Filters can filter all kinds of content in a website (pages, servlets, images, files), and perform some common functions during website content requests and responses.

Filter chain

Multiple filters can be created in a project, and site content may pass through multiple filters, which form a chain of filters.

Picture 1

Implementation method:

1. Implement the Filter interface

Init initialization

DoFilter is used for filtering


ServletRequest request

ServletResponse response

Filterchain FilterChain

// Let the request pass, execute the next filter, if this method is not executed, the request is intercepted

chain.doFilter(request, response);

Destroy the destruction

2, configuration,


<! Set the filter –>










Explanation: * represents that all website content is filtered by this filter. You can specify the content to be filtered, such as:




Sequence of filter execution:

If it is annotated, execute it in name order

If configured by web.xml, follow the order of games defined by the filter

Case study: Form duplicate submission problem

Submit the form data to the server multiple times

Problem: 1, increase the burden of server 2, insert duplicate data many times

Duplicate submissions may occur:

1. After submitting the form, use forward to jump to other pages to refresh the page

2. Refresh the page several times before the server responds after submitting the form

3. Click the “Submit” button several times before the server responds after submitting the form

4. After submitting the form, skip to “Back” and click “Submit”


1. Before entering the form page, create a random string of tokens in the filter and store it in the Session.

2. Add a hidden field to the form with a Token string value that will be submitted to the server along with the form

3. After submitting to the server, compare the Token in the form with the Token in the Session. If the Token is the same, submit the form normally; otherwise, submit the form repeatedly.

4. If the Session is successfully submitted, remove the Token from the Session.

/ * *

* Filters for generating tokens

* /


public class TokenFilter implements Filter{


public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)

throws IOException, ServletException {

// Generates a random string

String token = UUID.randomUUID().toString();

// Save to Session

HttpServletRequest res = (HttpServletRequest) request;

res.getSession().setAttribute(“token”, token);

// Execute the following filter

chain.doFilter(request, response);



public void init(FilterConfig filterConfig) throws ServletException {}


public void destroy() {}


/ * *

* Simulate a Servlet that adds data

* /


public class AddUserServlet extends HttpServlet{


protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {

// Determine if the token in the form is the same as the token in the Session

String token1 = (String) req.getSession().getAttribute(“token”);

String token2 = req.getParameter(“token”);

if(! token1.equals(token2)){

// If not, it is a duplicate submission

System.out.println(” This is a duplicate commit “);



String name = req.getParameter(“name”);

String age = req.getParameter(“age”);

// Impersonate code, insert database successfully

System.out.println(name+”,”+age+” insert into database “);

// Remove the token from the Session

req.getSession().setAttribute(“token”, “”);

try {


} catch (InterruptedException e) {



req.getRequestDispatcher(“test.jsp”).forward(req, resp);


The JSP page:



<! //W3C//DTD HTML 4.01 Transitional//EN” “



<meta http-equiv=”Content-Type” content=”text/html; charset=UTF-8″>

<title>Insert title here</title>



<form action=”” method=”post”>

<input type=”submit” value=” user “>

<! — Place token in hidden field –>

<input type=”hidden” name=”token” value=”${token}”>




Filters can filter various resources in a Web site and add additional functionality to servlets and JSPs, such as setting encoding formats, verifying user logins, resolving duplicate submissions, and so on.