How to add a filter class in Spring Boot

Question

I wonder  if there is any annotation for a Filter class  for web applications  in Spring Boot  Perhaps  Filter    I want to add a custom filter in my project   The Spring Boot Reference Guide mentioned about  FilterRegistrationBean  but I am not sure how to use it

User · Answer

We have roughly four different options to register a filter using Spring.

Firstly, we can create a Spring bean implementing Filter or extending HttpFilter:

@Component
public class MyFilter extends HttpFilter {

    @Override
    protected void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) 
        throws IOException, ServletException {
        // Implementation details...

        chain.doFilter(request, response);
    }
}

Secondly, we can create a Spring bean extending GenericFilterBean:

@Component
public class MyFilter extends GenericFilterBean {

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain)
  throws IOException, ServletException {
    //Implementation details...

        chain.doFilter(currentRequest, servletResponse);
    }
}

Alternatively we can use the FilterRegistrationBean class:

@Configuration
public class FilterConfiguration {

    private final MyFilter myFilter;

    @Autowired
    public FilterConfiguration(MyFilter myFilter) {
        this.myFilter = myFilter;
    }

    @Bean
    public FilterRegistrationBean<MyFilter> myFilterRegistration() {
        FilterRegistrationBean<DateLoggingFilter> filterRegistrationBean = new FilterRegistrationBean<>();
        filterRegistrationBean.setFilter(myFilter);
        filterRegistrationBean.setUrlPatterns(Collections.singletonList("/*"));
        filterRegistrationBean.setDispatcherTypes(DispatcherType.REQUEST);
        filterRegistrationBean.setOrder(Ordered.LOWEST_PRECEDENCE - 1);
        return filterRegistrationBean;
    }
}

And lastly we can use the @WebFilter annotation with @ServletComponentScan:

@WebFilter(urlPatterns = "/*", dispatcherTypes = {DispatcherType.REQUEST})
public class MyFilter extends HttpFilter {

    @Override
    protected void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
  throws IOException, ServletException {
        // Implementation details...

        chain.doFilter(request, response);
    }
}

User · Answer

It s more an advice than answer  but if you are using a Spring MVC in your web application the good idea is to use Spring HandlerInterceptor instead of Filter  It can do the same job  but also   - Can work with ModelAndView  - Its methods can be called before and after request processing  or after request completion   - It can be easily tested  1 Implement HandlerInterceptor interface and add a  Component annotation to your class   Component public class SecurityInterceptor implements HandlerInterceptor        private static Logger log   LoggerFactory getLogger SecurityInterceptor class         Override     public boolean preHandle HttpServletRequest request  HttpServletResponse response  Object handler  throws Exception           request getSession true           if isLoggedIn request               return true           response getWriter   write     loggedIn   false             return false             private boolean isLoggedIn HttpServletRequest request            try               UserSession userSession    UserSession  request getSession true  getAttribute  userSession                return userSession    null  amp  amp  userSession isLoggedIn              catch IllegalStateException ex                return false                        Override     public void postHandle HttpServletRequest request  HttpServletResponse response  Object handler   Nullable ModelAndView modelAndView  throws Exception                Override     public void afterCompletion HttpServletRequest request  HttpServletResponse response  Object handler   Nullable Exception ex  throws Exception              2 Configure your Interceptor   Configuration public class WebConfig implements WebMvcConfigurer        private HandlerInterceptor securityInterceptor        Autowired     public void setSecurityInterceptor HandlerInterceptor securityInterceptor            this securityInterceptor   securityInterceptor              Override     public void addInterceptors InterceptorRegistry registry            registry addInterceptor securityInterceptor  addPathPatterns        excludePathPatterns   login     logout

