AnsweredAssumed Answered

Interceptor or ServletFilter for enforcing additional security

Question asked by garryw on Oct 17, 2013

I have previously used a HandlerInterceptor and redefined the webframeworkHandlerMappings to force a user to accept a set of terms and conditions for a site, however I want to expand on this in a new module to add additional security checks such as IP address check or time of day checks.

I understand that I could add the additional interceptor to my existing module however I would like this to be a completely independent module and cannot see how I can extend the webframeworkHandlerMapping with additional handlers rather that completely override it as I have done before.

An alternative to using a HandlerInterceptor would be to use a ServletFilters, however as far as I am aware there is no way of adding a servlet filter without completely overwriting the web.xml file with one in an AMP, which as is pointed out a lot on the forums isn't particularly update/version safe.

I am interested in adding this functionality to both the Share interface which will have some sort of feedback page, as well as securing the Alfresco webapp for access such as WebDAV/CMIS etc, although this would just have to return an unauthenticated/unauthorised status.

Would be grateful for any input or advise.