This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
Filters are not part of the Request/Response. They are entities all to themselves, much like Servlet. Filters, in my opinion, have to potential to totally change how web development is done. A Filter is much like a Servlet. It has an init and a doFilter. The init is like the init in a Servlet. The doFilter is like the doPost/doGet of the Servlet. The doFilter's big difference is that it, in addition to the ServletRequest/ServletResponse, takes a FitlerChain. Basically, you code your Filters and then 'chain' them together or with other resource. If I code a SecurityFilter, via the web.xml I can ensure it runs before each protected Servlet/HTML/JPEG/JSP by simply mapping it to the same URL as the protected resource. The server automatically runs the Filter before the resource (or after if you code it that way). If you think about it, you can code your entire web app as Filters/JSP. You code Filters as very small bits of logic and use the web.xml to run those you want before a requested JSP page. For a quick, and probably much better, overview of Filters, Check This Out.. Hope this helps.