Page tree
Skip to end of metadata
Go to start of metadata

Magnolia uses the Java filter concept, introduced in the Java Servlet specification version 2.3. A filter captures and processes a request before it reaches a servlet. Filters typically do not themselves create responses but provide universal functions that can be "attached" to any type of servlet or JSP page. See also the list of filters.

Life of a request

This diagram shows a typical request process in Magnolia.

In the diagram you can see the following filters:

  • Context. The first filter in the filter chain is the ContextFilter. It initializes MgnlContext which is local to the request and available on every further filter. The context provides a lot of useful functions.
  • URI security. Checks to see if the active user has permission to access the requested URI.
  • Custom filter. This could be your own filter implementation. For example, check if the URL includes a custom parameter.
  • Cache. The CacheFilter manages the Magnolia cache.
    The cache filter checks if a requested resource is already stored in the cache to avoid recreation of the resource. If the resource is in the cache, then it will be written to the response and the filter chain stops. If the resource is not found in the cache, then a ResponseWrapper which not only writes to the "standard" response, but saves the response is passed to the chain.
  • CMS filter chain. Next we arrive to the CMS filter chain. It does page rendering and delivery. The filters in this subchain are groups so that they can share a bypass definition.
    • Aggregator. The AggregatorFilter analyses the request, selects content from the repository, and stores it in the AggregationState.
    • Rendering. Finally, the RenderingFilter is responsible for delivering the requested resource. If the requested resource is data (e.g. a file) then the data is just copied to the response.

Fulfilling a request

The filter chain calls the doFilter(request, response, chain) of the next filter. If the filter wants to continue the chain, chain.doFilter(request, response) will be called.

A filter which can fullfill the request typically has a doFilter(...) method:

public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException{
    if (this.handle(request, response)) {
    chain.doFilter(request, response);

There are other filters which just do some processing in the request handling.

public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException{
      // preprocessing
      chain.doFilter(request, response);
      // postprocessing

Basic filter definition in web.xml

If you look at the web.xml of a Magnolia web application, you will see that it only defines one filter (MgnlMainFilter) and one listener (MgnlServletContextListener):

<web-app xmlns="" xmlns:xsi=""
   xsi:schemaLocation="" version="2.4">
      <display-name>Magnolia global filters</display-name>

The listener initializes Magnolia while the filter handles all requests.

Magnolia main filter

The main filter MgnlMainFilter is a single filter which in turn executes a chain of other filters. The other filters are not configured in web.xml but in Magnolia's config workspace at /server/filters.

Node name









In the filter configuration you can again have single filters or filter chains. A filter chain consists of a list of single filters represented by child nodes. A filter node has a class property which specifies the implementing class and can optionally have an enabled property.

Node name












If the filter is enabled (default) then the filter will be executed, otherwise the filter will be bypassed. A filter or a filter chain can define rules to determine when a filter should be bypassed. The configuration of bypasses is done using voters.

This example shows that the URI for the login form is bypassed in the uriSecurity filter.

Node name






















What can I do with filters?

Filters provide the ability to encapsulate recurring tasks and modularize code. They can also transform a response from a servlet or a JSP page. A common task is to format data sent back to the client, such as sending XML instead of HTML.

Some functions filters can perform:

  • Authentication based on user identity
  • Logging, auditing, tracking, personalization
  • Image conversion, scaling maps
  • Data compression
  • Localization

Customization example

Incoming requests to display a page are handled by the filter chain which is the place to start if you want to add your own business logic to Magnolia. A typical use case is connecting to a new framework with Magnolia. This is generally accomplished by implementing the following steps:

Read the request and decide if the framework should handle it. Implement a filter to do this task and place the filter in the proper order in the filter chain. You can save the resulting model to be rendered as an attribute of the request's MgnlContext object as follows.

MgnlContext.setAttribute("xyModel", customModel)

Access the model in your rendering system using freemarker like this.

[#assign customModel = ctx.xyModel]

Extension points

These points are where Magnolia request handling can be extended with additional custom business logic:



Interface / parent class



Filter chain



In the config workspace at /server/filters

The filters in the filter chain are executed in the configured order in the repository. Objects you store as attributes of the request's MgnlContext object can be fetched via freemarker later on.

Please also read Custom filters.




Define a renderer with a new type in a module's template-renderers section.

Use this new type in the template's renderType property.




Define a renderer with a new type in a module's paragraphs-renderers section.

Use this new type in the component's renderType property.