filter filters Jahia 7.3 Jahia 8

Is it possible to add a RequestFilter

Question

Is it possible to add a RequestFilter? For instance, to check permissions on resources (like files).

Answer

With Jahia 8.2

You can take as an example the following source code.

Before Jahia 8.2

Yes, beginning from version 7.3.3.0 it is possible to have a RequestFilter inside a module (in previous version the RequestFilter must be added manually in the web.xml (and in common classpath)).

From version 7.3.3.0 it is possible to define the RequestFilter in a module in spring like:


    <bean name="checkResourcePermissionFilter" class="org.jahia.bin.filters.ServletFilter">
        <property name="filter">
            <bean class="org.jahia.modules.checkresourcepermission.filter.CheckResourcePermissionFilter"/>
        </property>
        <property name="order" value="1.9"/>
  <property name="urlPatterns">
            <set>
                <value>*.html</value>
            </set>
        </property>
        <property name="dispatcherTypes">
            <set>
                <value>REQUEST</value>
                <value>ERROR</value>
                <value>FORWARD</value>
            </set>
        </property>
    </bean>

You have to specify a name and the class must be a ServletFilter. The implementation of the RequestFilter (in example the CheckResourcePermissionFilter.java) must implement the javax.servlet.Filter:

 public class CheckResourcePermissionFilter implements javax.servlet.Filter {

So, you have to implement the "doFilter" method like:

  @Override
 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
   throws IOException, ServletException {
  final HttpServletRequest hsRequest = (HttpServletRequest) request;
  HttpServletResponse hsResponse = (HttpServletResponse) response;  
  
        if (JahiaUserManagerService.isGuest(JCRSessionFactory.getInstance().getCurrentUser())) {
           //check Permission for guest user
            
            //TODO your custom filter code in case of error throw a 403 error
                if (.... ERROR ....) {
       hsRequest.getSession().setAttribute("resourceUri", hsRequest.getRequestURI());
       hsResponse.sendError(403);
       return;
                }
            }
        }
 // continue with filters
 chain.doFilter(request, response);
 }

This codefragment is just an example and must be replaced by custom code.

 

NOTE: An error 401 will forward directly to a login screen (before Jahia 8, to the basic authentication), that's why it is recommended to send a 403 error. This will display the default 403 error page, which can be overwritten.