Class CheckRequiredRolesServlet

java.lang.Object
javax.servlet.GenericServlet
javax.servlet.http.HttpServlet
All Implemented Interfaces:
Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig

@Component public class CheckRequiredRolesServlet extends AbstractJsonServlet
Checks optional http parameter "require_roles". If parameter is set, at least one of comma-separated role needs to be available in logged in principal. Otherwise a forbidden status is returned. Can be used for logging in external services which require specific roles. Example: http://nginx.org/en/docs/http/ngx_http_auth_request_module.html Nginx config:
 location /api {
     satisfy any;
     auth_basic "Restricted Access";
     auth_basic_user_file /etc/nginx/.htpasswd;
     auth_request /auth;

     auth_request_set $saved_set_cookie $upstream_cookie_nice_client_id;
     add_header Set-Cookie nice_client_id=$saved_set_cookie;
 }

 location = /auth {
     internal;

     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_set_header X-Forwarded-For $remote_addr;
     proxy_pass https://customer.tocco.ch/nice2/check-required-roles?require_roles=developer,web_admin;
     proxy_pass_request_body off;
     proxy_set_header Content-Length "";
     proxy_set_header X-Original-URI $request_uri;
 }
 
See Also: