I was just discussing this idea of Servlet Filters with a friend and I was trying to explain to him how Filters work and how they are really aspects in the AOP world. I think filters are really incredibly helpful and yet very few developers know about them and even fewer developers implement them. So my thought was that if we started using buzzwords like AOP around filters, suddenly Filters become sexy and everyone’s jumping over to implement Filters.
The filter API was introduced in the Servlet 2.3 specification and is defined by the Filter, FilterChain, and FilterConfig interfaces in the javax.servlet package. You define a filter by implementing the Filter interface. A filter chain, passed to a filter by the container, provides a mechanism for invoking a series of filters. A filter config contains initialization data. The most important method in the Filter interface is the doFilter() method, which is the heart of the filter. Filters intercept request to your web application based on the url-pattern specified in the web.xml, where the filters are defined.
I have used Filters extensively and have a few Filters ready to go when I am called into debug applications in production that are misbehaving or just broken. One of the filters I use quite often is a simple authentication filter that makes is easy to ensure consumers of the web application is authenticated. Here’s a simple snippet:
Here’s a copy of the original documented Filter java class.