Servlet filtering
Servlet filtering provides a new type of object called a filter that can transform a request or modify a response.
We can chain filters together so that a group of filters can act on the input and output of a specified resource or group of resources.
Filters typically include logging filters, image conversion filters, encryption filters, and MIME type filters (functionally equivalent to the servlet chaining). Although filters are not servlets, their life cycle is very similar.
Filters are handled in the following manner:
- The web container determines whether it needs to construct a FilterChain containing the LoggingFilter for the requested resource.
The FilterChain begins with the invocation of the LoggingFilter and ends with the invocation of the requested resource.
- If other filters need to go in the chain, the web container places them after theLoggingFilter and before the requested resource.
- The web container then instantiates and initializes the LoggingFilter (if it was not done previously) and invokes its doFilter(FilterConfig) method to start the chain.
- The LoggingFilter preprocesses the request and response objects and then invokes the filter chain doFilter(ServletRequest, ServletResponse) method.
This method passes the processing to the next resource in the chain, the requested resource.
- Upon return from the filter chain doFilter(ServletRequest, ServletResponse) method, the LoggingFilter performs post-processing on the request and response object before sending the response back to the client.
Java Servlet Specification 2.4 enables us to define a new <dispatcher> element in the deployment descriptor with possible values such as REQUEST, FORWARD, INCLUDE, ERROR, instead of invoking filters with RequestDispatcher.
Java Servlet Specification 3.0 enables us to define a new <dispatcher> element in the deployment descriptor with possible values such as ASYNC, REQUEST, FORWARD, INCLUDE, ERROR, instead of invoking filters with RequestDispatcher.
For example:
<filter-mapping> <filter-name>Logging Filter</filter-name> <url-pattern>/products/*</url-pattern> <dispatcher>FORWARD</dispatcher> <dispatcher>REQUEST</dispatcher> </filter-mapping>
This indicates that the filter should be applied to requests directly from the client as well as forward requests. Adding the INCLUDE and ERROR values also indicates that the filter should additionally be applied for included requests and <error-page> requests. If we do not specify any <dispatcher> elements, then the default is REQUEST.
Filter, FilterChain, FilterConfig classes for servlet filtering
The following interfaces are defined as part of the javax.servlet package:
- Filter interface - methods: doFilter, getFilterConfig, setFilterConfig
- FilterChain interface - methods: doFilter
- FilterConfig interface - methods: getFilterName, getInitParameter, getInitParameterNames, getServletContext
The following classes are defined as part of the javax.servlet.http package:
- HttpServletRequestWrapper - methods: See the Servlet 2.4 Specification
- HttpServletResponseWrapper - methods: See the Servlet 2.4 Specification
Web applications: Resources for learning Servlet 2.4 specification