Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
before-handler and accessmanager for custom servlets?
See original GitHub issueHi there, I managed to setup JWT Authentication like this:
io.javalin.Handler decodeHandler = JavalinJWT.createHeaderDecodeHandler(provider);
app.before(decodeHandler);
MyAccessManager am = new MyAccessManager(provider, rolesMapping, Roles.ANYONE /* default role if non is present in JWT */ );
app.accessManager(am);
So I have an “before” handler as well as an access-manager.
This works for routes like this:
app.get("/showheader", ctx -> Routes.showHeader(ctx), roles(Roles.DEVELOPER));
Perfect. But how about custom servlets like this example:
I tried to setup an before-handler for the path for this servlet, but is not triggered 😦
Do I have to implement the access-protection in the servlet again? Or is it somehow possible to define an access-validation on the url-path with the given access-manager?
br, Alex
Issue Analytics
- State:
- Created 4 years ago
- Comments:6 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
This is expected since you bypass all of facilities provided by Javalin and manipulated Jetty server directly. You created a new servlet on a different context path (therefore Javalin doesn’t know about it, the library simply registers it’s own servlet and then every time you do
app.get(),app.beforeit manipulates its’ internal state which still is stored and relevant in Javalin Servlet only).For now most probably you’ll have to call your functionality in two places. You could also take a look into Servlet Filters which surround Servlets (allow to perform pre and post processing of http requests around servlet functionality). For Javalin, which doesn’t use Filters, it’s worth investigating how they could help making the library more flexible and reusable.
@tuxedo0801 could you provide information on why you are forced to register
otherservlet this way (bypassing Javalin)? What are you trying to implement/achieve by that servlet? Maybe we could find an alternative solution for that.I barely want Javalin to be responsible for its own security. The
AccessManageris intended to be used per endpoint, and users have to write the implementation themselves. Javalin doesn’t know about the endpoints on your other servlets, so it’s not really a good match. You could attach a filter before both Javalin and the other servlet? For me it doesn’t make sense that Javalin should be responsible for the security of an unrelated servlet.