2
2
.
.
1
1
F
F
i
i
l
l
t
t
e
e
r
r
s
s
I
I
n
n
f
f
o
o
[
[
R
R
]
]
Filter is Java Class that is used to intercept HTTP Requests and Responses.
Filters perform additional operations before sending
● HTTP Request to the Controller (it can modify HTTP Request before it gets to Controller)
● HTTP Response from the Controller (it can modify HTTP Response before it is returned to the User)
Every Filter is called twice (because HTTP Requests and Responses pass through the same Filters)
● first during HTTP Request
● then during HTTP Response
Your custom Filter Class needs
● to implement Filter Interface (so that Spring would know how to use it)
● to @Override doFilter() Method (contains actual useful code performed by the Filter)
● @Component Annotation (for Spring to detect it, create Filter Object, ads it to Filter Chain)
Filters are used for (same as Interceptors)
● Security (create Authentication Object from JWT Authorities)
● Logging (log HTTP Requests/Responses: User, Endpoint, HTTP Response)
● Error Handling (give feedback to User if HTTP Request has invalid Parameters/Format)
Filter is called twice
F
F
i
i
l
l
t
t
e
e
r
r
C
C
h
h
a
a
i
i
n
n
Filter Chain is ordered set of Filters that are
● called in sequence before sending HTTP Request to the Controller
● called in reverse order before sending HTTP Response from the Controller
Filter Chain allows you to organize complex Filter Logic into multiple Filter Classes (for easier maintenance).
Filters are called in reverse order during HTTP Response
Filter 1
Controller
(Endpoints)
Request
Response
Filter 2
Request
Response
Request
Response
Filter
Controller
(Endpoints)
Request
Response
Request
Response
c
c
h
h
a
a
i
i
n
n
.
.
d
d
o
o
F
F
i
i
l
l
t
t
e
e
r
r
(
(
r
r
e
e
q
q
u
u
e
e
s
s
t
t
,
,
r
r
e
e
s
s
p
p
o
o
n
n
s
s
e
e
)
)
;
;
Call to chain.doFilter(request, response) Method is used to separate code that is execute during Request or Response.
To return before reaching Controller don't call chain.doFilter(request, response) Method.
R
R
e
e
q
q
u
u
e
e
s
s
t
t
a
a
n
n
d
d
R
R
e
e
s
s
p
p
o
o
n
n
s
s
e
e
C
C
o
o
d
d
e
e
Call to chain.doFilter(request, response) represents border between code that is execute during Request or Response
● Code before chain.doFilter(request, response) is executed during HTTP Request
● Code after chain.doFilter(request, response) is executed during HTTP Response
Method chain.doFilter() calls
● dofilter() Method of the next filter in chain
● Endpoint if there are no more filters in chain
When end of doFilter() Method is reached code returns to the next line after the call to chain.doFilter() in previous Filter
● causing subsequent code to be executed during Http Response (code after call to chain.doFilter())
● causing filters to be executed in reverse order during Http Response (but only code after call to chain.doFilter())
MyFilter.java
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
System.out.println("MyFilter: Code for HTTP Request"); //CODE FOR HTTP REQUEST
chain.doFilter(request, response); //DIVIDES CODE FOR HTTP REQUEST AND RESPONSE
System.out.println("MyFilter: Code for HTTP Response"); //CODE FOR HTTP RESPONSE
}
R
R
e
e
t
t
u
u
r
r
n
n
b
b
e
e
f
f
o
o
r
r
e
e
r
r
e
e
a
a
c
c
h
h
i
i
n
n
g
g
C
C
o
o
n
n
t
t
r
r
o
o
l
l
l
l
e
e
r
r
If you don't call chain.doFilter(request, response) then Filter returns to previous Filter after its call to chain.doFilter().
This way Filter can stop propagation of HTTP Request to subsequent Filters or Controller and initiate HTTP Response.
For instance Filter can analyze HTTP Request Parameters and if they are not valid
● Filter can prevent Request from reaching Controller (or subsequent Filters down the Filter chain)
● return HTTP Response instructing User which Parameters were wrong
