Web applications built with Daraja can now use Web Filters to intercept HTTP requests which match defined URL patterns. Cross-cutting concerns – such as logging, authentication, validation, conversion – are easier to implement than in previous versions (new in 2.6.0).
For example, a filter which is mapped to a protected part of the application can check if the current request is authenticated, and then either allow or deny access, or forward the browser to a login page.
Updated tutorials
Tutorial 6 contains an example for form based login, using a Web Filter who performs the authentification check for specific resources. Here is the application in action:

Public page of the demo application

Login form

Secure page
Example code of the Web Filter
The filter checks wether the session is authenticated by verifying that the session value auth:username
is not empty. If it is not empty, the filter lets the request pass. Otherwise, if the session value is still empty, the browser will be redirected to the login page.
procedure TFormAuthFilter.DoFilter(Context: TdjServerContext; Request: TdjRequest; Response: TdjResponse; const Chain: IWebFilterChain); var IsLoggedIn: Boolean; begin IsLoggedIn := Request.Session.Content.Values['auth:username'] <> ''; if IsLoggedIn then begin Chain.DoFilter(Context, Request, Response); // pass end else begin Request.Session.Content.Values['auth:target'] := Request.Document; Response.Redirect('/login'); end; end;
Context configuration with auth and logging filter
The configuration code adds five Web Components to the context to serve the pages. Two Web Filters for authentication and logging are added; the first is mapped to the proteced page /admin
, and the second is mapped to everything in the application context.
Context.AddWebComponent(TPublicResource, '/index.html'); Context.AddWebComponent(TSecuredResource, '/admin'); Context.AddWebComponent(TLoginResource, '/login'); Context.AddWebComponent(TLoginErrorResource, '/loginError'); Context.AddWebComponent(TLogoutResource, '/logout'); Context.AddFilterWithMapping(TFormAuthFilter, '/admin'); Context.AddFilterWithMapping(TdjNCSALogFilter, '/*'); Server.Add(Context); Server.Start;
Notes:
TdjNCSALogFilter
replaces the formerTdjNCSALogHandler
, who required more setup code and did not allow path mapping. All example code is migrated to the new Web Filter.- The path mapping
/admin
is an absolute mapping (matching exactly one resource) while/*
is a prefix mapping, which matches everything in the web application context. More details about mappings can be found in the “Getting Started” PDF.

Daraja HTTP Framework is an open source library for Object Pascal, based on the stand-alone HTTP server component contained in Internet Direct (Indy). Daraja is the Swahili word for “bridge” (other meanings are “steps” or “rank”).
More information
– GitHub: https://github.com/michaelJustin/daraja-framework
– API documentation: https://michaeljustin.github.io/daraja-framework/
– Home page: https://www.habarisoft.com/daraja_framework.html
Discover more from Habarisoft Blog
Subscribe to get the latest posts sent to your email.