Question

I am working on an Spring Application in which I want to do some security checks like MD5 checking of files, DB checking, Application version check etc.

I have read about Interceptors and Filters but still a bit confused about which one is good to use.

Whatever documents I have read, it is specified that filters and interceptors both can be used for Logging and auditing so which one is good for this scenario. Also all this security checks (MD5 checking of files, DB checking, Application version check) can be configured means DB check is allow, Application version check is allow likewise.

Was it helpful?

Solution

In my opinion one of the biggest difference between Filters and Interceptors is:

Filter works only in J2EE web applications, you can not use outside of the application servers, Interceptors can work in different components and not depends on the web layer, in summary interceptor have a wide field than filters. If you are planning to move some component outside the container, you should consider use interceptors.

Filters work more in the request/response domain, in the other hand interceptor act more in the method execution domain.

If you need to do something that could affect the request or response to your application such as logging, security, audit, or you will affect the data coming on them, your option is filter, don't forget the plug ability that those provides.

Interceptors are used in conjunction with Java EE managed classes to allow developers to invoke interceptor methods on an associated target class, in conjunction with method invocations or lifecycle events

OTHER TIPS

I am late to answer, Although I want to share my views on it.

A Filter is used in the web layer only as it is defined in web.xml. We can not use it out of web context. While Spring Interceptors can be used anywhere because it is defined in Application context.

Considering above difference, For the Login authentication and auditing of incoming requests from web pages we should use a servlet filter. While for implementing your business layer logging and auditing and many other along feature we should use an Interceptor.

In addition to this, if you are using the Spring MVC. then you would like to keep all logic of filtering or intercepting in one framework, than to write some logic in servlet filter and others in spring.

Spring give one extra control point afterCompletion in addition to before and after methods

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top