Hello,
I have been working on creating a servlet filter using atlassian SDK (custom plugin).
This servlet looks for URI containing "/rest/api/2" and then sends an http response over an html stating customers accessing the JIRA API are not allowed.
I'm looking to further improve on this code piece by filtering the users accessing the JIRA API depending upon the roles (RBAC) in JIRA. So basically I would like to somehow allow or reject a user accessing a JIRA API (at any given time) depending upon what role do they belong to in JIRA.
This is a piece of JIRA_Servlet.java that I have. Any help will be appreciated.
package jiraservletwrapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class JIRA_Wrapper implements Filter{
private static final Logger log = LoggerFactory.getLogger(JIRA_Wrapper.class);
@Override
public void init(FilterConfig filterConfig)throws ServletException{
}
@Override
public void destroy(){
}
@Override
public void doFilter(ServletRequest req,ServletResponse res,FilterChain chain)throws IOException,ServletException{
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse httpResponse = (HttpServletResponse) res;
String requestURI = request.getRequestURI();
if (requestURI.startsWith("/rest/api/2/")) {
httpResponse.setContentType("text/html");
httpResponse.sendError(HttpServletResponse.SC_BAD_REQUEST, "Request rejected - You are not authorized. Please reach out to DevOps_Tooling");
} else {
chain.doFilter(req, res);
}
//continue the request
}
}
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.