8. Servlet Architecture Overview

8. Servlet Architecture Overview
Prev	Part II. Servlet Applications	Next

8.1 Servlet Architecture Overview

Spring Security’s servlet support relies on the servlet Filter API. This means that it can work with any application that runs in a servlet container. It does not require that you use Spring in any other part of your application.

8.1.1 Understanding the Servlet Filter API

Spring Security’s servlet container support (whether you run in Apache Tomcat or other servlet container) is built on top of the Filter API. This is done because the Filter API is a standard that allows injecting logic into an application in any servlet container.

Since Spring Security is built on top of javax.servlet.Filter objects. It will greatly benefit you if you understand the concept of interceptors and how Filter objects work.

The following example shows a simple Filter implementation:

Example 8.1. SimpleFilter Example

public class SimpleFilter implements Filter {

    public void init(FilterConfig filterConfig)
            throws ServletException {
            // optional initialization
    }

    // invoked every request the Filter is mapped for
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        System.out.println("Before"); 
        chain.doFilter(request, response); 
        System.out.println("After"); 
    }

    public void destroy() {
        // optional cleanup
    }
}

	Happens before the application is invoked.
	Invokes the rest of the application. This could be additional `Filter` objects, a `Servlet`, or both.
	Happens after the application is invoked

	Important
	If `chain.doFilter` is never invoked, neither is the rest of the application.

A servlet Filter lets us apply logic around the rest of the application. This means that we can perform logic before, conditionally invoke the rest of the application, and perform logic afterwards in any servlet container.

8.1.2 Registering a Servlet Filter

In order for a servlet Filter to be invoked, it must be registered with the servlet container.

The following example shows how to do so in XML:

Example 8.2. web.xml


<filter>
    <filter-name>simpleFilter</filter-name>
    <filter-class>sample.SimpleFilter</filter-class>
</filter>


<filter-mapping>
    <filter-name>simpleFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

	Define the `Filter` to be mapped
	Provide one or more mappings for the `Filter`. In this case, `simpleFilter` is mapped by using the `/*` pattern, which signifies that it should be mapped for every request.

In Java configuration, you can use a ServletContextListener. The following example shows how to do so:

Example 8.3. RegisterServletContextListener.java

@WebListener
public class FilterStartupListener
        implements ServletContextListener {

    @Override
    public void contextInitialized(ServletContextEvent sce) {
        ServletContext ctx = sce.getServletContext();

        
        FilterRegistration fltrReg = ctx.addFilter("simpleFilter", SimpleFilter.class);

        
        EnumSet<DispatcherType> dispatchers =
            EnumSet.of(DispatcherType.REQUEST);
        
        boolean isMatchAfter = true;
        
        fltrReg.addMappingsForUrlPatterns(dispatchers, isMatchAfter, "/*");
    }
}

	Define the `Filter` to be mapped.
	In Java configuration, we must explicitly provide the Section 8.1.3, “Dispatch Types”.
	In Java configuration, we must explicitly indicate whether the `Filter` should be before or after already registered `Filter` objects.
	Provide one more mapping for the Filter. In this case, `simpleFilter` is mapped by using the `/*` pattern, which signifies that it should be mapped for every request.

8.1.3 Dispatch Types

8.1.4 Filter Ordering

8.1.5 Using `DelegatingFilterProxy`

At the heart of integrating Spring with a servlet Filter is the DelegatingFilterProxy. The DelegatingFilterProxy is registered directly with the servlet container, and it delegates all work to a Spring Bean that implements Filter.

Prev	Up	Next
7. Hello Spring Security	Home	9. Authentication