoing data.
flush in Chapter 4, NSAPI Function Reference
The read filter method is called when a filter or SAF calls the net_read function. Filters that deal with in incoming data (data sent from a client to the server) implement the read filter method.
Typically, the read method will attempt to obtain data from the next filter by calling net_read(layer->lower, ...). The read method may then modify the received data before returning it to its caller.
read in Chapter 4, NSAPI Function Reference
The write filter method is called when a filter or SAF calls the net_write function. Filters that are deal with outgoing data (data sent from the server to a client) implement the write filter method.
Typically, the write method will pass data to the next filter by calling net_write(layer->lower, ...). The write method may modify the data before calling net_write. For example, the http-compression filter compresses data before passing it on to the next filter.
If a filter implements the write filter method but does not pass the data to the next layer before returning to its caller, that is, if the filter buffers outgoing data, the filter should also implement the flush method.
write in Chapter 4, NSAPI Function Reference
The writev filter method performs the same function as the write filter method, but the format of its parameters is different. You do not have to implement the writev filter method. If a filter implements the write filter method but not the writev filter method, the server uses the write method instead of the writev method. A filter should not implement the writev method unless it also implements the write method.
Under some circumstances, the server may run slightly faster when filters that implement the write filter method also implement the writev filter method.
writev in Chapter 4, NSAPI Function Reference
The sendfile filter method performs a function similar to the writev filter method, but it sends a file directly instead of first copying the contents of the file into a buffer. You do not have to implement the sendfile filter method. If a filter implements the write filter method but not the sendfile filter method, the server will use the write method instead of the sendfile method. A filter should not implement the sendfile method unless it also implements the write method.
Under some circumstances, the server may run slightly faster when filters that implement the write filter method also implement the sendfile filter method.
sendfile in Chapter 4, NSAPI Function Reference
All data sent to the server, such as the result of an HTML form or sent from the server, such as the output of a JSP page is passed through a set of filters known as a filter stack. The server creates a separate filter stack for each connection. While processing a request, individual filters can be inserted into and removed from the stack.
Different types of filters occupy different positions within a filter stack. Filters that deal with application-level content, such as filters that translates a page from XHTML to HTML, occupy a higher position than filters that deal with protocol-level issues, such as filters that format HTTP responses. When two or more filters are defined to occupy the same position in the filter stack, filters that were inserted later will appear higher than filters that were inserted earlier.
Filters positioned higher in the filter stack are given an earlier opportunity to process outgoing data. Filters positioned lower in the stack are given an earlier opportunity to process incoming data. For example, in the following figure, the xml-to-xhtml filter is given an earlier opportunity to process outgoing data than the xhtml-to-html filter.

When you create a filter with the filter_create function, you specify what position your filter should occupy in the stack. You can also use the init-filter-order Init SAF to control the position of specific filters within filter stacks. For example, init-filter-order can be used to ensure that a filter that converts outgoing XML to XHTML is inserted above a filter that converts outgoing XHTML to HTML.
For more information, see filter_create
Filters that can alter the length of an incoming request body or outgoing response body must take special steps to ensure interoperability with other filters and SAFs.
Filters that process incoming data are referred to as input filters. If an input filter can alter the length of the incoming request body (for example, if a filter decompresses incoming data) and the rq->headers pblock contains a Content-Length header, the filter’s insert filter method should remove the Content-Length header and replace it with a Transfer-encoding: identity header as follows:
| pb_param *pp;
pp = pblock_remove("content-length", layer->context->rq->headers);
if (pp != NULL) {
   param_free(pp);
   pblock_nvinsert("transfer-encoding", "identity", layer->context->
	  rq->headers);
}
       | 
Because some SAFs expect a Content-Length header when a request body is present, before calling the first Service SAF the server will insert all relevant filters, read the entire request body, and compute the length of the request body after it has been passed through all input filters. However, by default, the server will read at most 8192 bytes of request body data. If the request body exceeds 8192 bytes after being passed through the relevant input filters, the request will be cancelled. For more information, see the description of ChunkedRequestBufferSize in Sun Java System Web Proxy Server 4.0.12 Configuration File Reference.
Filters that process outgoing data are referred to as output filters. If an output filter can alter the length of the outgoing response body (for example, if the filter compresses outgoing data), the filter’s insert filter method should remove the Content-Length header from rq->srvhdrs as follows:
| pb_param *pp;
pp = pblock_remove("content-length", layer->context->rq->srvhdrs);
if (pp != NULL)
   param_free(pp);
       | 
Custom filters are defined in shared libraries that are loaded and called by the server.
