Filter

A filter dynamically intercepts requests and responses to transform or use the information contained in the requests or responses. Filters typically do not themselves create responses, but instead provide universal functions that can be "attached" to any type of servlet or JSP page.

In Other words , A filter is an object that is used to perform filtering tasks such as conversion, log maintain, compression, encryption and decryption, input validation etc.

A filter is invoked at the preprocessing and postprocessing of a request. It is pluggable, i.e. its entry is defined in the web.xml file, if we remove the entry of filter from the web.xml file, filter will be removed automatically and we don't need to change the servlet. So it will be easier to maintain the web application.

Usage of Filter:-

Filters are used for different functions as below:-

1-Authentication-Blocking- requests based on user identity.

2-Logging and auditing-Tracking users of a web application

3- Image conversion-Scaling maps, and so on.

4- Data compression-Making downloads smaller.

5- Localization-Targeting the request and response to a particular locale

6- XSL/T transformations of XML content-Targeting web application responses to more that one type of client.

7- to encapsulate recurring tasks in reusable units

8- encryption and decryption

9- mime-type chaining, and caching

Difference Between Servlet And Filter:-

Filter	Servlet
1-Filter is used for filtering the request and perform some action like authenticity of session, user is valid or not for that request, etc.	1-Servlet is used for performing the action which needs to be taken for particular request like user login, get the response based on user role, interacts with database for getting the data, business logic execution etc
2-Filters differ from web components in that filters usually do not themselves create a response.	2-Servlet technology is used to create web application where it creates response of client’s request themselves.
3- For authorization, a Filter is the best suited This is because they can be configured to run for all pages of a site. So you only need one filter to protect all your pages.	3-Not as much as comparison to Filter.

Note:-

Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. In private and public computer networks (including the Internet), authentication is commonly done through the use of logon passwords.

Authorization is the function of specifying access rights to resources, which is related to information security and computer security in general and to access control in particular.

Filter API

Like servlet filter have its own API.The javax.servlet package contains the three interfaces of Filter API

1. Filter

2. FilterChain

3.FilterConfig

How It works:-

1-When You define a filter by implementing the Filter interface. A filter chain, passed to a filter by the container, provides a mechanism for invoking a series of filters. A filter config contains initialization data.

2-The most important method in the Filter interface is the doFilter method, which is the heart of the filter. This method usually performs some of the following actions:-

[a]-Examines the request headers

[b]-Customizes the request object if it wishes to modify request headers or data or block the request entirely

[c]-Customizes the response object if it wishes to modify response headers or data

[d]-Invokes the next entity in the filter chain. If the current filter is the last filter in the chain that ends with the target servlet, the next entity is the resource at the end of the chain; otherwise, it is the next filter that was configured. It invokes the next entity by calling the doFilter method on the chain object (passing in the request and response it was called with, or the wrapped versions it may have created). Alternatively, it can choose to block the request by not making the call to invoke the next entity. In the latter case, the filter is responsible for filling out the response.

[e]-Examines response headers after it has invoked the next filter in the chain

[f]-Throws an exception to indicate an error in processing

Note:-

In addition to doFilter, you must implement the init and destroy methods. The init method is called by the container when the filter is instantiated. If you wish to pass initialization parameters to the filter you retrieve them from the FilterConfig object passed to init.