Skip to main content
Version: v11.9.0

Adding Custom Filters in WaveMaker app

In Spring Security, a filter is a fundamental component that plays a crucial role in controlling and securing access to resources within a Spring-based web application. Filters in Spring Security are responsible for performing various security-related tasks, such as authentication, authorization, and request processing, before or after a request reaches the application's endpoints.

Need of Custom Filters

In every security enabled application, you can find FilterChain.By default FilterChain consists of spring's pre-defined filters which performs authentication and authorization. But if you want to add custom pre or post processing tasks on request or response you need to add custom filters in FilterChain.

note

FilterChain: It refers to a series or sequence of filters that are applied to incoming requests before they reach the intended servlet or resource. Each filter in the filter chain performs specific pre-processing or post-processing tasks on the request or response, such as authentication, authorization, logging, data transformation, or error handling.

Create Custom Filter

  1. Create a custom java class that extends Filter. After creating save the file.
package com.filters;

import jakarta.servlet.*;
import java.io.IOException;

public class CustomFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {

}

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
//Write custom filter logic according to your requirements
chain.doFilter(request, response);
}

@Override
public void destroy() {

}
}
  1. Navigate to the File Explorer and upload the class into src/main/java into the required package. After uploading the class click cancel to apply the changes.

CustomFilter_class_upload

  1. Define the above created CustomFilter class bean in project-user-spring.xml file.
<bean class="com.filters.CustomFilter" id="customFilter"/>

CustomFilter_bean_defination

By following above steps you can create a bean of custom filter, but to add custom filter in FilterChain follow the below steps.

Add Custom Filter to the application Security Filters

In general-options.json file, customFilterList attribute is used to add custom filters.This attribute accepts list of objects.

In the customFilterList attribute, you can use any name for a custom filter in the name field. The ref field accepts the bean id of the CustomFilter bean defined in project-user-spring.xml file. Third field in customFilterList attribute defines where to add custom filter in FilterChain and the field can be any one of these position, after, and before. This third field takes the filter enum value which represents the pre-defined spring filter.

Using position field in customFilterList

  1. When a position attribute is used, custom filter will be added at the position of pre-defined spring filter which is mentioned in value of position field.
"customFilterList" : [
{
"name" : "customFilter",
"ref" : "customFilter",
"position" : "<Filter enum>"
}
],

CustomFilter_adding_using_position

Using before field in customFilterList

  1. When a before attribute is used, custom filter will be added before the position of pre-defined spring filter which is mentioned in value of before field.
"customFilterList" : [
{
"name" : "customFilter",
"ref" : "customFilter",
"before" : "<Filter enum>"
}
],

CustomFilter_adding_using_position

Using after field in customFilterList

  1. When a after attribute is used, custom filter will be added after the position of pre-defined spring filter which is mentioned in value of after field.
"customFilterList" : [
{
"name" : "customFilter",
"ref" : "customFilter",
"after" : "<Filter enum>"
}
],

CustomFilter_adding_using_position


note

The below enum values can be given as input for position, after, and before fields in the customFilterList attribute:

Filter enum valueFilter CLass
FIRSTSessionRepositoryFilter
CHANNEL_FILTERChannelProcessingFilter
SECURITY_CONTEXT_FILTERSecurityContextPersistenceFilter
CONCURRENT_SESSION_FILTERConcurrentSessionFilter
WEB_ASYNC_MANAGER_FILTERWebAsyncManagerIntegrationFilter
HEADERS_FILTERHeaderWriterFilter
CORS_FILTERCorsFilter
CSRF_FILTERCsrfFilter
LOGOUT_FILTERLogoutFilter
X509_FILTERX509AuthenticationFilter
PRE_AUTH_FILTERAbstractPreAuthenticatedProcessingFilter
CAS_FILTERCasAuthenticationFilter
FORM_LOGIN_FILTERUsernamePasswordAuthenticationFilter
OPENID_FILTEROAuth2LoginAuthenticationFilter
LOGIN_PAGE_FILTERDefaultLoginPageGeneratingFilter
DIGEST_AUTH_FILTERDigestAuthenticationFilter
BASIC_AUTH_FILTERBasicAuthenticationFilter
REQUEST_CACHE_FILTERRequestCacheAwareFilter
SERVLET_API_SUPPORT_FILTERSecurityContextHolderAwareRequestFilter
JAAS_API_SUPPORT_FILTERJaasApiIntegrationFilter
REMEMBER_ME_FILTERRememberMeAuthenticationFilter
ANONYMOUS_FILTERAnonymousAuthenticationFilter
SESSION_MANAGEMENT_FILTERSessionManagementFilter
EXCEPTION_TRANSLATION_FILTERExceptionTranslationFilter
FILTER_SECURITY_INTERCEPTORFilterSecurityInterceptor
SWITCH_USER_FILTERSwitchUserFilter
LASTSwitchUserFilter

On adding your custom filter in the customFilterList attribute in general-options.json, WaveMaker internally adds this filter in your application FilterChain.