Include Filter

The PAF’s Access Filter and security role tags can prevent users from navigating to content they shouldn’t see. In addition, you can prevent users from reaching gear content by directly entering URLs using the Include Filter. The Include Filter is a servlet filter that denies access to requests that are not include directives from portal pages, except in specified cases. This is used to secure gears from outside access. To use the Include Filter, use an IncludeFilter filter element in your gear’s web.xml file. For example:

<filter>
    <filter-name>IncludeFilter</filter-name>
    <display-name>IncludeFilter</display-name>
    <description>Responsible for security gear contents from outside access.
    </description>
    <filter-class>atg.portal.servlet.IncludeFilter</filter-class>
    <init-param>
      <param-name>allowedUrlPatterns</param-name>
      <param-value>/images/*</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>IncludeFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

The Include Filter has an init parameter named allowedUrlPatterns. This parameter determines which URL patterns are allowed external access to the gear contents. Typically, you’d include images in the allowedUrlPatterns parameter. Some gears also need access to their installation, instance, and user configuration pages.

The <filter-mapping> element in the Include Filter definition determines which requests the filter applies to. Generally, you want to set this filter mapping to handle all requests, as in the example in this section.

Copyright © 1997, 2014 Oracle and/or its affiliates. All rights reserved. Legal Notices