My call stack is as follows:
MyService.getStatus calls MyUtil.getDetails calls AuthorisationHandler.isAllowed
The problem is inside AuthorisationHandler.isAllowed, the request object is not in scope so I cannot simply call request.isUserInRole("ADMIN") to determine if the user has access to this particular area of code. And I'm trying to avoid passing the request object all the way down the call stack.
Is there a way in pure Java (not Spring), to fetch/retrieve the list of roles associated with the current user at this point in the stack?
Servlet.java
import java.io.IOException;
import java.lang.annotation.Annotation;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class Servlet extends HttpServlet {
private static final long serialVersionUID = 1L;
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.getWriter().write("Has role \"ADMIN\": " + request.isUserInRole("ADMIN") + "\n");
boolean isDone = MyService.getStatus();
}
}
