BestHub
Sign in
Backend Development 7 min read

Master Spring Boot 3 Filters: 8 Essential Built‑in Filters Explained

This article introduces Spring Boot 3's filter mechanism, outlines core functions and application scenarios, and provides detailed code examples for eight built‑in filters such as CharacterEncodingFilter, CorsFilter, and HiddenHttpMethodFilter, helping developers build secure and efficient web applications.

Spring Full-Stack Practical Cases
Spring Full-Stack Practical Cases
Spring Full-Stack Practical Cases
Master Spring Boot 3 Filters: 8 Essential Built‑in Filters Explained

1. Introduction

In project development, a Filter is a key technology in the Servlet specification that acts as a gatekeeper for requests and responses, allowing pre‑ and post‑processing before the request reaches the target resource or before the response is sent back.

Core Functions

Request interception: e.g., authentication, character encoding, logging.

Response modification: e.g., compressing content, adding custom headers.

Application Scenarios

Security protection: filter illegal requests, prevent SQL injection or XSS.

Performance optimization: reduce network transfer via caching or compression.

Unified handling: centralize CORS, exception handling, etc.

The Filter#doFilter method enables chain invocation, allowing multiple filters to be combined flexibly.

2. Core Filters

2.1 CharacterEncodingFilter

Sets request/response character encoding.

<code>@Bean
CharacterEncodingFilter characterEncodingFilter() {
  CharacterEncodingFilter filter = new CharacterEncodingFilter();
  filter.setEncoding("UTF-8");
  filter.setForceRequestEncoding(true);
  filter.setForceResponseEncoding(true);
  return filter;
}
</code>

2.2 CommonsRequestLoggingFilter

Logs request URI and optional query string.

<code>@Bean
CommonsRequestLoggingFilter commonsRequestLoggingFilter() {
  CommonsRequestLoggingFilter filter = new CommonsRequestLoggingFilter();
  filter.setIncludeQueryString(true);
  filter.setIncludeHeaders(true);
  return filter;
}
</code>

2.3 CorsFilter

Handles CORS pre‑flight and simple requests, adding appropriate response headers.

<code>@Bean
CorsFilter corsFilter() {
  CorsConfiguration config = new CorsConfiguration();
  config.setAllowCredentials(false);
  config.addAllowedOrigin("*");
  config.addAllowedHeader("*");
  config.addAllowedMethod("*");
  UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
  source.registerCorsConfiguration("/**", config);
  CorsFilter filter = new CorsFilter(source);
  return filter;
}
</code>

2.4 FormContentFilter

Parses form data in HTTP PUT, PATCH, DELETE requests and exposes it as servlet parameters.

<code>@PutMapping("/put/param")
public String params(String name, Integer age) {
  return name + "@" + age;
}
</code>
<code>@Bean
FormContentFilter formContentFilter() {
  FormContentFilter filter = new FormContentFilter();
  return filter;
}
</code>

2.5 HiddenHttpMethodFilter

Enables browsers to simulate PUT, DELETE, PATCH by submitting a hidden field _method in a POST request.

<code>@Bean
HiddenHttpMethodFilter hiddenHttpMethodFilter() {
  HiddenHttpMethodFilter filter = new HiddenHttpMethodFilter();
  filter.setMethodParam("_cm");
  return filter;
}
</code>

2.6 RequestContextFilter

Binds request context (locale, attributes) to the current thread, making it accessible via RequestContextHolder .

<code>@Bean
RequestContextFilter requestContextFilter() {
  RequestContextFilter filter = new RequestContextFilter();
  filter.setThreadContextInheritable(true);
  return filter;
}
</code>

2.7 ServletRequestPathFilter

Parses and caches the current request path.

<code>@Bean
ServletRequestPathFilter servletRequestPathFilter() {
  ServletRequestPathFilter filter = new ServletRequestPathFilter();
  return filter;
}
</code>

Usage example to obtain the parsed request path:

<code>ServletRequestAttributes attrs = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
HttpServletRequest request = attrs.getRequest();
RequestPath requestPath = ServletRequestPathUtils.getParsedRequestPath(request);
</code>
Javabackend developmentSpring BootServletWeb SecurityFilter
Spring Full-Stack Practical Cases
Written by

Spring Full-Stack Practical Cases

Full-stack Java development with Vue 2/3 front-end suite; hands-on examples and source code analysis for Spring, Spring Boot 2/3, and Spring Cloud.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment