Working with content validation handlers

Content can be validated while it is uploaded into a storage area by creating a user-implemented action called a content validation action. Associating a content validation action with a storage area supports the injection of custom code into the content upload path, giving that code the ability to accept or reject the incoming content. This is primarily to support server-side virus checking of that content, but also allows for other reasons to reject. For example, you can disallow upload of certain content types, such as executable files.

The content validation action requires custom code that communicates with the external services that provide the validation logic. The Content Engine must be able to reach the content validation services through a non-SSL TCP socket connection from the CPE servers. The custom code is provided to the content validation action as the content validation handler given when the instance of the content validation action is created. A content validation action runs in parallel to a content upload process.

Creating a content validation action

You can create and manage content validation actions to configure content validation for a storage area. For more information, see the topic Content validation.

Creating a ContentValidator handler

To create a content validation handler, you must implement the validateContent method of the Java™ ContentValidator interface. The handler has access to the incoming raw content stream and the caller-supplied content type and retrieval name (either of which may be null) and can make an accept/reject decision based on any combination of those things. The handler consumes stream of the raw incoming content without interfering with the normal upload of the content.

The handler is also passed the action object that configures it, from which operational parameters may be obtained. As a part of designing the content validation handler, the needed operational parameters should be identified, and the instructions need to be prepared for how to incorporate those as properties templates to use to create property definitions when defining the custom subclass of CmContentValidationAction. The custom subclass is used to create instances of the content validation action.

The return value of the method is either null, signifying acceptable content, or a non-null string describing in as much or as little detail the reason why the content is not acceptable. This text will be returned to the caller as part of an exception generated by the surrounding PutContent operation. The ambient UserContext in the thread in which the handler is invoked will reflect the caller’s locale and the handler may use that to provide localized rejection text. The handler should avoid throwing exceptions, but if it does so the content will be rejected with the message taken from the exception.

If an incoming content stream fails validation, the upload to the storage area is cancelled and the content removed from the storage area immediately.

A sample content validator which submits the content to a ClamAV virus detection daemon service, including an example content validation handler, can be found in the ibm-ecm GitHub repository with ibm-content-platform-engine-samples External link opens a new window or tab under the subfolder ClamAVContentValidator.