Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Servlet vs Filter

What is the difference between a Servlet and Filter? What do you recommend to use for authorization to pages?

like image 936
Dejell Avatar asked Jun 02 '10 11:06

Dejell


People also ask

Is filter a servlet?

A filter is an object that is invoked at the preprocessing and postprocessing of a request. It is mainly used to perform filtering tasks such as conversion, logging, compression, encryption and decryption, input validation etc. The servlet filter is pluggable, i.e. its entry is defined in the web.

Why do we need filter in servlet?

Java Servlet Filter is used to intercept the client request and do some pre-processing. It can also intercept the response and do post-processing before sending to the client in web application.

What are servlet filters in Java?

Servlet Filters are Java classes that can be used in Servlet Programming for the following purposes − To intercept requests from a client before they access a resource at back end. To manipulate responses from server before they are sent back to the client.

What is Filter and listener in servlet?

Filter is for the Servlet, intercepting the requests and responses. Listener is for the Web Application, doing important tasks on events in context-level, session-level etc. Follow this answer to receive notifications.


2 Answers

Use a Filter when you want to filter and/or modify requests based on specific conditions. Use a Servlet when you want to control, preprocess and/or postprocess requests.

The Java EE tutorial mentions the following about filters:

A filter is an object that can transform the header and content (or both) of a request or response. Filters differ from web components in that filters usually do not themselves create a response. Instead, a filter provides functionality that can be “attached” to any kind of web resource. Consequently, a filter should not have any dependencies on a web resource for which it is acting as a filter; this way it can be composed with more than one type of web resource.

The main tasks that a filter can perform are as follows:

  • Query the request and act accordingly.
  • Block the request-and-response pair from passing any further.
  • Modify the request headers and data. You do this by providing a customized version of the request.
  • Modify the response headers and data. You do this by providing a customized version of the response.
  • Interact with external resources.

For authorization, a Filter is the best suited. Here's a basic kickoff example of how a filter checks requests for the logged-in user:

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException {     if (((HttpServletRequest) request).getSession().getAttribute("user") == null) {         // User is not logged in. Redirect to login page.         ((HttpServletResponse) response).sendRedirect("login");     } else {         // User is logged in. Just continue with request.         chain.doFilter(request, response);     } } 
like image 117
BalusC Avatar answered Sep 21 '22 18:09

BalusC


Filters are best suited for authorization. This is because they can be configured to run for all pages of a site. So you only need one filter to protect all your pages.

like image 44
kgiannakakis Avatar answered Sep 17 '22 18:09

kgiannakakis