What's the point of Spring MVC's DelegatingFilterProxy?

Question

I see this in my Spring MVC app\'s web.xml:

    springSecurityFilterCh         


        

Answer 1

What are Servlet Filters?

Servlet filters are, in general, a Java WebApp concept. You can have servlet filters in any webapp, whether or not you use Spring framework in your application.

These filters can intercept requests before they reach the target servlet. You can implement common functionality, like authorization, in servlet filters. Once implemented, you can configure the filter in your web.xml to be applied to a specific servlet, specific request url patterns or all url patterns.

Where servlet filters are used?

Modern web-apps can have dozens of such filters. Things like authorization, caching, ORM session management, and dependency injection are often implemented with the aid of servlet filter. All of these filters need to be registered in web.xml.

Instantiating Servlet Filters - without Spring Framework

Your servlet container creates instances of Filters declared in web.xml and calls them at appropriate times (i.e., when servicing servlet requests). Now if you are like most of the Dependency Injection (DI) fans, you would likely say that creation of instances is what my DI framework (Spring) does better. Can't I get my servlet filters created with Spring so they are amenable to all DI goodness?

DelegatingFilterProxy, so that Spring creates your filter instances

This is where DelegatingFilterProxy steps in. DelegatingFilterProxy is an impelmentation of the javax.servlet.Filter interface provided by Spring Framework. Once you configure DelegatingFilterProxy in web.xml, you can declare the actual beans that do the filtering in your spring configuration. This way, Spring creates the instances of beans that do the actual filtering, and you can use DI to configure these beans.

Note that you need only a single DelegatingFilterProxy declaration in web.xml but you can have several filtering beans chained together in your application context.