Usages


This is a new feature in Joget DX 8.2.

A plugin that acts as a web filter, and intercepts the HTTP request, while doing some pre-processing & post-processing to the response.

Common use cases:

  • Setting response headers.

  • URL redirection.

  • Content encryption.

  • Custom authentication.

Interface Class

org.joget.plugin.base.PluginWebFilter

  • Its extends the javax.servlet.Filter and org.joget.plugin.base.ActivationAwarePlugin.

  • Exactly the same implementation as a Filter.

  • Execute based on the provided URL patterns.

  • URL Patterns follow the AntPathMatcher syntax, which is widely used in the Spring Framework.

Method Detail

Interface Methods
getName
public java.lang.String getName

Method returning the name of the filter.

getUrlPatterns


public java.lang.String[] getUrlPatterns()
      • Method returning a URL patterns array to apply the filter.
      • The URL pattern using AntPathMatcher syntax.
isPositionAfterSecurityFilter
public boolean isPositionAfterSecurityFilter()

A flag to make the filter execute after the security chain. If after that, you can get the logged-in user.

getOrder
public int getOrder()

The order of plugin web filter execution.

doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)

The filter logic implementation.

Abstract Class

org.joget.apps.app.model.PluginWebFilterAbstract

  • Extended ExtDefaultPlugin and implemented PluginWebFilter.

  • Auto register/unregister the filter using PluginWebFilterUtil.

Method Detail

Abstract Methods
afterRegister
public void afterRegister()

Auto calling PluginWebFilterUtil.registerFilter to register the filter when installed.

beforeUnregister
public void beforeUnregister()

Auto calling PluginWebFilterUtil.unregisterFilter to unregister the filter when uninstalling.

isPositionAfterSecurityFilter
public boolean isPositionAfterSecurityFilter()

Default to return true.

getOrder
public int getOrder()

Default to return 0.

Sample Plugins

  • SampleHeaderFilter

    • Add a header to the response of /web/login.

    • Run before the security chain and order after SampleLoginFormEncryption, even if it registers before it.

  • SampleWebFilterPlugin

    • Intercept /web/login request and auto-login as Admin when the saved URL is the assignment link. Then, it directs to the configured redirect URL or home.

  • SampleLoginFormEncryption

    • Intercept the /web/login to inject a script to encrypt the login credentials before the body end tag.

    • Intercept /j_spring_security_check to decrypt the credentials before passing to the security chain.

    • Run before the security chain.

  • SampleJwtLoginFilter

    • Intercept all URLs  with /** to authenticate with a JWT token.

    • Run before the security chain.

  • No labels