Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Case insensitive check for role in HttpServletRequest

Tags:

java

https

roles

servlets

user-roles

The javax.servlet.http.HttpServletRequest class has a method called isUserInRole. I use this to check if a user has, for example, the admin role. However, that method is case sensitive. So, if the role in the request was Admin or ADMIN, then isUserInRole("admin") would be false. I use the isUserInRole method in a number of places accross multiple applications to check for a number of different roles.

Is there a way to achieve the isUserInRole functionality case-insensitively that does not require checking each different possible case combination with isUserInRole?

like image 797
Andrew Mairose Avatar asked Dec 09 '15 17:12

Andrew Mairose

People also ask

Is request getHeader case sensitive?

The docs for getHeader(String) state: The header name is case insensitive.

Is request getParameter case sensitive?

Parameter names are case sensitive so, for example, request. get- Parameter("Param1") and request. getParameter("param1") are not interchangeable. The values supplied to getParameter and getParameterValues are case sensitive.

What is Httpservlet request?

The HttpServletRequest provides methods for accessing parameters of a request. The type of the request determines where the parameters come from. In most implementations, a GET request takes the parameters from the query string, while a POST request takes the parameters from the posted arguments.

What is HttpServletRequest and HttpServletResponse?

The HttpServletRequest object can be used to retrieve incoming HTTP request headers and form data. The HttpServletResponse object can be used to set the HTTP response headers (e.g., content-type) and the response message body.

2 Answers

You could implement a filter that wraps requests using a HttpServletRequestWrapper - implement your HttpServletRequestWrapper to override the isUserInRole() method to make it case-insensitive (eg, configure all roles in upper-case, test role params by converting to upper-case).

A quick search will find plenty of HTTPServletRequestWrapper examples...

like image 147
MattR Avatar answered Nov 09 '22 04:11

MattR

http://docs.oracle.com/javaee/6/tutorial/doc/gjiie.html

Just map multiple role names to the admin role:

<servlet>
    <security-role-ref>
        <role-name>admin</role-name>
        <role-link>admin</role-link>
    </security-role-ref>
    <security-role-ref>
        <role-name>Admin</role-name>
        <role-link>admin</role-link>
    </security-role-ref>
</servlet>

<security-role>
    <role-name>admin</role-name>
</security-role>
like image 3
isak gilbert Avatar answered Nov 09 '22 04:11

isak gilbert
Sign in to Comment

Related questions

I have a keystore file, how do I provide keyManagers to sslContext in Android app?
XMPP Connection with Smack 4.1 on Android Studio
How to run code before SpringJUnit4ClassRunner context initialization?
Unable to find a javac compiler com.sun.tools.javac.Main is not on the classpath error
How can I fire internal close request?
Intellij IDEA remotely debug java console program
Is Java SerialVersionUid of 1L ok? Or does it need to be unique?
What's the difference between a ServletHandler and a ServletContextHandler in Jetty?
How to create a singleton class using enum
Check the status of In-App Subscription in Android
Java ClassLoader getResource with special characters in path
Hibernate @GeneratedValue null error for primary key
How to get numeric keypad arrows working with java applications on Linux
How do you refer to nested types using generics in Java?
Springboot No qualifying bean of type [javax.sql.DataSource]
Why does Android Studio always show ActionBar in app design, even when disabled?
What is the difference between apache tomcat deployer and core version?
What's the easiest way to combine multiple collections into a stream in Java?
JPA: Saving List of values as comma separated values
When to use JavaFX properties setter and getter, instead of using the property directly

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!