I am working on an Spring Application in which I want to do some security checks like MD5 checking of files, DB checking, Application version check etc.
I have read about Interceptors and Filters but still a bit confused about which one is good to use.
Whatever documents I have read, it is specified that filters and interceptors both can be used for Logging and auditing so which one is good for this scenario. Also all this security checks (MD5 checking of files, DB checking, Application version check) can be configured means DB check is allow, Application version check is allow likewise.
Filter is related to the Servlet API and HandlerIntercepter is a Spring specific concept. Interceptors will only execute after Filters. Fine-grained pre-processing tasks are suitable for HandlerInterceptors (authorization checks, etc.)
Performs security handling of HTTP resources via a filter implementation.
So the order goes from 1. Filter ➡️ 2. Interceptor ➡️ 3. Controller for a HTTP request.
Sorting and filtering offer two different ways to customize the view of data in your sheet. You can't do both at the same time so it's best to determine in advance which option will help more. Sorting lets you organize all or part of your data in ascending or descending order.
In my opinion one of the biggest difference between Filters and Interceptors is:
Filter works only in J2EE web applications, you can not use outside of the application servers, Interceptors can work in different components and not depends on the web layer, in summary interceptor have a wide field than filters. If you are planning to move some component outside the container, you should consider use interceptors.
Filters work more in the request/response domain, in the other hand interceptor act more in the method execution domain.
If you need to do something that could affect the request or response to your application such as logging, security, audit, or you will affect the data coming on them, your option is filter, don't forget the plug ability that those provides.
Interceptors are used in conjunction with Java EE managed classes to allow developers to invoke interceptor methods on an associated target class, in conjunction with method invocations or lifecycle events
I am late to answer, Although I want to share my views on it.
A Filter is used in the web layer only as it is defined in web.xml. We can not use it out of web context. While Spring Interceptors can be used anywhere because it is defined in Application context.
Considering above difference, For the Login authentication and auditing of incoming requests from web pages we should use a servlet filter. While for implementing your business layer logging and auditing and many other along feature we should use an Interceptor.
In addition to this, if you are using the Spring MVC. then you would like to keep all logic of filtering or intercepting in one framework, than to write some logic in servlet filter and others in spring.
Spring give one extra control point afterCompletion in addition to before and after methods
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With