Configuring custom servlet filters

In a real-world web application, we almost always find a need to add facades or wrappers to service requests, to log them, filter out bad characters for XSS, perform authentication, and so on. Out of the box, Spring Boot automatically adds OrderedCharacterEncodingFilter and HiddenHttpMethodFilter, but we can always add more. Let's see how Spring Boot helps us achieve this task.

Among the various assortments of Spring Boot, Spring Web, Spring MVC, and others, there is already a vast variety of different servlet filters that are available and all we have to do is define them as beans in the configuration. Let's say that our application will be running behind a load balancer proxy and we would like to translate the real request IP that is used by the users instead of the IP from the proxy when our application instance receives the request. Luckily, Apache Tomcat 8 already provides us with an implementation: RemoteIpFilter. All we will need to do is add it to our filter chain.