jakarta.servlet.GenericServlet

jakarta.servlet.http.HttpServlet

ch.tocco.nice2.web.core.api.auth.SecureServlet

ch.tocco.nice2.web.core.impl.servlet.req.AbstractJsonServlet

ch.tocco.nice2.web.core.impl.servlet.req.CheckRequiredRolesServlet

All Implemented Interfaces:: jakarta.servlet.Servlet, jakarta.servlet.ServletConfig, Serializable

@Component public class CheckRequiredRolesServlet extends AbstractJsonServlet

Checks optional http parameter "require_roles". If parameter is set, at least one of comma-separated role needs to be available in logged in principal. Otherwise a forbidden status is returned. Can be used for logging in external services which require specific roles. Example: http://nginx.org/en/docs/http/ngx_http_auth_request_module.html Nginx config:

location /api {
    satisfy any;
    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/.htpasswd;
    auth_request /auth;

    auth_request_set $saved_set_cookie $upstream_cookie_nice_client_id;
    add_header Set-Cookie nice_client_id=$saved_set_cookie;
}

location = /auth {
    internal;

    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_pass https://customer.tocco.ch/nice2/check-required-roles?require_roles=developer,web_admin;
    proxy_pass_request_body off;
    proxy_set_header Content-Length "";
    proxy_set_header X-Original-URI $request_uri;
}

See Also:

Field Summary

Fields inherited from class SecureServlet
runEnvironmentService

Fields inherited from class jakarta.servlet.http.HttpServlet
LEGACY_DO_HEAD
Constructor Summary

Constructors

Constructor

Description

CheckRequiredRolesServlet(CredentialsRetrieverService credentialsRetrieverService, RunEnvironmentService runEnvironmentService, SecureSettings settings)
Method Summary

Modifier and Type

Method

Description

protected void

processRequest(jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse resp)

Methods inherited from class AbstractJsonServlet
doGet, doPost, newResponse

Methods inherited from class SecureServlet
checkSecuredConnection, service

Methods inherited from class jakarta.servlet.http.HttpServlet
doDelete, doHead, doOptions, doPut, doTrace, getLastModified, init, service

Methods inherited from class jakarta.servlet.GenericServlet
destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log

Methods inherited from class Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- CheckRequiredRolesServlet
  
  @Lazy public CheckRequiredRolesServlet(CredentialsRetrieverService credentialsRetrieverService, RunEnvironmentService runEnvironmentService, SecureSettings settings)
Method Details
- processRequest
  
  protected void processRequest(jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse resp) throws jakarta.servlet.ServletException, IOException
  
  Specified by:
  
  processRequest in class AbstractJsonServlet
  
  Throws:
  
  jakarta.servlet.ServletException
  
  IOException

Class CheckRequiredRolesServlet

Field Summary

Fields inherited from class SecureServlet

Fields inherited from class jakarta.servlet.http.HttpServlet

Constructor Summary

Method Summary

Methods inherited from class AbstractJsonServlet

Methods inherited from class SecureServlet

Methods inherited from class jakarta.servlet.http.HttpServlet

Methods inherited from class jakarta.servlet.GenericServlet

Methods inherited from class Object

Constructor Details

CheckRequiredRolesServlet

Method Details

processRequest