How to Filter Requests & Responses with Java EE 8

We use filters a lot, whether, for image compression, logging, or authentication, they have been with us since J2EE 1.3, that’s in 2001!
Now before digging into Java EE 8, let’s check how we used to write filters until today.
The servlet api
provides the interface javax.servlet.Filter
with 3 abstract
methods to be implemented.
- void init(javax.servlet.FilterConfig)
- void doFilter(javax.servlet.ServletRequest, javax.servlet .ServletResponse, javax.servlet.FilterChain)
- void destroy()
The init
method is what the web container calls when creating the filter, we can also do some custom job inside the implementation. The destroy
method is called by the web container to take the filter out of service, it useful for clear up some resources, however in many cases we had nothing to do with it, but it was just there. The doFilter
method is the big daddy, it does the main filtering job that we need, we have access to the request and response, we can block the request or let it go through the chain. In the end, our Filter would look like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | package servlet; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.annotation.WebFilter; @WebFilter(urlPatterns="/*") public class MainFilter implements Filter { public void init(FilterConfig filterConfig) throws ServletException { //Do some init job } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { chain.doFilter(request, response); } public void destroy() { //Do some destroy job } } |
Now let’s check Java EE 8!
The first change in Java EE 8 is that the init
and destroy
methods are no longer abstract
, so at first sight, this means that for those cases where we had nothing to do with them, we no longer need to implement them.
A new addition to the family are classes called GenericFilter
and HttpFilter
. The GenericFilter
is protocol-independent filter which can be extended (it already implements javax.servlet.Filter
), it provides a set of useful methods such as:
- String getInitParameter(String name)
- Enumeration<String> getInitParameterNames()
- ServletContext getServletContext()
- void log(String msg)
- String getFilterName()
The HttpFilter
is an abstract
class that extends the GenericFilter
, it is the one to be used for Web Servlets, it adds another doFilter
method but this time, instead of ServletRequest
and ServletResponse
as parameters, we have the HttpServletRequest
and HttpServletResponse
.
The future Filter would be something like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | package servlet; import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @WebFilter(urlPatterns="/*") public class MainFilter extends HttpFilter { private static final long serialVersionUID = 1L; protected void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws IOException, ServletException { chain.doFilter(req, res); } } |
Leave a Reply