ifAllGranted in servlet?

**aaaaa** · Aug 5th, 2006, 12:35 PM

Hi All,
in jsp I use "<authz:authorize ifAllGranted="ROLE_ADMIN">"
could somebody tell me how can I do same check in servlet?

thanks.

**jhh09** · Aug 7th, 2006, 04:05 PM

The following method can be used to see if a person has a permission.

Code:

	/**
	 * Returns true if the current user has been granted the given permission, else false.
	 * @param permToken
	 * @return
	 */
	
	public boolean isAuthorized(String permToken) {
		// find the permission in the user's list of permissions
		SecurityContext context = SecurityContextHolder.getContext();
		Authentication auth = context.getAuthentication();
		GrantedAuthority[] auths = auth.getAuthorities();
		for (int i = 0; i < auths.length; i++) {
			if (auths[i].getAuthority().equals(permToken)) {
				return true;
			}
		}
		
		// no permission found with the given name
		return false;
	}

jh

**RayKrueger** · Aug 7th, 2006, 08:57 PM

Or Consider adding a SecurityContextHolderAwareRequestFilter to your filterChainProxy config.
http://www.acegisecurity.org/multipr...estFilter.html

Then you can simply use request.isUserInRole("YOUR_ROLE_HERE");

**aaaaa** · Aug 8th, 2006, 12:39 PM

thanks! I've added SecurityContextHolderAwareRequestFilter and ... sometimes it works! the problem is - sometimes it doesn't .
sometimes request.isUserInRole returns false and I get nullpointerexception at the same time in this peace of code:
SecurityContext context = SecurityContextHolder.getContext();
Authentication auth = context.getAuthentication();
GrantedAuthority[] auths = auth.getAuthorities();

Originally Posted by RayKrueger

Or Consider adding a SecurityContextHolderAwareRequestFilter to your filterChainProxy config.
http://www.acegisecurity.org/multipr...estFilter.html

Then you can simply use request.isUserInRole("YOUR_ROLE_HERE");

Thread: ifAllGranted in servlet?

Thread Tools

Display

ifAllGranted in servlet?

Posting Permissions