57

What is the difference between a Servlet and Filter? What do you recommend to use for authorization to pages?

rand0rn
  • 678
  • 2
  • 12
  • 29
Dejell
  • 13,947
  • 40
  • 146
  • 229

3 Answers3

104

Use a Filter when you want to filter and/or modify requests based on specific conditions. Use a Servlet when you want to control, preprocess and/or postprocess requests.

The Java EE tutorial mentions the following about filters:

A filter is an object that can transform the header and content (or both) of a request or response. Filters differ from web components in that filters usually do not themselves create a response. Instead, a filter provides functionality that can be “attached” to any kind of web resource. Consequently, a filter should not have any dependencies on a web resource for which it is acting as a filter; this way it can be composed with more than one type of web resource.

The main tasks that a filter can perform are as follows:

  • Query the request and act accordingly.
  • Block the request-and-response pair from passing any further.
  • Modify the request headers and data. You do this by providing a customized version of the request.
  • Modify the response headers and data. You do this by providing a customized version of the response.
  • Interact with external resources.

For authorization, a Filter is the best suited. Here's a basic kickoff example of how a filter checks requests for the logged-in user:

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException {
    if (((HttpServletRequest) request).getSession().getAttribute("user") == null) {
        // User is not logged in. Redirect to login page.
        ((HttpServletResponse) response).sendRedirect("login");
    } else {
        // User is logged in. Just continue with request.
        chain.doFilter(request, response);
    }
}
Community
  • 1
  • 1
BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
21

Filters are best suited for authorization. This is because they can be configured to run for all pages of a site. So you only need one filter to protect all your pages.

kgiannakakis
  • 103,016
  • 27
  • 158
  • 194
2

Using filter we can improve servlet performance-- when request comes we can perform preprocessing on request, if request satisfies then we can forward to servlet otherwise give message to client provide appropriate information in request..

Navnath Adsul
  • 364
  • 3
  • 10