User · Answer

UPDATE  2017-12-16   There are 2 simple ways to do this in Spring Boot 1 5 8 RELEASE  no need for XML   First way  If you do not have any spacific URL pattern  you can use  Component like this   Full code and details are here https   www surasint com spring-boot-filter     Component public class ExampleFilter implements Filter             Second way  If you want to use url patterns  you can use  WebFilter like this   Full code and details are here https   www surasint com spring-boot-filter-urlpattern     WebFilter urlPatterns     api count   public class ExampleFilter implements Filter           But you also need to add  ServletComponentScan annotation in your  SpringBootApplication class    ServletComponentScan  SpringBootApplication public class MyApplication extends SpringBootServletInitializer           Note that  Component is Spring s annotation  but  WebFilter is not   WebFilter is Servlet 3 annotation   Both ways  you just need basic Spring Boot dependency in pom xml  no need for explicit tomcat embedded jasper        lt  xml version  1 0  encoding  UTF-8   gt   lt project xmlns  http   maven apache org POM 4 0 0  xmlns xsi  http   www w3 org 2001 XMLSchema-instance           xsi schemaLocation  http   maven apache org POM 4 0 0 http   maven apache org xsd maven-4 0 0 xsd  gt       lt modelVersion gt 4 0 0 lt  modelVersion gt       lt parent gt           lt groupId gt org springframework boot lt  groupId gt           lt artifactId gt spring-boot-starter-parent lt  artifactId gt           lt version gt 1 5 8 RELEASE lt  version gt       lt  parent gt        lt groupId gt com surasint example lt  groupId gt       lt artifactId gt spring-boot-04 lt  artifactId gt       lt version gt 1 0-SNAPSHOT lt  version gt       lt packaging gt jar lt  packaging gt       lt properties gt           lt maven compiler target gt 1 8 lt  maven compiler target gt           lt maven compiler source gt 1 8 lt  maven compiler source gt       lt  properties gt       lt dependencies gt           lt dependency gt               lt groupId gt org springframework boot lt  groupId gt               lt artifactId gt spring-boot-starter-web lt  artifactId gt           lt  dependency gt       lt  dependencies gt       lt build gt           lt plugins gt               lt plugin gt                   lt groupId gt org springframework boot lt  groupId gt                   lt artifactId gt spring-boot-maven-plugin lt  artifactId gt               lt  plugin gt           lt  plugins gt       lt  build gt   lt  project gt    WARNING  The first way  if the Controller in Spring Boot returns to a JSP file  the request will pass the filter twice    While  in the second way  the request will pass the filter only once   I prefer the second way because it is more similar to default behavior in Servlet specification  https   docs oracle com cd E19879-01 819-3669 6n5sg7b0b index html   You can see more test log here https   www surasint com spring-boot-webfilter-instead-of-component

User · Answer

As you all know  Spring Boot is a wonderful way of developing a WebApp or StandaloneApp with minimum configuration and opinionated Setup   This is how I have achieved a Web Filter Development in Spring Boot application     My SpringBootApp Specifications -   Spring Boot version  2 0 4 RELEASE Java Version  8 0 Servlet Specification  Servlet 3 0  Mandatory and Important   I declared my Web Filter in the following manner  adhering to Servlet Specifications 3 0   This is the Programmatic way of defining a Filter as a replacement to web xml based definitions     Webfilter  annotation will be processed by the container during deployment  the Filter class in which it is found will be created as per the configuration and applied to the URL patterns  javax servlet Servlets and javax servlet DispatcherTypes      To avoid Web xml completely and to achieve  Deployable  WebApp -   To deploy Spring Boot Application as  Traditional WAR   the application class should extend SpringBootServletInitializer   NOTE    SpringBootServletInitializer is a  Programmatic Implementation  of web xml with reference to Servlet 3 0  specifications  which requires an implementation of WebApplicationInitializer   Thus  SpringBootApplication doesn t require  web xml  as its Application class  after extending SpringBootServletInitializer  scans for   -  WebFilter   -  WebListener and  -  WebServlet      Annotation  ServletComponentScan    This annotation enables scanning base packages for the web components annotated with  WebFilter   WebListener and  WebServlet   Due to the fact that embedded containers do not support  WebServlet   WebFilter and  WebListener annotations  Spring Boot  relying greatly on embedded containers  introduced this new annotation  ServletComponentScan to support some dependent jars that use these 3 annotations   Scanning is only performed when using an embedded Servlet container      Following is my Spring Boot Application Class Definition -        Custom Servlet Initializer -   Here  I have defined a Custom Class   ServletInitializer  which extends Class  SpringBootServletInitializer   As explained earlier  SpringBootServletInitializer is responsible for scanning annotations -  -  WebFilter   -  WebListener and  -  WebServlet   And hence the Spring Boot Application Class should    Either extend the class  SpringBootServletInitializer OR extend Custom class which extends the class  SpringBootServletInitializer

