Filters vs Interceptors vs AOP in Spring Boot

Spring Boot applications often need cross-cutting features like logging, security, performance monitoring, or authentication. These features are not part of the core business logic but need to be applied consistently across the application. Spring Boot provides three main mechanisms to handle these: Filters, Interceptors, and AOP (Aspect-Oriented Programming).

Each operates at a different level in the request-processing flow. Understanding how and when to use them is essential for building clean, maintainable, and professional Spring Boot applications.

What is a Filter?

A Filter is a low-level component that intercepts all HTTP requests and responses at the Servlet level, before reaching Spring MVC controllers. It is part of the Servlet API, so it works independently of Spring MVC.

Use Cases:

• Logging requests and responses
• Handling CORS (Cross-Origin Resource Sharing)
• Authentication and authorization
• Modifying request or response objects
• Compression or caching of responses

Example: Logging Filter

@Component
publicclassLoggingFilterextendsOncePerRequestFilter {
@Override
protectedvoiddoFilterInternal(HttpServletRequest request,
                                    HttpServletResponse response,
                                    FilterChain filterChain)
throws ServletException, IOException {
        System.out.println("Incoming request: " + request.getRequestURI());
        filterChain.doFilter(request, response);// Continue processing
        System.out.println("Outgoing response");
    }
}

Key Points:

• Runs before controllers.
• Works for all HTTP requests, including static resources.
• Operates at the Servlet / HTTP level.

What is an Interceptor?

An Interceptor is a Spring MVC feature that runs before and after controller methods. It works after Filters but before the controller executes and can also act after the controller returns.

Use Cases:

• Pre/post-processing of controller requests
• Authorization or permission checks
• Logging execution time or metrics
• Modifying request attributes

Example: Authorization Interceptor

@Component
publicclassAuthInterceptorimplementsHandlerInterceptor {

@Override
publicbooleanpreHandle(HttpServletRequest request,
                             HttpServletResponse response,
                             Object handler) {
Stringtoken= request.getHeader("Authorization");
if (token ==null) {
            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
returnfalse;// Stop execution
        }
returntrue;// Continue to controller
    }

@Override
publicvoidafterCompletion(HttpServletRequest request,
                                HttpServletResponse response,
                                Object handler, Exception ex) {
        System.out.println("Request completed for URI: " + request.getRequestURI());
    }
}

Registering Interceptor

@Configuration
publicclassWebConfigimplementsWebMvcConfigurer {
@Override
publicvoidaddInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(newAuthInterceptor());
    }
}

Key Points:

• Runs around controller execution.
• Only applies to Spring MVC requests.
• Cannot intercept service or repository methods unless combined with AOP.

What is AOP?

Aspect-Oriented Programming (AOP) is a method-level programming technique in Spring that allows you to implement cross-cutting concerns across the application. It can intercept any Spring bean method, including controllers, services, or repositories.

Use Cases:

• Logging method calls and return values
• Transaction management
• Security checks
• Performance monitoring
• Caching

Example: Logging Aspect

@Aspect
@Component
publicclassLoggingAspect {

@Before("execution(* com.example.service.*.*(..))")
publicvoidlogBefore(JoinPoint joinPoint) {
        System.out.println("Calling method: " + joinPoint.getSignature());
    }

@AfterReturning(pointcut = "execution(* com.example.service.*.*(..))", returning = "result")
publicvoidlogAfter(JoinPoint joinPoint, Object result) {
        System.out.println("Method returned: " + result);
    }

@Around("execution(* com.example.service.*.*(..))")
public ObjectlogAround(ProceedingJoinPoint joinPoint)throws Throwable {
        System.out.println("Around before: " + joinPoint.getSignature());
Objectresult= joinPoint.proceed();
        System.out.println("Around after: " + joinPoint.getSignature());
return result;
    }
}

Key Points:

• Works anywhere in Spring beans.
• Applies before, after, after returning, after throwing, and around methods.
• Ideal for cross-cutting concerns without touching business logic.

Request Processing Flow: Filters, Interceptors, and AOP

These three mechanisms operate at different layers of a Spring Boot application:

Summary of Layers:

• Filters: Servlet-level, handle all HTTP requests.
• Interceptors: Controller-level, wrap around controller methods.

Difference Between Filters vs Interceptors vs AOP

Conclusion

• Filters: Operate at the Servlet level, handling all HTTP requests before they reach Spring MVC. Best for CORS, authentication, logging, compression, or request/response manipulation.
• Interceptors: Operate at the Spring MVC layer, running around controller execution. Ideal for pre/post-processing, authorization, logging, or metrics for controller requests.
• AOP: Operates at the method level, applicable to any Spring bean (controllers, services, repositories). Perfect for cross-cutting concerns like logging, transactions, caching, security, and performance monitoring without touching business logic.