PrecisionPete
Reputation: 3401
Servlet Access Filters and Roles
I am using a Servlet Filter to enforce access control. What is the best way to extend it to have it test for user roles? I can think of several solutions but none are elegant.
Coding a role test is not hard. But how do I pass the role to the filter for the given url?
e.g. In web.xml
<filter>
<filter-name>accessControl</filter-name>
<filter-class>filter.AccessControlFilter</filter-class>
<init-param>
<param-name>loginPage</param-name>
<param-value>/login/login.jsp</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>accessControl</filter-name>
<url-pattern>/admin/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>accessControl</filter-name>
<url-pattern>/domain/*</url-pattern>
</filter-mapping>
Thanks
Upvotes: 0
Views: 594
Answers (1)
Sudhakar
Reputation: 4873
Well exactly thats why always advise against custom Authorization , when there are standards available and frameworks implementing them are available in Plenty.
My fav would be Spring Security. Check this tutorial , this should put you in right direction
Another widely used alternative , but not quite as elegant and easy as spring would be
Upvotes: 1
Related Questions
- Restricting Roles in JSP-Servlet
- Servlet jsp, authentication filters
- Java: Using filter (user logged/user not logged)
- Servlet Filter for security
- Servlet Filter acts ambiguously?
- java servlet Filter : What is the best practice in checking Privileges of Users?
- servlet chain filter
- Tomcat SecurityFilter and Authorization
- java: question on filter and servlet mapping
- configure the same servlet to different mappings and set for each a different security