How do I create a servlet filter to make secure cookies?

The CookieFilter class in this example is a servlet filter. Servlet filters in Java web applications are used to perform tasks such as request/response modification, authentication, logging, and more. In the context of managing cookies, a CookieFilter can be used to intercept requests and responses to handle cookie-related operations, such as setting secure attributes on cookies or checking cookie values for authentication purposes.

Here’s an example of how you can implement a CookieFilter class in Java:

package org.kodejava.filter;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class CookieFilter implements Filter {

    public void init(FilterConfig filterConfig) throws ServletException {
        // Initialization code, if needed

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) 
            throws IOException, ServletException {
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        HttpServletResponse httpResponse = (HttpServletResponse) response;

        // Check if a session exists
        HttpSession session = httpRequest.getSession(false);
        if (session != null) {
            // Example: Set secure attribute on session cookie
            sessionCookieSecure(httpRequest, httpResponse);

        // Continue the request chain
        chain.doFilter(request, response);

    public void destroy() {
        // Cleanup code, if needed

    private void sessionCookieSecure(HttpServletRequest request, HttpServletResponse response) {
        // Assuming the session cookie name
        String cookieName = "JSESSIONID"; 
        Cookie[] cookies = request.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                if (cookie.getName().equals(cookieName)) {
                    // Set the secure attribute on the session cookie
                    // Update the cookie in the response

In this example:

  • The CookieFilter class implements the Filter interface, which requires implementing methods like init, doFilter, and destroy.
  • Inside the doFilter method, it checks if a session exists for the incoming request.
  • If a session exists, it calls the sessionCookieSecure method to set the secure attribute on the session cookie.
  • The sessionCookieSecure method iterates through cookies in the request, finds the session cookie (e.g., JSESSIONID), and sets its secure attribute to true.

You can modify this filter implementation based on your specific cookie management requirements, such as setting secure attributes on specific cookies or performing additional cookie-related tasks.

How do I configure secure cookies using web.xml?

To configure secure cookies using web.xml, you typically need to set the secure attribute on your cookie definitions. This ensures that the cookie is only sent over HTTPS connections, enhancing security by protecting sensitive information from being transmitted over unencrypted channels. Here’s how you can do it:

1. Define Your Servlet Filter (Optional but Recommended):

If you don’t have a servlet filter for managing cookies, you can create one. This filter can intercept requests and responses to handle cookie-related operations.


Replace org.kodejava.servlet.CookieFilter with the actual class that implements your cookie handling logic.

2. Configure Secure Cookie in web.xml:

Inside your web.xml, you can define cookie configurations using <session-config> and <cookie-config> elements.

      <!-- Recommended to prevent client-side script access -->
      <!-- Set all cookies to be secure -->
  • <secure>true</secure>: This line ensures that all cookies are marked as secure, meaning they will only be sent over HTTPS connections.
  • <http-only>true</http-only>: This line makes cookies accessible only through HTTP headers, preventing client-side scripts (like JavaScript) from accessing them. It adds another layer of security against certain types of attacks.

3. Deploy and Test:

After making these changes, deploy your web application and test it over HTTPS. Verify that cookies are being set with the secure flag by checking your browser’s developer tools (usually under the “Application” or “Storage” tab).

By following these steps, you can configure secure cookies in your Java web application using web.xml.

Notes: Setting the secure attribute in web.xml configures the default behavior for cookies created by the servlet container. However, for custom cookies that your application creates programmatically, you need to explicitly call setSecure(true) on the Cookie object to make them secure.

How do I format a number as percentage with fraction digits?

In Java, the NumberFormat class of java.text package can be used to format numbers. For formatting a number as a percentage string with fraction digits, you can use the getPercentInstance() method that returns a percentage format for the current default Locale.

Here is a sample code snippet showing how to format a number as a percentage string with two digits of fractions:

package org.kodejava.text;

import java.text.NumberFormat;

public class FormatPercentage {
    public static void main(String[] args) {
        double number = 0.12345;

        // Get an instance of NumberFormat for percentage
        NumberFormat percentFormat = NumberFormat.getPercentInstance();

        // Set the fraction digits - change this value to control the
        // number of fraction digits.
        percentFormat.setMinimumFractionDigits(2); // set the minimum
        percentFormat.setMaximumFractionDigits(4); // set the maximum

        // Format the number as a percentage
        String formattedPercent = percentFormat.format(number);

        System.out.println("Number as percentage: " + formattedPercent);


Number as percentage: 12.345%

In the above example, 0.12345 will be formatted as 12.35% because we have set the MinimumFractionDigits to 2 which means up to two decimal points will be included in the formatted percentage. If we also set the MaximumFractionDigits it will allow us to have up to four decimal points in the output value, here we have 12.345%.

Note that the actual percentage is calculated by multiplying the number by 100, so 0.12345 becomes 12.345% and then rounded to 12.35% (because of the fraction digits setting, in this case we only set the minimum fraction digits to two decimal points).

We can also use the DecimalFormat class. The DecimalFormat class in Java is used to format decimal numbers. It is a subclass of NumberFormat and you can customize the format of your number using it.

Here’s a simple example of how you can format a number as a percentage string using DecimalFormat:

package org.kodejava.text;

import java.text.DecimalFormat;

public class DecimalFormatPercentDemo {
    public static void main(String[] args) {
        double number = 0.123;

        // Create a new DecimalFormat instance with a percentage pattern
        DecimalFormat df = new DecimalFormat("#%");

        // Set the number of fraction digits 

        // Format the number into a percentage
        String percentage = df.format(number);


This program will output 12.30%

The "#%" pattern means that the number should be formatted as a percentage. And df.setMinimumFractionDigits(2); means that the decimal will be formatted to two places.

The DecimalFormat will automatically multiply our value by 100, which is why 0.123 appears as 12.30%.

How do I use ConcurrentHasMap forEach() method?

The forEach() method in ConcurrentHashMap is used for iteration over the entries in the map. The method takes a BiConsumer as an argument, which is a functional interface that represents an operation that accepts two input arguments and returns no result.

Here’s an example of how to use forEach() with a ConcurrentHashMap:

package org.kodejava.util.concurrent;

import java.util.concurrent.ConcurrentHashMap;

public class ConcurrentHashMapForEachExample {
    public static void main(String[] args) {
        // Create a new ConcurrentHashMap
        ConcurrentHashMap<String, Integer> map = new ConcurrentHashMap<>();

        // Add some key-value pairs
        map.put("One", 1);
        map.put("Two", 2);
        map.put("Three", 3);
        map.put("Four", 4);

        // Use forEach to iterate over the ConcurrentHashMap.
        // The BiConsumer takes a key (k) and value (v), and we're
        // just printing them here.
        map.forEach((k, v) -> System.out.println("Key: " + k + ", Value: " + v));


Key: One, Value: 1
Key: Four, Value: 4
Key: Two, Value: 2
Key: Three, Value: 3

In the above example, forEach() is used to iterate over the entries of the map. For each entry, the key and value are printed. The forEach() method is often more convenient to use than an iterator, especially when you’re only performing a single operation (like print) for each entry in the map.

What is ConcurrentHasMap and how do I use it in Java?

ConcurrentHashMap is a class in Java that implements the ConcurrentMap interface. It is part of the Java Collection Framework and extends the AbstractMap class.

ConcurrentHashMap is thread-safe, which means it is designed to support high concurrency levels by handling multiple threads concurrently without any inconsistencies. It allows multiple threads to perform retrieve (get) and update (insert & delete) operations. Internally, ConcurrentHashMap uses concepts of Segmentation to store data which allows higher degree of concurrency.

Here is an example of how to use ConcurrentHashMap in Java:

package org.kodejava.util;

import java.util.concurrent.ConcurrentHashMap;

public class ConcurrentHashMapExample {
    public static void main(String[] args) {
        // Create a ConcurrentHashMap instance
        ConcurrentHashMap<String, Integer> map = new ConcurrentHashMap<>();

        // Add elements
        map.put("One", 1);
        map.put("Two", 2);
        map.put("Three", 3);

        // Retrieve elements
        Integer one = map.get("One");
        System.out.println("Retrieved value for 'One': " + one);

        // Remove an element

        // Print all elements
        map.forEach((key, value) -> System.out.println(key + " = " + value));


Retrieved value for 'One': 1
One = 1
Three = 3

In this example, we’re creating a ConcurrentHashMap, adding some elements to it, retrieving an element, removing an element, and finally printing all the elements.

One thing to note is that while ConcurrentHashMap allows multiple threads to read and write concurrently, a get() operation might not reflect the latest put() operation, since it might be looking at a previous segment. Further thread synchronization mechanisms might be necessary depending on your exact use case.

Also, worth mentioning, null values and null keys are not permitted in ConcurrentHashMap to prevent ambiguities and potential errors in multithreaded contexts. If you try to use null, ConcurrentHashMap will throw a NullPointerException.

Here’s an example demonstrating the usage of ConcurrentHashMap in a multithreaded context:

package org.kodejava.util;

import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;

public class ConcurrentHashMapThreadDemo {
    public static void main(String[] args) throws InterruptedException {
        ConcurrentHashMap<String, Integer> map = new ConcurrentHashMap<>();

        // Create a ThreadPool with 5 threads
        try (ExecutorService executor = Executors.newFixedThreadPool(5)) {

            // Runnable task to increment a value in the map
            Runnable task = () -> {
                for (int i = 0; i < 10; i++) {
                    map.compute("TestKey", (key, value) -> {
                        if (value == null) {
                            return 1;
                        } else {
                            return value + 1;

            // Submit the task to each thread in the pool
            for (int i = 0; i < 5; i++) {

            // Shut down the executor and wait for tasks to complete
            if (!executor.awaitTermination(60, TimeUnit.SECONDS)) {

        System.out.println("Final value for 'TestKey': " + map.get("TestKey"));


Final value for 'TestKey': 50

In this example, we’re creating a ConcurrentHashMap and a thread pool with ExecutorService. We’re then defining a Runnable task, which increments the value of the “TestKey” key in the map 10 times.

The task uses ConcurrentHashMap‘s compute() method, which is atomic, meaning that the retrieval and update of the value is done as a single operation that cannot be interleaved with other operations. We then submit the task to each of the five threads in our thread pool. After all threads have completed their tasks, we retrieve and print the final value of “TestKey”.

If everything works correctly, the output should be “Final value for ‘TestKey’: 50”, because we have 5 threads each incrementing the value 10 times. This demonstrates the thread-safety of ConcurrentHashMap, as the compute() operation is done atomically and many threads were able to modify the map simultaneously without causing inconsistencies. If we were using a plain HashMap instead, we could not guarantee this would be the case.