Get the Response Body in Spring Boot Filter
Last updated: July 20, 2024
Mocking is an essential part of unit testing, and the Mockito library makes it easy to write clean and intuitive unit tests for your Java code.
Get started with mocking and improve your application tests using our Mockito guide:
Handling concurrency in an application can be a tricky process with many potential pitfalls. A solid grasp of the fundamentals will go a long way to help minimize these issues.
Get started with understanding multi-threaded applications with our Java Concurrency guide:
Spring 5 added support for reactive programming with the Spring WebFlux module, which has been improved upon ever since. Get started with the Reactor project basics and reactive programming in Spring Boot:
Since its introduction in Java 8, the Stream API has become a staple of Java development. The basic operations like iterating, filtering, mapping sequences of elements are deceptively simple to use.
But these can also be overused and fall into some common pitfalls.
To get a better understanding on how Streams work and how to combine them with other language features, check out our guide to Java Streams:
Explore Spring Boot 3 and Spring 6 in-depth through building a full REST API with the framework:
Yes, Spring Security can be complex, from the more advanced functionality within the Core to the deep OAuth support in the framework.
I built the security material as two full courses - Core and OAuth, to get practical with these more complex scenarios. We explore when and how to use each feature and code through it on the backing project.
You can explore the course here:
Spring Data JPA is a great way to handle the complexity of JPA with the powerful simplicity of Spring Boot.
Get started with Spring Data JPA through the guided reference course:
Refactor Java code safely — and automatically — with OpenRewrite.
Refactoring big codebases by hand is slow, risky, and easy to put off. That’s where OpenRewrite comes in. The open-source framework for large-scale, automated code transformations helps teams modernize safely and consistently.
Each month, the creators and maintainers of OpenRewrite at Moderne run live, hands-on training sessions — one for newcomers and one for experienced users. You’ll see how recipes work, how to apply them across projects, and how to modernize code with confidence.
Join the next session, bring your questions, and learn how to automate the kind of work that usually eats your sprint time.
Distributed systems often come with complex challenges such as service-to-service communication, state management, asynchronous messaging, security, and more.
Dapr (Distributed Application Runtime) provides a set of APIs and building blocks to address these challenges, abstracting away infrastructure so we can focus on business logic.
In this tutorial, we'll focus on Dapr's pub/sub API for message brokering. Using its Spring Boot integration, we'll simplify the creation of a loosely coupled, portable, and easily testable pub/sub messaging system:
1. Introduction
In this article, we’ll explore how to retrieve the response body from a ServletResponse in a Spring Boot filter.
In essence, we’ll define the problem, and then we’ll use a solution that caches the response body to make it available in the Spring Boot filter. Let’s begin.
2. Understanding the Problem
First, let’s understand the problem we are trying to solve.
When working with Spring Boot filters, it is tricky to access the response body from the ServletResponse. This is because the response body is not readily available, as it is written to the output stream after the filter chain has completed its execution.
However, some operations, such as the generation of a hash signature, require the contents of the response body before sending it to the client. Therefore, we need to find a way to read the contents of the body.
3. Using ContentCachingResponseWrapper in a Filter
To overcome the problem defined previously, we’ll create a custom filter and use the ContentCachingResponseWrapper class provided by Spring Framework:
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
ContentCachingResponseWrapper responseCacheWrapperObject =
new ContentCachingResponseWrapper((HttpServletResponse) servletResponse);
filterChain.doFilter(servletRequest, responseCacheWrapperObject);
byte[] responseBody = responseCacheWrapperObject.getContentAsByteArray();
MessageDigest md5Digest = MessageDigest.getInstance("MD5");
byte[] md5Hash = md5Digest.digest(responseBody);
String md5HashString = DatatypeConverter.printHexBinary(md5Hash);
responseCacheWrapperObject.getResponse().setHeader("Response-Body-MD5", md5HashString);
// ...
}In short, the wrapper class allows us to wrap the HttpServletResponse to cache the response body content and call doFilter() to pass on the request to the next filter.
Keep in mind that we must not forget the doFilter() call here. Otherwise, the incoming request won’t go to the next filter in the spring filter chain, and the application won’t process the request as we expected. In fact, not calling doFilter() is a violation of the servlet specification.
Additionally, we must not forget to call the doFilter() with the responseCacheWrapperObject. Otherwise, the response body won’t be cached. In short, ContentCachingResponseWrapper puts the filter between the response output stream and the client making the HTTP request. So, upon creating the response body output stream, which in this case is right after the doFilter() call, the contents are available inside the filter to be processed.
After using the wrapper, the response body is available within the filter using the getContentAsByteArray() method. We use this method to calculate the MD5 hash.
First, we create an MD5 hash of the response body using the MessageDigest class. Second, we convert the byte array to a hexadecimal string. Third, we set the resulting hash string as a header on the response object using the setHeader() method.
If needed, we can convert the byte array to a string and make the body’s contents more explicit.
Finally, it’s crucial to call copyBodyToResponse() before exiting the doFilter() method to copy the updated response body back to the original response:
responseCacheWrapperObject.copyBodyToResponse();It is crucial to call copyBodyToResponse() before exiting the doFilter() method. Otherwise, the client won’t receive the complete response.
4. Configuring the Filter
Now, we’ll need to add the filter in Spring Boot:
@Bean
public FilterRegistrationBean loggingFilter() {
FilterRegistrationBean registrationBean = new FilterRegistrationBean<>();
registrationBean.setFilter(new MD5Filter());
return registrationBean;
}Here, we are configuring creating a FilterRegistrationBean with the implementation of the filter we created previously.
5. Testing the MD5
At last, we can test everything is working as expected using an integration test in Spring:
@Test
void whenExampleApiCallThenResponseHasMd5Header() throws Exception {
String endpoint = "/api/example";
String expectedResponse = "Hello, World!";
String expectedMD5 = getMD5Hash(expectedResponse);
MvcResult mvcResult = mockMvc.perform(get(endpoint).accept(MediaType.TEXT_PLAIN_VALUE))
.andExpect(status().isOk())
.andReturn();
String md5Header = mvcResult.getResponse()
.getHeader("Response-Body-MD5");
assertThat(md5Header).isEqualTo(expectedMD5);
}Here, we call the /api/example controller, which returns the “Hello, World!” text in the body. We defined the getMD5Hash() method that converts the response into an MD5 similar to what we use in the filter:
private String getMD5Hash(String input) throws NoSuchAlgorithmException {
MessageDigest md5Digest = MessageDigest.getInstance("MD5");
byte[] md5Hash = md5Digest.digest(input.getBytes(StandardCharsets.UTF_8));
return DatatypeConverter.printHexBinary(md5Hash);
}6. Conclusion
In this article, we learned how to retrieve the response body from a ServletResponse in a Spring Boot filter using the ContentCachingResponseWrapper class. We used this mechanism to show how we can implement the body’s MD5 encoding in the HTTP response headers.
