Enforcer frameworksJava

Upgrading

The upgrade process differs slightly depending on which version you’re upgrading from.

Two things changed in v4.x:

  • isVerified() is deprecated. Use isRequestLowScore() instead for the same check. This is optional and mainly useful for logging to indicate whether the request score was below the blocking threshold.
  • isHandledResponse() is new and returns true when HUMAN already wrote the response (block page or first-party), meaning you cannot continue to filterChain.doFilter

To account for these, update your code accordingly:

1

Replace isVerified with isHandledResponse()

1PXContext ctx = enforcer.pxVerify(req, new HttpServletResponseWrapper(resp));
2if (ctx != null && ctx.isVerified()) {
3    filterChain.doFilter(servletRequest, servletResponse);
4}
2

Optional: Add logging to indicate why the response was handled

1PXContext ctx = enforcer.pxVerify(req, new HttpServletResponseWrapper(resp));
2// isHandledResponse() returns true when HUMAN already wrote the response:
3//   - Request was blocked, OR
4//   - Request was handled by first-party mechanism
5// In both cases, do NOT forward to your application.
6if (ctx != null && ctx.isHandledResponse()) {
7    // HUMAN already handled the response - do NOT forward
8    // Optional: log why the response was handled
9    if (ctx.isFirstPartyRequest()) {
10          System.out.println("Handled by first-party mechanism");
11    }
12    if (!ctx.isRequestLowScore()) {
13          System.out.println("Blocked request");
14    }
15    return;
16}
17filterChain.doFilter(servletRequest, servletResponse);
3

Update the builder syntax

Finally, the old new PXConfiguration.Builder() was replaced by Lombok’s PXConfiguration.builder() and should be replaced accordingly:

1PXConfiguration config = new PXConfiguration.Builder()
2        .appId("<APP_ID>")
3        .build();