Why Filters

In the processing of requests by Servlets there may be some tasks that need to be done before and after request processing. These tasks are not intended to be done by Servlets, but are essentials in order to serve the requests.

Tasks need to be done before request processing called request pre-processing. These task also includes cross cutting concerns like security and logging. Eg:

  • Security
  • Logging
  • Authentication and Authorization
  • Session validity

Tasks need to be done after request processing called request post-processing. Eg:

  • Data compression
  • Data encryption or encoding
  • URL rewriting

These tasks can be done in servlet itself but writing code for same task in different servlets may incur maintenance cost. These type of common tasks can be separated from servlet and can be used before servlet start processing request as well as after servlet completes processing of request. To achieve the same Servlet Filters can be used

What is Filter?

  • Filters are web components like Servlet
  • Web container manages complete life cycle of filters
  • Filter life cycle is same as Servlet except calling service methods containr invokes doFilter method
  • Filters are responsible for request pre-processing and request post-processing
  • Servlets are responsible for core request processing
  • Filters removes pre and post processing code duplication in each servlet

How to work with filters?

Like Servlets mapped towards urls using annotation, Filters can be mapped towards urls and Servlet names with annotation or via configuration in web.xml or by mixing both.

Any class which is a Filter if it

  • Implements javax.servlet.Filter interface
  • Annotated with @WebFilter annotation
  • Your filter class must has to override Filter life cycle methods

      public void init(FilterConfig fConfig)
      public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc)
      public void destroy()


    @WebFilter(description = "Demostrate how to use filter", 
    urlPatterns = { "*.do" }, 
    initParams = { @WebInitParam(name = "filterName", 
            value = "MyFilter", 
           description = "The filter name") })
    public class Myfilter implements Filter {


    You may want to capture input parameters and the IP address of the user before servlet start request processing. Once servlet completes request processing you may also want to capture the message being send by the servlet.

    public void doFilter(ServletRequest request, ServletResponse response,
        FilterChain chain) throws IOException, ServletException {
      // Pre-processing
      // pass the request along the filter chain
      // servlet core request processing - control goes to servlet
      chain.doFilter(request, response);
      // Post-processing
      Object obj = request.getAttribute("msg");
      String msg = obj.toString();

    Filter life cycle

    Life cycle of the Filter is same as the Servlet life cycle except that container will be calling the doFilter() provided by the Filter interface instead for service() method of Servlet. A filter will be having one instance per declaration and like ServletConfig there will be a FilterConfig object injected inside it. FilterConfig holds the reference to ServletContext.

    • All filters will be initialized by container at container start-up
    • At the time of filter initialization
      • Filter class will be loaded
      • Filter instance will be created using default constructor
      • Filter instance will be cast to javax.servlet.Filter
      • FilterConfig object will be create
      • FilterConfig object will be initialized using filter config parameter
      • FilterConfig object will be initialized with ServletContext object
      • Filter.init will be called by passing FilterConfig object
    • User performs pre and post processing in Filter.doFilter by sandwiching chain.doFilter
    • At container shutdown, container calls Filter.destroy to release the resources
    Footer with Map