Securing a Servlet w/o Resource

Andreas Schaefer Sr. Mon, 10 Apr 2017 13:16:48 -0700

Hi

If I have a servlet that is not based on a resource how would
I secure access in Sling?


This is what I came up with on doPost():

userManager = AccessControlUtil.getUserManager(session);
Authorizable authorizable = 
userManager.getAuthorizable(request.getUserPrincipal());
if(authorizable == null) {
        // handle anonymous user
        return;
}
boolean ok = false;
if("admin".equals(authorizable.getID())) {
        ok = true;
} else {
        Iterator<Group> i = authorizable.declaredMemberOf();
        while(i.hasNext()) {
            Group group = i.next();
            if("sling-node".equals(group.getID())) {
                ok = true;
                break;
            }
        }
}
if(!ok) {
        // Handle wrong permissions
        return;
}

Securing a Servlet w/o Resource

Reply via email to