Usages


This is a new feature in Joget DX 8.2.

A plugin that acts as a web filter, and intercepts the HTTP request, while doing some pre-processing & post-processing to the response.

Common use cases:

  • Setting response headers.

  • URL redirection.

  • Content encryption.

  • Custom authentication.

Interface Class

org.joget.plugin.base.PluginWebFilter

  • Its extends the javax.servlet.Filter and org.joget.plugin.base.ActivationAwarePlugin.

  • Exactly the same implementation as a Filter.

  • Execute based on the provided URL patterns.

  • URL Patterns follow the AntPathMatcher syntax, which is widely used in the Spring Framework.

Interface Methods

getName()

String getName()

Method returning the name of the filter.

getUrlPatterns()

String[] getUrlPatterns()

    • Method returning a URL patterns array to apply the filter.
    • The URL pattern using AntPathMatcher syntax.

isPositionAfterSecurityFilter()

boolean isPositionAfterSecurityFilter()

A flag to make the filter execute after the security chain. If after that, you can get the logged-in user.

getOrder()

int getOrder()

The order of plugin web filter execution.

doFilter(ServletRequest request, ServletResponse response, FilterChain chain)

void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)

The filter logic implementation.

Abstract Class

org.joget.apps.app.model.PluginWebFilterAbstract

  • Extended ExtDefaultPlugin and implemented PluginWebFilter.

  • Auto register/unregister the filter using PluginWebFilterUtil.

Abstract Methods

afterRegister()

void afterRegister()

Auto calling PluginWebFilterUtil.registerFilter to register the filter when installed.

beforeUnregister()

void beforeUnregister()

Auto calling PluginWebFilterUtil.unregisterFilter to unregister the filter when uninstalling.

isPositionAfterSecurityFilter()

boolean isPositionAfterSecurityFilter()

Default to return true.

getOrder()

int getOrder()

Default to return 0.

Sample Plugins

  • SampleHeaderFilter

    • Add a header to the response of /web/login.

    • Run before the security chain and order after SampleLoginFormEncryption, even if it registers before it.

  • SampleWebFilterPlugin

    • Intercept /web/login request and auto-login as Admin when the saved URL is the assignment link. Then, it directs to the configured redirect URL or home.

  • SampleLoginFormEncryption

    • Intercept the /web/login to inject a script to encrypt the login credentials before the body end tag.

    • Intercept /j_spring_security_check to decrypt the credentials before passing to the security chain.

    • Run before the security chain.

  • SampleJwtLoginFilter

    • Intercept all URLs  with /** to authenticate with a JWT token.

    • Run before the security chain.

  • No labels