Servlet filtering

Servlet filtering

Servlet filtering provides a new type of object called a filter that can transform a request or modify a response.

You can chain filters together so that a group of filters can act on the input and output of a specified resource or group of resources.

Filters typically include logging filters, image conversion filters, encryption filters, and Multipurpose Internet Mail Extensions (MIME) type filters (functionally equivalent to the servlet chaining). Although filters are not servlets, their life cycle is very similar.

Filters are handled in the following manner:

  1. The Web container determines whether it needs to construct a FilterChain containing the LoggingFilter for the requested resource.

    The FilterChain begins with the invocation of the LoggingFilter and ends with the invocation of the requested resource.

  2. If other filters need to go in the chain, the Web container places them after the LoggingFilter and before the requested resource.

  3. The Web container then instantiates and initializes the LoggingFilter (if it was not done previously) and invokes its doFilter(FilterConfig) method to start the chain.

  4. The LoggingFilter preprocesses the request and response objects and then invokes the filter chain doFilter(ServletRequest, ServletResponse) method.

    This method passes the processing to the next resource in the chain, the requested resource.

  5. Upon return from the filter chain doFilter(ServletRequest, ServletResponse) method, the LoggingFilter performs post-processing on the request and response object before sending the response back to the client.

Java Specification 2.4 allows you to define a new <dispatcher> element in the deployment descriptor with possible values such as REQUEST, FORWARD, INCLUDE, ERROR, instead of invoking filters with RequestDispatcher. For example:

  <filter-mapping>
  <filter-name>Logging Filter</filter-name>
  <url-pattern>/products/*</url-pattern>
  <dispatcher>FORWARD</dispatcher>
  <dispatcher>REQUEST</dispatcher>
  </filter-mapping>
This indicates that the filter should be applied to requests directly from the client as well as forward requests. Adding the INCLUDE and ERROR values also indicates that the filter should additionally be applied for included requests and <error-page> requests. If you do not specify any <dispatcher> elements, then the default is REQUEST.

Related reference
Filter, FilterChain, FilterConfig classes for servlet filtering
Example: com.ibm.websphere.LoggingFilter.java