Explaining intercepting filter pattern

When a client sends a request to the server, the server sometimes processes this request/response to perform the following tasks:

• Validating authentication
• Generating log
• Validating constraints
• Verifying the browser of the client
• Checking the duration between the request and response; calculating the response time
• Setting a cookie

However, we don't want to put these tasks within the logic of processing the main request. Consequently, creating a pre-process and/or post-process to do these tasks is a good method for decoupling the main logic from the complementary logic.

The intercepting filter pattern is the pattern that solves problems when we want to insert a logic that is not part of the main logic but we want to keep the two logics separated and decoupled. Merging the new logic with the main logic is a bad practice because these become coupled. This pattern creates a filter to pre-process and post-process the request, permitting the creation of a logic block to solve some problems that are not part of the main problem, and thus decoupling both pieces of logic. Using this pattern, we can create a pluggable solution without modifying the main logic. Take a look at the model of the intercepting filter pattern in the following diagram:

In the preceding diagram, we have a Client, FilterManager, FilterChain, FilterOne, FilterTwo, FilterThree, and Target. The client sends a request to the server; the FilterManager creates a FilterChain with its filters ordered and initiates the processing; the FilterChain is an ordered collection of independent filters; FilterOne, FilterTwo, and FilterThree are the filters in the FilterChain, which can include N filters; Target is the resource that contains the main logic. The order of filter execution is important because some filters often need to be executed first. An example of filter priority is the task of validating authentication, which generally needs to be executed first because some tasks are executed after client authentication only.