Filters are used to intercept requests and responses from a server and allow developers to manipulate them. When a filter is declared,
but the corresponding filter assignment is inadvertently not, then the code is vulnerable to security problems or business logic
instability.
If a filter is defined in the web application descriptor file web.xml but is not used in a "filter mapping", this is an indication
that it may have been forgotten.
What is the potential impact?
If a filter is not used in a <filter-mapping> element, it will not be called. Below are some examples of the impact of this
oversight.
Unauthorized access
One of the main uses of Struts filters is to provide security measures such as authentication and authorization. If a filter is forgotten in the
filter mappings, unauthorized users could gain access to sensitive data or perform actions that they are not authorized to perform.
Functional problems
Filters can also be used to modify requests and responses, format data, or even handle errors. If these features are not included in the filter
mappings, they may not work as expected, resulting in a poor user experience or even application crash.
Performance issues
Some filters are designed to improve the performance of your application, such as those that implement caching strategies. If these are not mapped,
you may experience slow response times or increased server load on your application.
