23

What's the difference, really, between filters and interceptors? I realize that interceptors fire before and after an action, recursively, and filters can be configured to fire on actions and on certain url patterns. But how do you know when to use each one?

In the book I'm reading on Struts 2, it seems that interceptors are being pushed and I even followed a tutorial to write an Authentication Interceptor to make sure a user is logged in. However, if the user tries to access a URL that doesn't have an action associated with it, the interceptor doesn't catch it, which means I'd have to associate an action with every jsp that I want to be secure. That doesn't seem right.

I can make an Authentication Filter that handles URLs so that I don't have to do that, but then, what's the point of interceptors?

JPC
  • 8,096
  • 22
  • 77
  • 110
  • 10
    It's good practice to stick your .jsp's in the /WEB-INF folder. That way they can't be requested directly by URL. Rather the user should be going through Actions, which then forward to the correct jsp (depending on the result). – Pat Jul 15 '10 at 15:24

6 Answers6

45

The most significant difference is that "interceptors" are a part of the Struts 2 framework, and are only part of the request handling that is done by the Struts 2 framework. "Filters" on the other hand are a part of the Servlet Specifcation; in other words, they are part of the Servlet API. If you are using Struts 2, you should use interceptors for wrapping functionality around your Struts 2 actions. If you are trying to wrap functionality around requests coming to your webapp, but not being handled by Struts 2, then a filter might be more appropriate.

BTW, the entire Struts 2 Framework is deployed inside a filter configured in your web app, declared in your webapp's deployment descriptor ( web.xml ) like:

    <filter>
        <filter-name>struts2</filter-name>
        <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
    </filter>

     <filter-mapping>
        <filter-name>struts2</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

This filter, which is configured to catch all requests URL patterns, is the entry point into the entire Struts 2 framework.

I hope that helps.

gprathour
  • 14,813
  • 5
  • 66
  • 90
chad
  • 7,369
  • 6
  • 37
  • 56
  • thanks for the hint on Servlet Spec and Struts 2 framework differentiation. – asgs May 02 '12 at 05:53
  • that means they have the same functionality. – hiway Dec 08 '13 at 08:02
  • 2
    @hiway I wouldn't say they have the same functionality, I would say they serve the same functional role in two very different contexts. – chad Jan 07 '14 at 19:33
5

the interceptor stack fires on every request.
filters only apply to the urls for which they are defined.

edit -- you use one or the other depending on need. Lets say you need to verify a cookie is present for every request. User an interceptor. Lets say that you need to pop up an external app on some requests (driven by a url), use a filter.

I think interceptors are the more commonly used tool...

why would you have a url with no associated action?

hvgotcodes
  • 118,147
  • 33
  • 203
  • 236
  • 1
    The interceptor stack fires for only the requests that are defined in the package for which that stack is the default stack, aka I can have actions defined in other packages that the interceptor won't fire for so like a filter, it can be selective. A filter can also apply to all urls. To verify if a cookie is present I don't see why you wouldn't just use a filter for that as well. If you have a simple jsp, like an image upload form for example, there might not be any work that I need an action for. Should I be making action classes for every jsp? Even if they're empty? – JPC Jul 15 '10 at 15:28
  • no you are right, if there is no point for an action, then don't put one in. Although from what I remember an action can route to a jsp just be returning a string value. I think you'll find that there are lots of ways to do things, so the fact that there is some overlap is natural. – hvgotcodes Jul 15 '10 at 15:40
  • I guess I'm just looking for the best practice, and haven't been able to find any answers. Especially with the convention plugin now, if I have an upload form, I can access it like an action by typing "/upload-form" I don't even have to access the jsp directly. The problem is, this doesn't trigger an interceptor so a filter is the only thing that will catch this. – JPC Jul 15 '10 at 15:45
4

What is Interceptor ?

The Struts 2 Framework uses the concept of Interceptors to share the solution for some common concerns by different actions.

As we know the framework invokes a particular Action object on the submssion of a request for it. But before executing of Action, the invocation is intercepted by some other object to provide additional processing required.

Similarly after the execution of Action, the invocation can be intercepted again. This intercepting object is known as Interceptor.

So the purpose of using Interceptor is to allow greater control over controller layer and separate some common logic that applies to multiple actions.

Struts 2 framework has already provided its own set of Interceptors which can be used in the application to provide required processing before and after the Action classs execution.

One of those is "Alias Interceptor" that I am going to discuss here.

Alias Interceptor:

Alias Interceptor is used in case of Action chaining. Action chaining means one Action calls other Action after successful execution of first action.

This interceptor aliases a named parameter to a different parameter name. In action chaining, when two different action classes share a common parameter with a different name, this Interceptor is used to give an alias name to a parmeter of first action class, which matches the parameter name in the second action class.

The alias expression of action should be in the form of :

             #{ 'name1' : 'alias1' , 'name2' : 'alias2' }
vinay
  • 41
  • 1
3

As per the struts 2 life cycle/architecture no interceptors are executed before filter. So if there is no action mapping for your request then it's failing in while passing through filter.

tkd
  • 31
  • 1
1

As a rule of thumb

  • Filters are run before each request. The struts itself is a filter.
  • interceptors can run before, after struts actions. They will not run if the request does not end with .action.

So, some example of filters could be:

  • If you want to compress your js and css files, you should go for filters not interceptors.
  • If you want only certain IP address access your web site you must develop it as filter and check request ip address.
  • If you want to safe your site against CSRF attack you must write a filter to check CSRF token on requests.
  • If you want to log your site response per request time, you can use a filter to calculate the time before and after chain.doFilter(request, response)

Theoretically you can develop an struts web application without developing your own interceptors and using filtersonly. But you will face lots problem and code boiler filters.

Lots of struts 2 features are build with interceptors, you can find it in struts-default.xml (https://struts.apache.org/docs/struts-defaultxml.html) the list will help to find when interceptors can be used. (For example ParametersInterceptor runs before actions to apply submited form values to actions)

While working with interceptors you can easily access struts features, for example getText from message resources, get current action name and name space, change the action flow.

Considering above here are some cases which can be developed by interceptors:

  • If you want that only logged in users can access certain actions, you must develop it with interceptors.
  • If you want to keep track which actions user is navigation. You can use an interceptor to keep track of visited actions.
  • If you want to handle your action errors in a single point, you can use an interceptor which catch all invocation.invoke()

The interceptors are providing the filter and Chain of Responsibility design pattern for struts actions, while filters provide this pattern to your whole web application.

Alireza Fattahi
  • 42,517
  • 14
  • 123
  • 173
0

Struts 2 Framework is not dependent on Servlet API. Struts 2 Actions are not coupled to a container. Most often the servlet contexts are represented as simple Maps, allowing Actions to be tested in isolation.

Filter is a part of Servlet API so Struts 2 Framework uses the concept of Interceptors to share the solution for some common concerns by different actions.

Also you can easily write test cases for Interceptor and Action class.

Punit Patel
  • 901
  • 1
  • 12
  • 25