14 - Servlet Filters

14.1 Overview

Servlet Filters are java classes designed to be able to manipulate a request or response objects which is being sent to a web application (servlet or JSP). A filter is used to perform certain logic before and / or after the functionality of a web application.

Think of the scenario where you want to protect your servlet which mean client must be able to access the servlet’s doXXX() methods if and only if the client is eligible.

To achieve this type of functionality, we can write a filter which gets executed first and determine the permission. If client is eligible then pass the request to Servlet else return back from filter.

You might be thinking that we can have a permission checker logic in servlets also. So the answer is YES, you can but there are two design issues-

a)You have to write repetitive code if permission needs to be applied on multiple resource.

b) Having permission logic in separate component keeps the design good and we will have right logic in right component.

Filters are configured in web.xml so can be easily attached or detached from servlets and to do so no code changes are needed.

Refer below Diagram which depicts the flow between servlets and filters. There can be ‘n’  numbers of filters configured for  a servlet and all filters execute in a chain. Filter 2 will be executed only if Filter 1 passes the request and so on . Once request passes all the filters ,it reaches servlets. Once servlet completes, request goes back to filter N and then Filter N-1.. and so on.

So a typical flow of the request is  F1àF2àF3...Fnà Servlet àFnàFn-1..F1

14.2 Filter Interface   

Filter class has to implement javax.servlet.Filter interface. Filter interface defines three methods which means classes implements filter interface has to implement these methods.

  • void init(FilterConfig)
  • doFilter (ServletRequest, ServletResponse, FilterChain)
  • public void destroy()

14.3 Filter Life cycle

Similar to Servlets , the life cycle of a filter is managed by a container. The life cycle
of a filter consists of implementing the following methods:

 init() This method is called only once after instantiation to perform any initialization task.We can define a initialization parameters in wex,xml for filters similar to init-params of servlets.
 doFilter() This method is called after the init() method and is called each time a
filter needs to perform any function. This method performs the actual work of a filter, either modifying the request or the response.
 destroy() This method is used to perform any cleanup operation before the container removes a filter instance.

14.4 Filter Configuration

Filters are configured in web.xml like below

<filter>
    <filter-name>MyFilter</filter-name>
    <filter-class>com.servlet.tutorial.MyFilter</filter-class>
        <init-param>
            <param-name>my-param</param-name>
            <param-value>my-param-value</param-value>
        </init-param>
</filter>
<filter-mapping>
    <filter-name>MyFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

14.5 Filter Ordering

We can have multiple filters configured and all of them will be executed but how a container will decide which filter to execute first?

Order in which filter gets executed depends on the order in which filters are configured in web.xml. For example if there are two Filter1 and Filter2 configured like below

<filter>
    <filter-name>Filter1</filter-name>
    <filter-class>com.servlet.tutorial.Filter1</filter-class>
        <init-param>
            <param-name>my-param</param-name>
            <param-value>my-param-value</param-value>
        </init-param>
</filter>
<filter-mapping>
    <filter-name>Filter1</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>        
<filter>         
    <filter-name>Filter2</filter-name>
    <filter-class>com.servlet.tutorial.Filter2</filter-class>
        <init-param>
            <param-name>my-param</param-name>
            <param-value>my-param-value</param-value>
        </init-param>
</filter>
<filter-mapping>
    <filter-name>Filter2</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

In above configuration Filter1 and Filter 2 are both configured for url pattern /* but since Filter1 is defined before Filter2 , Filter1 will execute first.

Like us on Facebook