User · Answer

You need 2 main things   - Add  ServletComponentScan to your Main Class - you may add a package named filter inside it you create a Filter Class that has the following     Component  Order Ordered HIGHEST PRECEDENCE  public class RequestFilter implements Filter        whatever field you have  public void doFilter ServletRequest req  ServletResponse res  FilterChain chain        HttpServletResponse response    HttpServletResponse  res      HttpServletRequest request    HttpServletRequest  req       whatever implementation you want          try               chain doFilter req  res             catch Exception e                e printStackTrace                  public void init FilterConfig filterConfig      public void destroy

User · Answer

Step 1  Create a filter component by implementing Filter interface    Component public class PerformanceFilter implements Filter         Override     public void doFilter ServletRequest request  ServletResponse response  FilterChain chain              throws IOException  ServletException                                                     Step 2  Set this filter to the uri patterns using FilterRegistrationBean    Configuration public class FilterConfig        Bean     public FilterRegistrationBean lt PerformanceFilter gt  perfFilter             FilterRegistrationBean lt PerformanceFilter gt  registration   new FilterRegistrationBean lt  gt             registration setFilter new PerformanceFilter             registration addUrlPatterns                return registration            You can refer this link for complete application

User · Answer

WebFilter urlPatterns           public class XSSFilter implements Filter            private static final org apache log4j Logger LOGGER   LogManager getLogger XSSFilter class             Override         public void init FilterConfig filterConfig  throws ServletException               LOGGER info  Initiating XSSFilter                             Override         public void doFilter ServletRequest request  ServletResponse response  FilterChain chain                  throws IOException  ServletException               HttpServletRequest req    HttpServletRequest  request              HttpRequestWrapper requestWrapper   new HttpRequestWrapper req               chain doFilter requestWrapper  response                       Override         public void destroy                 LOGGER info  Destroying XSSFilter                             You need to implement Filter and need to be annotated with  WebFilter urlPatterns        And in Application or Configuration class you need to add  ServletComponentScan By this it your filter will get registered

User · Answer

From Spring docs   Embedded servlet containers - Add a Servlet  Filter or Listener to an application     To add a Servlet  Filter  or Servlet  Listener provide a  Bean   definition for it    Eg    Bean public Filter compressFilter         CompressingFilter compressFilter   new CompressingFilter        return compressFilter      Add this  Bean config to your  Configuration class and filter will be registered on startup   Also you can add Servlets  Filters  and Listeners using classpath scanning       WebServlet   WebFilter  and  WebListener annotated classes can be   automatically registered with an embedded servlet container by   annotating a  Configuration class with  ServletComponentScan and   specifying the package s  containing the components that you want to   register  By default   ServletComponentScan will scan from the package   of the annotated class

User · Answer

This filter will also help you to allow cross origin access   Component  Order Ordered HIGHEST PRECEDENCE  public class SimpleCORSFilter implements Filter        public void doFilter ServletRequest req  ServletResponse res  FilterChain chain  throws IOException  ServletException                HttpServletResponse response    HttpServletResponse  res              HttpServletRequest request    HttpServletRequest  req              response setHeader  Access-Control-Allow-Origin                     response setHeader  Access-Control-Allow-Methods    POST  GET  OPTIONS  DELETE                response setHeader  Access-Control-Max-Age    20000                response setHeader  Access-Control-Allow-Headers    x-requested-with  authorization  Content-Type  Authorization  credential  X-XSRF-TOKEN                 if  OPTIONS  equalsIgnoreCase request getMethod                       response setStatus HttpServletResponse SC OK                 else                   chain doFilter req  res                             public void destroy            Override     public void init FilterConfig arg0  throws ServletException              TODO Auto-generated method stub

User · Answer

You can use  WebFilter javax servlet annotation WebFilter on a class that  implements javax servlet Filter   WebFilter urlPatterns         public class MyFilter implements Filter      Then use  ServletComponentScan to register

User · Answer

Here is an example of one method of including a custom filter in a Spring Boot MVC application   Be sure to include the package in a component scan   package com dearheart gtsc filters   import java io IOException   import javax servlet Filter  import javax servlet FilterChain  import javax servlet FilterConfig  import javax servlet ServletException  import javax servlet ServletRequest  import javax servlet ServletResponse  import javax servlet http HttpServletResponse   import org springframework context annotation Profile  import org springframework stereotype Component    Component public class XClacksOverhead implements Filter      public static final String X CLACKS OVERHEAD    X-Clacks-Overhead       Override   public void doFilter ServletRequest req  ServletResponse res        FilterChain chain  throws IOException  ServletException        HttpServletResponse response    HttpServletResponse  res      response setHeader X CLACKS OVERHEAD   GNU Terry Pratchett        chain doFilter req  res           Override   public void destroy          Override   public void init FilterConfig arg0  throws ServletException

User · Answer

you can also make a filter by using  WebFilter and implements Filter  it will do     Configuration         public class AppInConfig                     Bean        Order 1        public FilterRegistrationBean aiFilterRegistration                 FilterRegistrationBean registration   new FilterRegistrationBean                registration setFilter new TrackingFilter                 registration addUrlPatterns                     registration setOrder 1               return registration                  Bean name    TrackingFilter           public Filter TrackingFilter                 return new TrackingFilter

User · Answer

First  add  ServletComponentScan to your SpringBootApplication class    ServletComponentScan public class Application     Second  create a filter file extending Filter or third-party filter class and add  WebFilter to this file like this    Order 1    optional  WebFilter filterName    XXXFilter   urlPatterns             dispatcherTypes    DispatcherType REQUEST  DispatcherType FORWARD       initParams     WebInitParam name    confPath   value    classpath  xxx xml     public class XXXFilter extends Filter

User · Answer

If you use Spring Boot   Spring Security  you can do that in the security configuration   In the below example  I m adding a custom filter before the UsernamePasswordAuthenticationFilter  see all the default Spring Security filters and their order       EnableWebSecurity class SecurityConfig extends WebSecurityConfigurerAdapter         Autowired FilterDependency filterDependency        Override     protected void configure HttpSecurity http  throws Exception           http              addFilterBefore                  new MyFilter filterDependency                   UsernamePasswordAuthenticationFilter class             And the filter class    class MyFilter extends OncePerRequestFilter        private final FilterDependency filterDependency       public MyFilter FilterDependency filterDependency            this filterDependency   filterDependency              Override     protected void doFilterInternal HttpServletRequest request          HttpServletResponse response          FilterChain filterChain          throws ServletException  IOException             filter        filterChain doFilter request  response

User · Answer

There are three ways to add your filter    Annotate your filter with one of the Spring stereotypes such as  Component  Register a  Bean with Filter type in Spring  Configuration Register a  Bean with FilterRegistrationBean type in Spring  Configuration   Either  1 or  2 will do if you want your filter applies to all requests without customization  use  3 otherwise  You don t need to specify component scan for  1 to work as long as you place your filter class in the same or sub-package of your SpringApplication class   For  3  use along with  2 is only necessary when you want Spring to manage your filter class such as have it auto wired dependencies   It works just fine for me to new my filter which doesn t need any dependency autowiring injection    Although combining  2 and  3 works fine  I was surprised it doesn t end up with two filters applying twice   My guess is that Spring combines the two beans as one when it calls the same method to create both of them   In case you want to use  3 alone with authowiring  you can AutowireCapableBeanFactory  The following is an example    private  Autowired AutowireCapableBeanFactory beanFactory        Bean     public FilterRegistrationBean myFilter             FilterRegistrationBean registration   new FilterRegistrationBean            Filter myFilter   new MyFilter            beanFactory autowireBean myFilter           registration setFilter myFilter           registration addUrlPatterns   myfilterpath              return registration

User · Answer

Using the  WebFilter annotation  it can be done as follows    WebFilter urlPatterns            public class AuthenticationFilter implements Filter       private static Logger logger   Logger getLogger AuthenticationFilter class         Override     public void destroy                TODO Auto-generated method stub              Override     public void doFilter ServletRequest arg0  ServletResponse response  FilterChain chain              throws IOException  ServletException             logger info  checking client id in filter            HttpServletRequest request    HttpServletRequest  arg0          String clientId   request getHeader  clientId            if  StringUtils isNotEmpty clientId                 chain doFilter request  response             else               logger error  client id missing                           Override     public void init FilterConfig arg0  throws ServletException              TODO Auto-generated method stub

