Skip to main content

[JIRA] Commented: (SERVLET_SPEC-61) Provide an isAccessAllowed method to see if user has access to URL

  • From: "Shing Wai Chan (JIRA)" <jira-no-reply@...>
  • To: issues@...
  • Subject: [JIRA] Commented: (SERVLET_SPEC-61) Provide an isAccessAllowed method to see if user has access to URL
  • Date: Fri, 22 Feb 2013 22:22:53 +0000 (GMT+00:00)
  • Auto-submitted: auto-generated


    [ 
http://java.net/jira/browse/SERVLET_SPEC-61?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=356866#action_356866
 ] 

Shing Wai Chan commented on SERVLET_SPEC-61:
--------------------------------------------

This can be achieved by checking javax.security.jacc.WebResourcePermission in 
JACC.

I am not sure whether it is necessary to provide the same functionality in 
Servlet spec.
Adding it to the bucket of FUTURE_RELEASE.


> Provide an isAccessAllowed method to see if user has access to URL
> ------------------------------------------------------------------
>
>                 Key: SERVLET_SPEC-61
>                 URL: http://java.net/jira/browse/SERVLET_SPEC-61
>             Project: servlet-spec
>          Issue Type: New Feature
>            Reporter: arjan tijms
>            Assignee: Shing Wai Chan
>
> Following the Servlet spec, security constraints can be specified in 
> {{web.xml}}. The Servlet container internally uses these to determine 
> whether the current user has access to a given URL (Servlet 3.0 
> specification Section 12.1).
> There is however no method in the public API that user code can use to do 
> the same check. A use case for this would be the rendering of a list of 
> links (e.g. in a menu), where the requirement is to not render those links 
> where the user does not have access to. Without a means to ask the Servlet 
> container about the access for every link, the code must either duplicate 
> the URL-role association somewhere (perhaps in a custom XML file), or has 
> to duplicate the algorithm from Section 12.1.
> Both solutions are not ideal, since the container already maintains this 
> association and already has an implementation of said algorithm.
> Therefor I would like to request a "{{boolean isAccessAllowed(String url, 
> String role)}}" method to be provided by the Servlet API, perhaps added to 
> {{HttpServletRequest}}, that user code can use to determine if the current 
> user has access to a given URL (relative to the context root of the web 
> app).

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://java.net/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


[JIRA] Created: (SERVLET_SPEC-61) Provide an isAccessAllowed method to see if user has access to URL

arjan tijms (JIRA) 02/20/2013

[JIRA] Commented: (SERVLET_SPEC-61) Provide an isAccessAllowed method to see if user has access to URL

balusc (JIRA) 02/20/2013

[JIRA] Commented: (SERVLET_SPEC-61) Provide an isAccessAllowed method to see if user has access to URL

arjan tijms (JIRA) 02/20/2013

[JIRA] Assigned: (SERVLET_SPEC-61) Provide an isAccessAllowed method to see if user has access to URL

Shing Wai Chan (JIRA) 02/22/2013

[JIRA] Commented: (SERVLET_SPEC-61) Provide an isAccessAllowed method to see if user has access to URL

Shing Wai Chan (JIRA) 02/22/2013
 
 
Close
loading
Please Confirm
Close