Shiled is security layer on top of Section (Controller). It controls whether a request should be allowed to enter inside the Section or not. It can also be used for doing some task before passing it to workers.

e.g - Consider a case - where a controller "Admin" is only allowed if the request is authenticated. You can create a shield which will check for the conditions and if it does not satisfy the conditions, you can just reject it.

There can be multiple shield for a controller & every shield is called when a request wants to access the particular controller in the same order as they are defined.

A shiled has following member -

• Request - request
• Response - response
• Cookie - cookie
• Session - session
• Query string data - query
• Data from other components - data
• Target Worker Name - workerName

Creating shield

Shield is a class which extends the class "Shield" from fortjs.

Example

import { Shield, textResult, redirectResult} from "fortjs";

export class AuthenticationShield extends Shield {
    async protect() {

        const isExist = await this.session.isExist('userId');
        if (exist) { // user is authenticated so allow
            return null;
        } else { //user is not authenticated, so not allow
            return redirectResult("/default/login");
        }

    }
}

Now you have defined the shield but in order to use this shield, you need to assign it to some controller.

import { Controller,Shields } from "fortjs";
import { AuthenticationShield } from "location where shield is defined";

@Shields([AuthenticationShield]) 
export class UserController extends Controller {

}

Note:- A shield can be assigned to multiple controller.