What is OncePerRequestFilter?

onceperrequestfilter order
onceperrequestfilter jwt
onceperrequestfilter exclude url
genericfilterbean
onceperrequestfilter url pattern
webfilter spring boot
rest filter in spring boot
multiple filters in spring boot

Documentation says org.springframework.web.filter.OncePerRequestFilter "guarantees to be just executed once per request". Under what circumstances a Filter may possibly be executed more than once per request?

Under what circumstances a Filter may possibly be executed more than once per request?

You could have the filter on the filter chain more than once.

The request could be dispatched to a different (or the same) servlet using the request dispatcher.


A common use-case is in Spring Security, where authentication and access control functionality is typically implemented as filters that sit in front of the main application servlets. When a request is dispatched using a request dispatcher, it has to go through the filter chain again (or possibly a different one) before it gets to the servlet that is going to deal with it. The problem is that some of the security filter actions should only be performed once for a request. Hence the need for this filter.

OncePerRequestFilter (Spring Framework 5.2.7.RELEASE API), public abstract class OncePerRequestFilter extends GenericFilterBean. Filter base class that aims to guarantee a single execution per request dispatch, on any servlet container. It provides a doFilterInternal(javax. servlet. http. public abstract class OncePerRequestFilter extends GenericFilterBean Filter base class that aims to guarantee a single execution per request dispatch, on any servlet container. It provides a doFilterInternal(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.FilterChain) method with HttpServletRequest and HttpServletResponse arguments.

To understand the role of OncePerRequestFilter, we need to first clearly understand how a normal filter behaves. When you want some specific code to execute just before or after servlet execution, you create a filter which works as:

code1   ===>   servlet execution (using chain.doFilter())   ===>    code2

So code1 executes before servlet and code2 after servlet execution. But here, while servlet execution, there can be some other request to a different servlet and that different servlet is also having this same filter. In this case, this filter will execute again.

OncePerRequestFilter prevents this behavior. For our one request, this filter will execute exactly one time (no more no less). This behavior is very useful while working with security authentication.

OncePerRequestFilter, public abstract class OncePerRequestFilter; extends GenericFilterBean. Filter base class that guarantees to be just executed once per request, on any servlet  public abstract class OncePerRequestFilter extends NameableFilter Filter base class that guarantees to be just executed once per request, on any servlet container. It provides a doFilterInternal(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain) method with HttpServletRequest and HttpServletResponse arguments.

A special kind of GenericFilterBean was introduced to live in Servlet 3.0 environment. This version added a possibility to treat the requests in separate threads. To avoid multiple filters execution for this case, Spring Web project defines a special kind of filter, OncePerRequestFilter. It extends directly GenericFilterBean and, as this class, is located in org.springframework.web.filter package. OncePerRequestFilter defines doFilter method. Inside it checks if given filter was already applied by looking for "${className}.FILTER" attribute corresponding to true in request's parameters. In additionally, it defines an abstract doFilterInternal((HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) method. Its implementations will contain the code to execute by given filter if the filter hasn't been applied.

How to create filters in Spring Boot, public class MyFilter extends OncePerRequestFilter {. @Override. protected void doFilterInternal(HttpServletRequest httpServletRequest,. HttpServletResponse  The following are top voted examples for showing how to use org.springframework.web.filter.OncePerRequestFilter.These examples are extracted from open source projects. You can vote up the examples you like and your votes will be used in our system to generate more good examp

Under what circumstances a Filter may possibly be executed more than once per request?


A filter may be invoked as part of a REQUEST or ASYNC dispatches that occur in separate threads. We should use OncePerRequestFilter since we are doing a database call to retrieve the principal or the authenticated user, there is no point in doing this more than once. After that, we set the principal to the security context.

Authentication auth = jwtTokenProvider.getAuthentication(token);
SecurityContextHolder.getContext().setAuthentication(auth);

where jwtTokenProvider is your service for getting authentication from the jwt token.

Java Code Examples org.springframework.web.filter , OncePerRequestFilter. These examples are extracted from open source projects. You can vote up the examples you like and your votes will be used in our system​  org.springframework.web.filter OncePerRequestFilter Javadoc Filter base class that aims to guarantee a single execution per request dispatch, on any servlet container.

OncePerRequestFilter.java - Apache Shiro, OncePerRequestFilter.java. /*; * Licensed to the Apache Software Foundation (​ASF) under one; * or more contributor license agreements. See the NOTICE file Servlet Filter that exposes the request to the current thread, through both LocaleContextHolder and RequestContextHolder. To be registered as filter in web.xml. Alternatively, Spring's RequestContextListener and Spring's DispatcherServlet also expose the same request context to the current thread.

OncePerRequestFilter (Apache Shiro 1.5.2 API), public abstract class OncePerRequestFilter extends NameableFilter. Filter base class that guarantees to be just executed once per request, on any servlet  Thanks for this great example! I don't think it's worth opening a pull request over this, but I would recommend anyone using this pattern in production to extend OncePerRequestFilter on the JwtAuthenticationTokenFilter as opposed to Gene

OncePerRequestFilter (spring-web 3.2.1.RELEASE API), public abstract class OncePerRequestFilter extends GenericFilterBean. Filter base class that aims to guarantee a single execution per request dispatch, on any  I created a custom filter for token authentication AuthenticationTokenFilter and it is extended by OncePerRequestFilter.I configure some APIs as whitelist APIs in my SecurityConfig, for these whitelist Apis, I tried to bypass my AuthenticationTokenFilter.

Comments
  • Can you elaborate why this is "very useful while working with security authentication" please
  • Yes @Hilikus, Think about a general security authentication in your project. We expect that as soon as a request hits your project, you should authorize and authenticate it once. Then, if everything seems fine, this request can be allowed to hit your APIs. OncePerRequestFilter makes sure of it that this authentication process happens only once. If we don't use this, whenever we internally make a request to some other API in our project, the same authentication will happen again as all our APIs are having the same security filter.
  • @Arman By "whenever we internally make a request to some other API in our project" you mean whenever we dispatch/forward the request to another URL having this same filter and not just by calling that class method directly. Right?