 To create a custom filter
To create a custom filterWriting the Source Code using the NSAPI functions.
Compiling and Linking the source code to create a shared library (.so, .sl, or .dll) file.
Loading and Initializing the Filter by editing the magnus.conf file.
Instructing the Server to Insert the Filter by editing the obj.conf file to insert your custom filter(s) at the appropriate time.
Testing the Filter by accessing your server from a browser with a URL that triggers your filter.
These steps are described in greater detail in the following sections.
Write your custom filter methods using NSAPI functions. For a summary of the NSAPI functions specific to filter development, see Overview of NSAPI Functions for Filter Development. For a summary of general purpose NSAPI functions, see Chapter 4, NSAPI Function Reference Each filter method must be implemented as a separate function. See Filter Methods for the filter method prototypes.
The filter must be created by a call to filter_create. Typically, each plug-in defines an nsapi_module_init function that is used to call filter_create and perform any other initialization tasks. See nsapi_module_init and filter_create for more information.
Filter methods are invoked whenever the server or an SAF calls certain NSAPI functions such as net_write or filter_insert. As a result, filter methods can be invoked from any thread and should only block using NSAPI functions, for example, crit_enter and net_read. If a filter method blocks using other functions, for example, the Windows WaitForMultipleObjects and ReadFile functions, the server might hang. Also, shared objects that define filters should be loaded with the NativeThread="no" flag, as described in Loading and Initializing the Filter
If a filter method must block using a non-NSAPI function, KernelThreads 1 should be set in magnus.conf. For more information about KernelThreads, see the description in Chapter 3, Syntax and Use of the magnus.conf File, in Sun Java System Web Proxy Server 4.0.12 Configuration File Reference.
Keep the following in mind when writing your filter:
Write thread-safe code
IO should only be performed using the NSAPI functions documented in File I/O and Network I/O.
Thread synchronization should only be performed using the NSAPI functions documented in Threads.
Blocking can affect performance.
Carefully check and handle all errors.
For examples of custom filters, see server_root/plugins/nsapi/examples and also Chapter 3, Examples of Custom SAFs and Filters
Filters are compiled and linked in the same way as SAFs. See Compiling and Linking, for more information.
For each shared library (plug-in) containing custom SAFs to be loaded into the Sun Java System Web Proxy Server, add an Init directive that invokes the load-modules SAF to obj.conf. The syntax for a directive that loads a filter plug-in is:
Init fn=load-modules shlib=[path]sharedlibname NativeThread="no"
shlib is the local file system path to the shared library (plug-in).
NativeThread indicates whether the plug-in requires native threads. Filters should be written to run on any type of thread. For more information, see Writing the Source Code.
When the server encounters such a directive, server calls the plug-in’s nsapi_module_init function to initialize the filter.
Add an Input or Output directive to obj.conf to instruct the server to insert your filter into the filter stack. The format of the directive is as follows:
Directive fn=insert-filter filter=“filter-name” [name1=“value1”]...[nameN=“valueN”]
Directive is Input or Output.
filter-name is the name of the filter, as passed to filter_create, to insert.
nameN="valueN" are the names and values of parameters that are passed to the filter’s insert filter method.
Filters that process incoming data should be inserted using an Input directive. Filters that process outgoing data should be inserted using an Output directive.
To ensure that your filter is inserted whenever a client sends a request, add the Input or Output directive to the default object. For example, the following portion of obj.conf instructs the server to insert a filter named example-replace and pass it two parameters, from and to:
| <Object name="default">
Output fn=insert-filter
       filter="example-replace"
       from="Old String"
       to="New String"
...
</Object>
          | 
For the server to load your plug-in, you must restart the server. A restart is required for all plug-ins that implement SAFs and/or filters.
Test your SAF by accessing your server from a browser. You should disable caching in your browser so that the server is sure to be accessed. In Netscape Navigator, press the Shift key while clicking the Reload button to ensure that the cache is not used. If the images are already in the cache, this action does not always force the client to fetch images from source. Examine the access and error logs to help with debugging.
NSAPI provides a set of C functions that are used to implement SAFs and filters. This section lists the functions that are specific to the development of filters. The public routines are described in detail in Chapter 4, NSAPI Function Reference.
The NSAPI functions specific to the development of filters are:
filter_create — Creates a new filter
filter_insert — Inserts the specified filter into a filter stack
filter_remove — Removes the specified filter from a filter stack
filter_name — Returns the name of the specified filter
filter_find — Finds an existing filter given a filter name
filter_layer — Returns the layer in a filter stack that corresponds to the specified filter