Shiled is security layer on top of Section (Controller). It controls whether a request should be allowed to enter inside the Section. It can also be used for doing some task before passing it to workers.

e.g - Consider a case - where a controller "Admin" is only allowed if the request is authenticated. You can create a shield which will check for the conditions and if it does not satisfy the conditions, you can just reject it.

There can be multiple shield for a controller & every shield is called when a request wants to access the particular controller.

A shiled has following member -

Creating shield

Shield is a class which extends the class "Shield" from fortjs.


import {
} from "fortjs";
export class AuthenticationShield extends Shield {
    async protect() {
        try {
            const isExist = await this.session.isExist('userId');
            if (exist) { // user is authenticated so allow
                return null;
            } else { //user is not authenticated, so not allow
                return redirectResult("/default/login");
        } catch (ex) {
            // log the error
            // return  some good message
            return textResult("Our Server is busy right now, we are sorry for inconvenience. Please try later.")

Now you have defined the shield but in order to use this shield, you need to assign it to some controller.

import {
} from "fortjs";
import {
} from "location where shield is defined";

export class UserController extends Controller {


Note:- A shield can be assigned to multiple controller.