Filters are part of the webserver and not the Spring framework.
For incoming requests, we can use filters to manipulate and even block requests from reaching any servlet . Vice versa, we can also block responses from reaching the client.
Creating a Filter
To create a filter, first, we create a class that implements the javax.servlet.Filter interface :
@Component
public class LogFilter implements Filter {
private Logger logger = LoggerFactory.getLogger(LogFilter.class);
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
logger.info("Hello from: " + request.getLocalAddr());
chain.doFilter(request, response);
}
}
Next, we override the doFilter method, where we can access or manipulate the ServletRequest , ServletResponse , or FilterChain objects.
We can allow or block requests with the FilterChain object. Finally, we add the Filter to the Spring context by annotating it with @Component. Spring will do the rest.
HandlerInterceptors:
HandlerInterceptor s are part of the Spring MVC framework and sit between the DispatcherServlet and our Controllers.
We can intercept requests before they reach our controllers, and before and after the view is rendered
To create a HandlerInterceptor , we create a class that implements the org.springframework.web.servlet.HandlerInterceptor interface. This gives us the option to override three methods:
preHandle() – Executed before the target handler is called.
postHandle() – Executed after the target handler but before the DispatcherServlet renders the view.
afterCompletion() – Callback after completion of request processing and view rendering
public class LogInterceptor implements HandlerInterceptor {
private Logger logger = LoggerFactory.getLogger(LogInterceptor.class);
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
logger.info("preHandle");
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView)
throws Exception {
logger.info("postHandle");
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
logger.info("afterCompletion");
}
}
Key Differences:
Let’s look at a diagram showing where filters and HandlerInterceptors fit in the request/response flow:
Filters intercept requests before they reach the DispatcherServlet, making them ideal for coarse-grained tasks such as:
- Authentication
- Logging and auditing
- Image and data compression
- Any functionality we want to be decoupled from Spring MVC
HandlerIntercepors, on the other hand, intercepts requests between the DispatcherServlet and our Controller. This allows for more fine-grained functionality such as:
- Handling cross-cutting concerns such as application logging
- Detailed authorization checks
- Manipulating the Spring context or model
Post a Comment