Package org.wildfly.test.security.servlets

Class CheckIdentityPermissionServlet

java.lang.Object
jakarta.servlet.GenericServlet
jakarta.servlet.http.HttpServlet
org.wildfly.test.security.servlets.CheckIdentityPermissionServlet
All Implemented Interfaces:
jakarta.servlet.Servlet, jakarta.servlet.ServletConfig, Serializable
@WebServlet("/checkIdentityPermission") public class CheckIdentityPermissionServlet extends jakarta.servlet.http.HttpServlet
Servlet which checks if given identity has given permission in current Elytron security domain. If the "user" request parameter is not provided then an anonymous identity is used, otherwise the identity is retrieved by calling SecurityDomain.authenticate(String, org.wildfly.security.evidence.Evidence) method with "password" request parameter used as the Evidence.

The checked permission is specified by request parameters "class", "target" and "action".

Response body in normal cases contains just "true" or "false" String. If authentication to security domain fails, then status code HttpServletResponse.SC_FORBIDDEN is used for the response. If the check permission class parameter is missing then status code HttpServletResponse.SC_BAD_REQUEST is used for the response.

Author:
Josef Cacek
See Also:

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    PARAM_ACTION
     
    static final String
    PARAM_CLASS
     
    static final String
    PARAM_PASSWORD
     
    static final String
    PARAM_TARGET
     
    static final String
    PARAM_USER
     
    static final String
    SERVLET_PATH
     

    Fields inherited from class jakarta.servlet.http.HttpServlet

    LEGACY_DO_HEAD

  • Constructor Summary

    Constructors
    Constructor
    Description
    CheckIdentityPermissionServlet()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected void
    doGet(jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse resp)
     
    protected void
    doPost(jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse resp)
     

    Methods inherited from class jakarta.servlet.http.HttpServlet

    doDelete, doHead, doOptions, doPut, doTrace, getLastModified, init, service, service

    Methods inherited from class jakarta.servlet.GenericServlet

    destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

  • Constructor Details

    • CheckIdentityPermissionServlet

      public CheckIdentityPermissionServlet()

  • Method Details

    • doPost

      protected void doPost(jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse resp) throws jakarta.servlet.ServletException, IOException
      Overrides:
      doPost in class jakarta.servlet.http.HttpServlet
      Throws:
      jakarta.servlet.ServletException
      IOException

    • doGet

      protected void doGet(jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse resp) throws jakarta.servlet.ServletException, IOException
      Overrides:
      doGet in class jakarta.servlet.http.HttpServlet
      Throws:
      jakarta.servlet.ServletException
      IOException