What are Spring Boot filters?

Spring boot uses filters to distill HTTP requests, the process here is:

• Intercepts the request
• I.e The client side invoking https requests and responses

What can filters be used for?

A filter is able to perform two operations, this is done on the response and the request. This can be used to restrict URL access to users and other functionality on the request and the response.

When does a filter get invoked?

The filter comes before the controller, this determines if the request can interact with the desired controller and the response it should return.

Lets take a look at the syntax

Firstly, we start with a class that implements the interface Filter with its methods:

@Component
@Order(1)
public class ExampleFilter implements Filter {
  @Override
  public void doFilter(
    ServletRequest request,
    ServletResponse response,
    FilterChain chain
  )
    throws IOException, ServletException {
    HttpServletRequest servletRequest = (HttpServletRequest) request;
    chain.doFilter(request, response);
  }
}

As shown above the syntax has some fundamental syntactical areas that provide configuration to filter on how we apply them, lets go through this:

1. Filters are uses to incept or filter http response and request instance
2. Operations can be performed on the request instance (before sending the response instance to the controller)
3. Operations can be performance on the response instance (before sending the response back to the requested client)
4. @Component annotation is used in a spring boot application in order to utilise filter class
5. javax.servlet.Filter is the package used for this
6. The @Order annotation allows us to order our filter as we can use multiple filter!

Lets take a deeper dive on how this works…

1. @Component annotation is used alongside Filter implementation in order to initialise the class on startup in spring
2. @Order(1) annotation is used to execute the filter first in the application
3. After this, we need a class that implements the Filter interface from Servlet, this interface bring in doFilter() method
4. So for the example above we have overridden the filter methods inside the class
5. The doFilter() method will trigger if we receive any request or any HTTP request from the client (This is why we have ServletRequest and ServletResponse objects)
6. At this point the ServletRequest object is then used casted to the HttpServletRequest object, and this attempt to get the URI from it
7. This doFilter() method will now hand over the object to the controller, and all the required operations with get performed there 🤗
8. Once all the operations are done! The control returns back to this doFilter() method again
9. Loggers could be place here to monitor requests and response details (useful for debugging)

Final Note

Adopting filters are incredibly powerful for when we want to do things before and after receiving or responding to requests! Additionally, we can restrict URL, and there are also some more out the box implementations of filters that adopt security, such as BasicAuthenticationFilter (that can be used to support (OAuth2 implementation) or you can create your own custom filters.