public String createForm(HttpSession session, HttpServletRequest request, ModelMap modelMap) { if (request.isUserInRole("ROLE_ADMIN")) { // code here } }
@Override public boolean isUserInRole(String role) { return b.request.isUserInRole(role); }
@Override public boolean isUserInRole(final String role) { return request.isUserInRole(role); }
@Override public boolean isUserInRole(final String role) { return request.isUserInRole(role); }
@Override public boolean isUserInRole(String role) { return getRequest().isUserInRole(role); }
@Override public final boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws ServletException, IOException { if (this.authorizedRoles != null) { for (String role : this.authorizedRoles) { if (request.isUserInRole(role)) { return true; } } } handleNotAuthorized(request, response, handler); return false; }
/** * The default behavior of this method is to return isUserInRole(String role) * on the wrapped request object. */ public boolean isUserInRole(String role) { return this._getHttpServletRequest().isUserInRole(role); }
@Override public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.getWriter().write("This is a protected servlet \n"); String webName = null; if (request.getUserPrincipal() != null) { webName = request.getUserPrincipal().getName(); } response.getWriter().write("web username: " + webName + "\n"); boolean webHasRole = request.isUserInRole("architect"); response.getWriter().write("web user has role \"architect\": " + webHasRole + "\n"); }
@Override public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.getWriter().write("This is a public servlet \n"); String webName = null; if (request.getUserPrincipal() != null) { webName = request.getUserPrincipal().getName(); } response.getWriter().write("web username: " + webName + "\n"); boolean webHasRole = request.isUserInRole("architect"); response.getWriter().write("web user has role \"architect\": " + webHasRole + "\n"); }
@Override public boolean isUserInRole(String role) { return getRequest().isUserInRole(role); }
@Override public final boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws ServletException, IOException { if (this.authorizedRoles != null) { for (String role : this.authorizedRoles) { if (request.isUserInRole(role)) { return true; } } } handleNotAuthorized(request, response, handler); return false; }
/** * {@inheritDoc} */ @Override public boolean isUserInRole(String role) { if (outerRequest != null) { return outerRequest.isUserInRole(role); } else { return super.isUserInRole(role); } }
/** * Servlet container can tie a {@link ServletRequest} to the request handling thread, * so we need to capture all the information upfront to allow {@link Authentication} * to be passed to other threads, like update center does. See HUDSON-5382. */ public ContainerAuthentication(HttpServletRequest request) { this.principal = request.getUserPrincipal(); if (principal==null) throw new IllegalStateException(); // for anonymous users, we just don't call SecurityContextHolder.getContext().setAuthentication. // Servlet API doesn't provide a way to list up all roles the current user // has, so we need to ask AuthorizationStrategy what roles it is going to check against. List<GrantedAuthority> l = new ArrayList<GrantedAuthority>(); for( String g : Jenkins.getInstance().getAuthorizationStrategy().getGroups()) { if(request.isUserInRole(g)) l.add(new GrantedAuthorityImpl(g)); } l.add(SecurityRealm.AUTHENTICATED_AUTHORITY); authorities = l.toArray(new GrantedAuthority[l.size()]); }
@Override public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.getWriter().write("This is a public servlet \n"); String webName = null; boolean isCustomPrincipal = false; if (request.getUserPrincipal() != null) { Principal principal = request.getUserPrincipal(); isCustomPrincipal = principal instanceof MyPrincipal; webName = principal.getName(); } boolean webHasRole = request.isUserInRole("architect"); response.getWriter().write("isCustomPrincipal: " + isCustomPrincipal + "\n"); response.getWriter().write("web username: " + webName + "\n"); response.getWriter().write("web user has role \"architect\": " + webHasRole + "\n"); HttpSession session = request.getSession(false); if (session != null) { response.getWriter().write("Session ID: " + session.getId()); } else { response.getWriter().write("No session"); } }
@Override public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.getWriter().write("This is a protected servlet \n"); String webName = null; boolean isCustomPrincipal = false; if (request.getUserPrincipal() != null) { Principal principal = request.getUserPrincipal(); isCustomPrincipal = principal instanceof MyPrincipal; webName = request.getUserPrincipal().getName(); } boolean webHasRole = request.isUserInRole("architect"); response.getWriter().write("isCustomPrincipal: " + isCustomPrincipal + "\n"); response.getWriter().write("web username: " + webName + "\n"); response.getWriter().write("web user has role \"architect\": " + webHasRole + "\n"); HttpSession session = request.getSession(false); if (session != null) { response.getWriter().write("Session ID: " + session.getId()); } else { response.getWriter().write("No session"); } }
private Set<String> filterRoles(HttpServletRequest request, PermissionCollection permissionCollection) { Set<String> roles = new HashSet<>(); for (Permission permission : list(permissionCollection.elements())) { if (permission instanceof WebRoleRefPermission) { String role = permission.getActions(); // Note that the WebRoleRefPermission is given for every Servlet in the application, even when // no role refs are used anywhere. This will also include Servlets like the default servlet and the // implicit JSP servlet. So if there are 2 application roles, and 3 application servlets, then // at least 6 WebRoleRefPermission elements will be present in the collection. if (!roles.contains(role) && request.isUserInRole(role)) { roles.add(role); } } } return roles; }
@Override public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String webName = null; if (request.getUserPrincipal() != null) { webName = request.getUserPrincipal().getName(); } String ejbName = ""; try { ejbName = protectedEJB.getUserName(); } catch (Exception e) { logger.log(SEVERE, "", e); } response.getWriter().write("web username: " + webName + "\n" + "EJB username: " + ejbName + "\n"); boolean webHasRole = request.isUserInRole("architect"); boolean ejbHasRole = false; try { ejbHasRole = protectedEJB.isUserArchitect(); } catch (Exception e) { logger.log(SEVERE, "", e); } response.getWriter().write( "web user has role \"architect\": " + webHasRole + "\n" + "EJB user has role \"architect\": " + ejbHasRole + "\n"); }
@GetMapping("/role") public String role(HttpServletRequest request) { return String.valueOf(request.isUserInRole("USER")); }
@Override public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; assertThat(httpRequest.isUserInRole("USER")).isTrue(); assertThat(httpRequest.isUserInRole("INVALID")).isFalse(); super.doFilter(request, response); }
@Override public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; assertThat(httpRequest.isUserInRole("USER")).isTrue(); assertThat(httpRequest.isUserInRole("INVALID")).isFalse(); super.doFilter(request, response); }