Servlet filters implement intercepting filterpattern. While servlet is the ultimate target of web request, each request goes through a series of filters. Every filter can modify the request before passing it further or response after receiving it back from the servlet. It can even abstain from passing the request further and handle it completely just like servlet (not uncommon). For instance caching filter can return result without calling the actual servlet.

Servlet 过滤器实现拦截过滤器模式。虽然 servlet 是 Web 请求的最终目标，但每个请求都经过一系列过滤器。每个过滤器都可以在进一步传递请求之前修改请求，或者在从 servlet 接收回请求之后修改请求。它甚至可以避免进一步传递请求并像 servlet 一样完全处理它（并不少见）。例如，缓存过滤器可以在不调用实际 servlet 的情况下返回结果。

Filters are used like Servlet Filters. For example, if you need to do security checks on certain URLs then you can add a filter for those pages. For instance, you can say /secure/pages/*.doneeds to be intercepted by securityFilter. Then the doFilter()method of the SecurityFilter class (a class that implements the Filter interface) will handle the security audit before forwarding it to the actual requesting servlet.

过滤器的使用类似于 Servlet 过滤器。例如，如果您需要对某些 ​​URL 进行安全检查，那么您可以为这些页面添加过滤器。比如你可以说/secure/pages/*.do需要被securityFilter拦截。然后doFilter()SecurityFilter 类（一个实现 Filter 接口的类）的方法将在将其转发到实际请求 servlet 之前处理安全审计。

Servlets are pretty much the standard stuff. You define a servlet and then let the servlet container know what type of requests needs to be mapped to that servlet.

Servlet 几乎是标准的东西。您定义一个 servlet，然后让 servlet 容器知道需要将什么类型的请求映射到该 servlet。

They are not mutually exclusive. They both can be used at the same time. Think of filter like the way the word means - it "filters" things (logging, security,etc) before proceeding to the next servlet/action.

它们并不相互排斥。它们都可以同时使用。过滤器就像这个词的意思一样——它在继续下一个 servlet/动作之前“过滤”事物（日志记录、安全性等）。

The request lifecycle according to the servlet specification goes through a chain of filters before finally being executed by a servlet.

根据 servlet 规范的请求生命周期在最终由 servlet 执行之前经过一系列过滤器。

This is fairly intuitive when you look at the signature for the doFilter method in the Filterinterface

当您查看Filter界面中doFilter 方法的签名时，这是相当直观的

doFilter(ServletRequest request, ServletResponse response, FilterChain chain) 

That is, in the filter you have access to the request and response and the chain. The contract is that you, as implementer, should invoke the chaineither before or after the operations you do in the filter, or not at all if it is desired to not continue execution. Calling chain.doFilter(...)will cause the next filter in the chain of filters with a mapping matching the requested URL to be executed. The final member of the chain is the servlet whose mapping matches the requested URL.

也就是说，在过滤器中，您可以访问请求和响应以及链。约定是，作为实施者，您应该chain在过滤器中执行的操作之前或之后调用，或者如果不希望继续执行，则根本不调用。调用chain.doFilter(...)将导致过滤器链中的下一个过滤器与所请求的 URL 匹配的映射被执行。链的最后一个成员是其映射与请求的 URL 匹配的 servlet。

Technically, you can do everything in a filter that you can do in a servlet. You can build your application to do all processing and rendering in a filter and have a blank servlet that does nothing. The main difference is that if there is no servlet mapped against a given URL, the container must respond with a 404 error so there must always be a servlet mapped against any URL you want to serve. You can also only have one servlet mapped against a URL, but you can have any number of filters.

从技术上讲，您可以在过滤器中执行在 servlet 中可以执行的所有操作。您可以构建您的应用程序以在过滤器中完成所有处理和呈现，并拥有一个什么都不做的空白 servlet。主要区别在于，如果没有映射到给定 URL 的 servlet，则容器必须以 404 错误响应，因此必须始终有映射到要提供服务的任何 URL 的 servlet。您也可以只将一个 servlet 映射到一个 URL，但您可以拥有任意数量的过滤器。