Java/Tomcat-Jetty
Compatibility
- Tomcat 10+
- Jetty 10+
Deprecated JavaEE support
Version 1.x of the DataDome Java Module is compatible with the deprecated JavaEE.
Add dependency for DataDome Java Module
When using Maven, update your pom.xml file with the following content:
<project>
...
<dependencies>
...
<dependency>
<groupId>co.datadome.module</groupId>
<artifactId>datadome-java-module</artifactId>
<version>2.0.3</version>
</dependency>
...
</dependencies>
...
</project>
Manual Installation
- Download and extract the archive:
wget https://package.datadome.co/linux/DataDome-Java-latest.tgz
tar zxvf DataDome-Java-latest.tgz
- The downloaded archive includes sources, so you can directly install it to your local Maven repository.
By default it is built with servlet-api-6.0. If your installation is dependant on servlet-api-4.0 or servlet-api-5.0, you need to build it manually with a different profile:
cd DataDome-JavaModuleDome-*
mvn install
cd DataDome-JavaModuleDome-*
mvn -P servlet-api-4.0 install
cd DataDome-JavaModuleDome-*
mvn -P servlet-api-5.0 install
- Copy the
target/datadome-java-module-xx.jarfile to the server lib directory, similarly to the below:
/lib
Usage
The filter has been tested on Jetty 10+, Tomcat 10+ and works with any other servers supporting Servlet API.
To use the filter you need to add it to web.xml as first server.
Example:
<web-app>
...
<filter>
<filter-name>datadome-filter</filter-name>
<filter-class>co.datadome.api.servlet.DataDomeFilter</filter-class>
<init-param>
<param-name>datadome.apikey</param-name>
<param-value>YOUR_DATADOME_SERVER_SIDE_KEY</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>datadome-filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
...
</web-app>
List of possible init parameters:
| Settings | Description | Default |
|---|---|---|
| datadome.apikey | License key to access API | |
| datadome.hostname | API server's hostname Available endpoints | api.datadome.co |
| datadome.ssl | Use SSL between the filter and the API server | true |
| datadome.regex | Inclusion Regex | "" |
| datadome.exclusion_regex | Exclusion Regex | \.(js|css|jpg|jpeg|png|ico|gif|tiff|svg|woff|woff2|ttf|eot|mp4|otf)$ |
| datadome.connection_timeout | Connection timeout (in ms) | 150 |
| datadome.read_timeout | Read timeout (in ms) | 50 |
| datadome.max_connections | Maximum open connections to the API server | 100 |
| datadome.use_x_forwarded_host | use the request header x-forwarded-host instead of host (used for cookie, dashboard domain...) | false |
| datadome.proxy_server | Host that will be used as proxy server See here | |
| datadome.proxy_port | TCP port at the proxy server See here | |
| datadome.proxy_ssl | Is the connection to the proxy established through TLS See here | false |
| datadome.skip_ips | IPv4 or IPv6 subnetwork list on which datadome validation is not executed, e.g.: "2a03:2880:1000::/36,124.66.0.0/17" |
You can use environment variables inside the DataDome filter's param-value.
For example, if you have the system environment variable DATADOME_SERVER_SIDE_KEY with your API key, you can input it in web.xml as follows:
<init-param>
<param-name>datadome.apikey</param-name>
<param-value>${DATADOME_SERVER_SIDE_KEY}</param-value>
</init-param>
Logging
Enriched Headers
You can log the values of DataDome Enriched Headers inside your Tomcat access logs.
Modify the AccessLogValve pattern inside the server.xml file to log the values that are attributes in the ServletRequestlike this:
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %{X-DataDome-isbot}r %{X-DataDome-requestid}r %{X-DataDome-devicecheckpassed}r %{X-DataDome}o" />
You can also access these values inside the code of HttpServletRequestlike this:
public class HelloServlet extends HttpServlet {
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
System.out.println("Time spent by DataDome:" + request.getAttribute("datadome.spent_time"));
System.out.println("DataDome-isbot:" + request.getHeader("X-DataDome-isbot"));
System.out.println("DataDome-botname:" + request.getHeader("X-DataDome-botname"));
PrintWriter writer = response.getWriter();
writer.print("Hello World");
}
}
Time spent calling DataDome Bot Protection API
Just as for Enriched Headers, the DataDome filter adds the attribute datadome.spent_time (number of milliseconds spent for building request/getting response from DataDome Bot Protection API).
To get this latency information in your logs, modify the AccessLogValve pattern inside the server.xml file like this:
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %{datadome.spent_time}r" />
FAQ
Can DataDome API be called via an outbound proxy?
The DataDome module can be used with an outbound proxy. Two options are available for proxy configuration:
-
Use system settings such as
-Dhttp.proxyHost=1.2.3.4 -Dhttp.proxyPort=8080 -Dhttps.proxyHost=1.2.3.4 -Dhttps.proxyPort=8443when running your java application. -
Use optional DataDome init parameters
datadome.proxy_server,datadome.proxy_port,datadome.proxy_sslinweb.xml.
Network latency
Using the DataDome module with an outbound proxy can slow down the total time spent calling DataDome API and increase timeouts. Please adjust timeout settings accordingly.
Updated 5 months ago