Servlet filter

A filter is helped to transform the header or content or both of a request or response. A filter is an object. Actually, filters don’t create a response; they are pre-processors of the request before it reaches a servlet, and/or post processors of the response leaving a servlet. The web components in that they usually do not themselves make a response.

Filters differ from it in the way filter provides functionality that can be “connected or attached” to any kind of Web resource. The filter can be composable with more than one type of Web resources, because as a consequence, a filter should not have any dependencies on Web resources for which it is behaving as a filter. Filters can perform many tasks.

These are the main tasks that is performed by the filter

  • Query the request and act accordingly.
  • Block the request-and-response pair from passing any further.
  • Modify the request headers and data by providing a customized version of the request Object that cover the actual request.
  • Modify the response headers and data by providing a customized version of the response object that wraps the real response
  • Interact with external resources.

Filters consist of several applications

  1. Authentication.
  2. Logging
  3. Image conversion.
  4. Data compression
  5. Encryption
  6. Tokenizing streams
  7. XML transformations

We can configure a Web resource to be filtered by a chain of zero, one, or more filters in a specific order. This chain is specified when the Web application containing the component is deployed and is instantiated when a Web container load the component. A filter implements javax.servlet.Filter and defines its three methods:

  1. void init(FilterConfig config) throws ServletException: Called before the filter goes into service, and sets the filter’s configuration object
  2. void destroy(): Called after the filter has been taken out of service
  3. void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException: Performs the actual filtering work

The server calls init(FilterConfig) once to prepare the filter for service, then calls doFilter() any number of times for requests specially set up to use the filter. The FilterConfig interface has methods to retrieve the filter’s name; it’s init parameters, and the active servlet context. The server calls destroy() to indicate that the filter is being taken out of service. The filter lifecycle is now very similar to the servlet life cycle – a change recently made in the Servlet API 2.3 .

Previously, the lifecycle involved a setFilterConfig(FilterConfig) method.

In its doFilter() method, each filter receives the current request and response, as well as a FilterChain containing the filters that still must be processed. In the doFilter() method, a filter may do what it wants with the request and response.

The filter then calls chain.doFilter() to transfer control to the next filter. When that call returns, a filter can, at the end of its own doFilter() method, perform additional work on the response; for instance, it can log information about the response. If the filter wants to halt the request processing and gain full control of the response, it can intentionally not call the next filter.

Eg: – Filter reads own initial parameters and adds its value to the response. Use the init-param child element of the filter element to declare the initialization parameter and its value. Inside the filter, access the init parameter by calling the FilterConfig object’s getInitParameter method.

import javax.servlet.*;
import javax.servlet.http.*;
public class ResponseFilterExample implements Filter{
private FilterConfig config = null;
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filterchain)throws IOException, ServletException{
filterchain.doFilter(request, response);
PrintWriter out = response.getWriter();
out.println("<b>Filter Received Your Message Successfully:</b>" +
public void destroy() { }
public void init(FilterConfig config) {
this.config = config;

The above code initialized the FilterConfig object in its init methods, which is called once when the web container creates an instance of the filter. The code then gets the value of the filter’s init parameter by calling the config.getInitParameter(“response”).