User · Answer

I saw answer by  Vasily Komarov  Similar approach  but using abstract HandlerInterceptorAdapter  class instead of using HandlerInterceptor   Here is an example      Component public class CustomInterceptor extends HandlerInterceptorAdapter       Override     public boolean preHandle HttpServletRequest request  HttpServletResponse response  Object handler              throws Exception             Configuration public class InterceptorConfig extends WebMvcConfigurerAdapter         Autowired     private CustomInterceptor customInterceptor         Override     public void addInterceptors InterceptorRegistry registry            registry addInterceptor customInterceptor

User · Answer

I saw a lot of answers here but I didn t try any of them  I ve just created the filter as in the following code    import org springframework context annotation Configuration  import javax servlet    import javax servlet annotation WebFilter  import java io IOException    WebFilter urlPatterns     Admin    Configuration public class AdminFilter implements Filter       Override     public void init FilterConfig filterConfig  throws ServletException                Override     public void doFilter ServletRequest servletRequest  ServletResponse  servletResponse  FilterChain filterChain  throws IOException  ServletException            System out println  happened                 Override     public void destroy                And leaved the remaining Spring Boot application as it was

User · Answer

Filters are mostly used in logger files it varies according to the logger you using in the project Lemme explain for log4j2    lt Filters gt                   lt  -- It prevents error -- gt                   lt ThresholdFilter level  error  onMatch  DENY  onMismatch  NEUTRAL   gt                   lt  -- It prevents debug -- gt                   lt ThresholdFilter level  debug  onMatch  DENY  onMismatch  NEUTRAL    gt                   lt  -- It allows all levels except debug trace -- gt                   lt ThresholdFilter level  info  onMatch  ACCEPT  onMismatch  DENY    gt                lt  Filters gt    Filters are used to restrict the data and i used threshold filter further to restrict the levels of data in the flow I mentioned the levels that can be restricted over there  For your further refrence see the level order of log4j2 - Log4J Levels  ALL   TRACE   DEBUG   INFO   WARN   ERROR   FATAL   OFF

User · Answer

Here is an example of my custom Filter class   package com dawson controller filter   import org springframework stereotype Component  import org springframework web filter GenericFilterBean   import javax servlet    import javax servlet http HttpServletRequest  import javax servlet http HttpServletResponse  import java io IOException     Component public class DawsonApiFilter extends GenericFilterBean         Override     public void doFilter ServletRequest request  ServletResponse response  FilterChain chain  throws IOException  ServletException           HttpServletRequest req    HttpServletRequest  request          if  req getHeader  x-dawson-nonce      null    req getHeader  x-dawson-signature      null                HttpServletResponse httpResponse    HttpServletResponse  response              httpResponse setContentType  application json                httpResponse sendError HttpServletResponse SC BAD REQUEST   Required headers not specified in the request                return                    chain doFilter request  response             And I added it to the Spring boot configuration by adding it to Configuration class as follows   package com dawson configuration   import com fasterxml jackson datatype hibernate5 Hibernate5Module  import com dawson controller filter DawsonApiFilter  import org springframework beans factory annotation Autowired  import org springframework boot autoconfigure SpringBootApplication  import org springframework boot web servlet FilterRegistrationBean  import org springframework context annotation Bean  import org springframework http converter json Jackson2ObjectMapperBuilder    SpringBootApplication public class ApplicationConfiguration        Bean     public FilterRegistrationBean dawsonApiFilter             FilterRegistrationBean registration   new FilterRegistrationBean            registration setFilter new DawsonApiFilter        In case you want the filter to apply to specific URL patterns only         registration addUrlPatterns   dawson              return registration

User · Answer

There isn t a special annotation to denote a servlet filter  You just declare a  Bean of type Filter  or FilterRegistrationBean   An example  adding a custom header to all responses  is in Boot s own EndpointWebMvcAutoConfiguration   If you only declare a Filter it will be applied to all requests  If you also add a FilterRegistrationBean you can additionally specify individual servlets and url patterns to apply   Note   As of Spring Boot 1 4  FilterRegistrationBean is not deprecated and simply moved packages from org springframework boot context embedded FilterRegistrationBean to org springframework boot web servlet FilterRegistrationBean

