While Servlets and JSPs are extremely powerful and useful, they are not the best method of fulfilling every need of a Web Application developer. Often an application requires that some code is executed whenever a request is sent to any resource within an application, or maybe to a subset of resources. Security is a classic example of this. If an application requires a user to log on, then typically every resource within the application (except the logon page!) would need a security check to run before the resource was executed. Services such as these are often required by an application and most Web servers have a way of providing these. For example, Tomcat has “valves” and Microsoft Internet Information Server has IS API filters. ...