0

I want to add permissions to servlet methods in declarative way, for example:

// servlet
@Perms("admin", "finance")
public void doPost(servletRequest req, servletResponse res) {
   ...
}

// web filter
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) {
   List<String> allowedRoles = ... // somehow get values from @Perms
}

May be there is some other ways to do it without annotations, it is just example of idea what I want to do.

Or more abstract example:

@WebServlet("/someaddress")

// servlet
@What("have a nice day")
public void doPost(servletRequest req, servletResponse res) {
   ...
}

@WebFilter("/*")
// web filter
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) {
   String msg = ... // somehow get values from @What
}
Егор Лебедев
  • 1,161
  • 1
  • 10
  • 26
  • Have you read any tutorials on annotations yet? – Thorbjørn Ravn Andersen Aug 14 '20 at 10:34
  • @ThorbjørnRavnAndersen yeap, if using annotations like in my example, I don't know how to get value of that specific annotations method that request goes to => don't know how to get that specific servlet's method from web filter. – Егор Лебедев Aug 14 '20 at 10:38
  • https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwiwnuTuwJrrAhWDCOwKHY6JAEUQFjAEegQIBBAB&url=https%3A%2F%2Fdocs.oracle.com%2Fcd%2FE19226-01%2F820-7627%2Fgjgcq%2Findex.html&usg=AOvVaw1A-lPGCBdD1AImazlMV6UX https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwiwnuTuwJrrAhWDCOwKHY6JAEUQFjABegQIARAB&url=https%3A%2F%2Fwww.baeldung.com%2Fspring-security-expressions-basic&usg=AOvVaw0myYX2WEh5CZs_UZvv0ALw and such – Joop Eggen Aug 14 '20 at 10:42
  • @JoopEggen my question is how to get meta info (or specific servlet) from web filter – Егор Лебедев Aug 14 '20 at 10:49
  • @ЕгорЛебедев yes that is a bit tricky https://stackoverflow.com/questions/21307477/webfilter-base-on-user-role – Joop Eggen Aug 14 '20 at 10:53

1 Answers1

0

Here is solution

  1. declare annotation
@Retention(RetentionPolicy.RUNTIME)
public @interface What {
    String[] value();
}
  1. override init method in servlet (I think it will be usefull to declare another class that all servlet will be inherit with that init)
    @Override
    public void init() throws ServletException {
        ServletContext ctx = this.getServletContext();
        final Class[] sFormalArgs = {HttpServletRequest.class,HttpServletResponse.class};
        try {
            Method m = this.getClass().getDeclaredMethod("doGet", sFormalArgs); // do the same with other methods
            What a = m.getAnnotation(What.class);
            String[] value = a.value();
            ctx.setAttribute("someStuff", value);

        } catch (NoSuchMethodException e) {
            e.printStackTrace();
        }
    }
  1. add annotation to method
    @What({"admin", "finance"})
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp)
    {
        ....
    }
  1. get it in web filter
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain
    ) {
        HttpServletRequest req = (HttpServletRequest) servletRequest;
        ServletContext ctx = req.getServletContext();
        Object o = ctx.getAttribute("someStuff");
    }

do not forget to handle errors and multithreding issues

Егор Лебедев
  • 1,161
  • 1
  • 10
  • 26