User · Answer

Filters as the name suggest used to perform filtering on either the request to a resource or on the response from a resource  or both  Spring Boot provides few options to register custom filters in the Spring Boot application  Let   s look at the different options   1  Define Spring Boot Filter and Invocation Order  Implement Filter interface to create a new filter in Spring Boot    Configuration  Order Ordered HIGHEST PRECEDENCE  public class CustomFilter implements Filter     private static final Logger LOGGER   LoggerFactory getLogger CustomFilter class      Override  public void init FilterConfig filterConfig  throws ServletException     LOGGER info             Initiating Custom filter                     Override  public void doFilter ServletRequest servletRequest  ServletResponse servletResponse  FilterChain filterChain  throws IOException  ServletException      HttpServletRequest request    HttpServletRequest  servletRequest    HttpServletResponse response    HttpServletResponse  servletResponse     LOGGER info  Logging Request            request getMethod    request getRequestURI          call next filter in the filter chain   filterChain doFilter request  response      LOGGER info  Logging Response       response getContentType           Override  public void destroy          TODO  7 4 18        Let   s quickly look at some important points in the above code   The filter registered by  Component annotation  To fire filters in the right order   we needed to use the  Order annotation    Component  Order 1  public class CustomFirstFilter implements Filter       Component  Order 2  public class CustomSecondFilter implements Filter         In the above code  CustomFirstFilter will run before the CustomSecondFilter      The lower the number  the higher the precedence   2  URL Pattern  If the convention-based mapping is not flexible enough  we can use FilterRegistrationBean for the complete control of the application  Here  don   t use  Component annotation for the filter class but register the filter using a FilterRegistrationBean    public class CustomURLFilter implements Filter     private static final Logger LOGGER   LoggerFactory getLogger CustomURLFilter class      Override  public void init FilterConfig filterConfig  throws ServletException     LOGGER info             Initiating CustomURLFilter filter                     Override  public void doFilter ServletRequest servletRequest  ServletResponse servletResponse  FilterChain filterChain  throws IOException  ServletException      HttpServletRequest request    HttpServletRequest  servletRequest    HttpServletResponse response    HttpServletResponse  servletResponse     LOGGER info  This Filter is only called when request is mapped for  customer resource         call next filter in the filter chain   filterChain doFilter request  response         Override  public void destroy             Register the custom Filter using FilterRegistrationBean    Configuration public class AppConfig      Bean  public FilterRegistrationBean  lt  CustomURLFilter  gt  filterRegistrationBean       FilterRegistrationBean  lt  CustomURLFilter  gt  registrationBean   new FilterRegistrationBean      CustomURLFilter customURLFilter   new CustomURLFilter       registrationBean setFilter customURLFilter     registrationBean addUrlPatterns   greeting        registrationBean setOrder 2     set precedence   return registrationBean

User · Answer

If you want to setup a third-party filter you can use FilterRegistrationBean  For example the equivalent of web xml   lt filter gt        lt filter-name gt SomeFilter lt  filter-name gt           lt filter-class gt com somecompany SomeFilter lt  filter-class gt   lt  filter gt   lt filter-mapping gt       lt filter-name gt SomeFilter lt  filter-name gt       lt url-pattern gt  url   lt  url-pattern gt       lt init-param gt          lt param-name gt paramName lt  param-name gt          lt param-value gt paramValue lt  param-value gt       lt  init-param gt   lt  filter-mapping gt    These will be the two beans in your  Configuration file   Bean public FilterRegistrationBean someFilterRegistration          FilterRegistrationBean registration   new FilterRegistrationBean        registration setFilter someFilter         registration addUrlPatterns   url          registration addInitParameter  paramName    paramValue        registration setName  someFilter        registration setOrder 1       return registration      public Filter someFilter         return new SomeFilter        The above was tested with spring-boot 1 2 3

[java] How to add a filter class in Spring Boot?

Examples related to java

Examples related to configuration

Examples related to spring-boot

Examples related to servlet-filters