Filters are Java components—very similar to servlets—that you can use to intercept and process requests before they are sent to the servlet, or to process responses after the servlet has completed, but before the response goes back to the client.
The Container decides when to invoke your filters based on declarations in the DD. In the DD, the deployer maps which filters will be called for which request URL patterns. So it’s the deployer, not the programmer, who decides which subset of requests or responses should be processed by which filters.
Fun things to do with Filters
Request filters can:
perform security checks
reformat request headers or bodies
audit or log requests
Response filters can:
compress the response stream
append or alter the response stream
create a different response altogether
There is only ONE filter interface, Filter.
There’s no such thing as a RequestFilter or ResponseFilter interface—it’s just Filter. When we talk about a request filter vs. a response filter, we’re talking only about how you USE the filter, not the actual filter interface. As far as the Container is concerned, there is only one kind of filter—anything that implements the Filter interface.