Skip to main content

[JIRA] Created: (SERVLET_SPEC-61) Provide an isAccessAllowed method to see if user has access to URL

  • From: "arjan tijms (JIRA)" <jira-no-reply@...>
  • To: issues@...
  • Subject: [JIRA] Created: (SERVLET_SPEC-61) Provide an isAccessAllowed method to see if user has access to URL
  • Date: Wed, 20 Feb 2013 19:37:53 +0000 (GMT+00:00)
  • Auto-submitted: auto-generated

Provide an isAccessAllowed method to see if user has access to URL
------------------------------------------------------------------

                 Key: SERVLET_SPEC-61
                 URL: http://java.net/jira/browse/SERVLET_SPEC-61
             Project: servlet-spec
          Issue Type: New Feature
            Reporter: arjan tijms


Following the Servlet spec, security constraints can be specified in 
{{web.xml}}. The Servlet container internally uses these to determine whether 
the current user has access to a given URL (Servlet 3.0 specification Section 
12.1).

There is however no method in the public API that user code can use to do the 
same check. A use case for this would be the rendering of a list of links 
(e.g. in a menu), where the requirement is to not render those links where 
the user does not have access to. Without a means to ask the Servlet 
container about the access for every link, the code must either duplicate the 
URL-role association somewhere (perhaps in a custom XML file), or has to 
duplicate the algorithm from Section 12.1.

Both solutions are not ideal, since the container already maintains this 
association and already has an implementation of said algorithm.

Therefor I would like to request a "{{boolean isAccessAllowed(String url, 
String role)}}" method to be provided by the Servlet API, perhaps added to 
{{HttpServletRequest}}, that user code can use to determine if the current 
user has access to a given URL (relative to the context root of the web app).



-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://java.net/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


[JIRA] Created: (SERVLET_SPEC-61) Provide an isAccessAllowed method to see if user has access to URL

arjan tijms (JIRA) 02/20/2013

[JIRA] Commented: (SERVLET_SPEC-61) Provide an isAccessAllowed method to see if user has access to URL

balusc (JIRA) 02/20/2013

[JIRA] Commented: (SERVLET_SPEC-61) Provide an isAccessAllowed method to see if user has access to URL

arjan tijms (JIRA) 02/20/2013

[JIRA] Assigned: (SERVLET_SPEC-61) Provide an isAccessAllowed method to see if user has access to URL

Shing Wai Chan (JIRA) 02/22/2013

[JIRA] Commented: (SERVLET_SPEC-61) Provide an isAccessAllowed method to see if user has access to URL

Shing Wai Chan (JIRA) 02/22/2013
 
 
Close
loading
Please Confirm
Close