Class DefaultSecurityLogic
- java.lang.Object
-
- org.pac4j.core.profile.factory.ProfileManagerFactoryAware
-
- org.pac4j.core.engine.AbstractExceptionAwareLogic
-
- org.pac4j.core.engine.DefaultSecurityLogic
-
- All Implemented Interfaces:
SecurityLogic
public class DefaultSecurityLogic extends AbstractExceptionAwareLogic implements SecurityLogic
Default security logic:
If the HTTP request matches the
matchers
configuration (or nomatchers
are defined), the security is applied. Otherwise, the user is automatically granted access.First, if the user is not authenticated (no profile) and if some clients have been defined in the
clients
parameter, a login is tried for the direct clients.Then, if the user has profile, authorizations are checked according to the
authorizers
configuration. If the authorizations are valid, the user is granted access. Otherwise, a 403 error page is displayed.Finally, if the user is not authenticated (no profile), he is redirected to the appropriate identity provider if the first defined client is an indirect one in the
clients
configuration. Otherwise, a 401 error page is displayed.- Since:
- 1.9.0
- Author:
- Jerome Leleu
-
-
Field Summary
Fields Modifier and Type Field Description static DefaultSecurityLogic
INSTANCE
-
Constructor Summary
Constructors Constructor Description DefaultSecurityLogic()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected HttpAction
forbidden(WebContext context, SessionStore sessionStore, java.util.List<Client> currentClients, java.util.List<UserProfile> profiles, java.lang.String authorizers)
Return a forbidden error.AuthorizationChecker
getAuthorizationChecker()
ClientFinder
getClientFinder()
MatchingChecker
getMatchingChecker()
SavedRequestHandler
getSavedRequestHandler()
boolean
isLoadProfilesFromSession()
protected java.util.List<UserProfile>
loadProfiles(ProfileManager manager, WebContext context, SessionStore sessionStore, java.util.List<Client> clients)
Load the profiles.java.lang.Object
perform(WebContext context, SessionStore sessionStore, Config config, SecurityGrantedAccessAdapter securityGrantedAccessAdapter, HttpActionAdapter httpActionAdapter, java.lang.String clients, java.lang.String authorizers, java.lang.String matchers, java.lang.Object... parameters)
Perform the security logic.protected HttpAction
redirectToIdentityProvider(WebContext context, SessionStore sessionStore, java.util.List<Client> currentClients)
Perform a redirection to start the login process of the first indirect client.protected void
saveRequestedUrl(WebContext context, SessionStore sessionStore, java.util.List<Client> currentClients, AjaxRequestResolver ajaxRequestResolver)
Save the requested url.void
setAuthorizationChecker(AuthorizationChecker authorizationChecker)
void
setClientFinder(ClientFinder clientFinder)
void
setLoadProfilesFromSession(boolean loadProfilesFromSession)
void
setMatchingChecker(MatchingChecker matchingChecker)
void
setSavedRequestHandler(SavedRequestHandler savedRequestHandler)
protected boolean
startAuthentication(WebContext context, SessionStore sessionStore, java.util.List<Client> currentClients)
Return whether we must start a login process if the first client is an indirect one.java.lang.String
toString()
protected HttpAction
unauthorized(WebContext context, SessionStore sessionStore, java.util.List<Client> currentClients)
Return an unauthorized error.-
Methods inherited from class org.pac4j.core.engine.AbstractExceptionAwareLogic
getErrorUrl, handleException, runtimeException, setErrorUrl
-
Methods inherited from class org.pac4j.core.profile.factory.ProfileManagerFactoryAware
getProfileManager, getProfileManagerFactory, setProfileManagerFactory
-
-
-
-
Field Detail
-
INSTANCE
public static final DefaultSecurityLogic INSTANCE
-
-
Method Detail
-
perform
public java.lang.Object perform(WebContext context, SessionStore sessionStore, Config config, SecurityGrantedAccessAdapter securityGrantedAccessAdapter, HttpActionAdapter httpActionAdapter, java.lang.String clients, java.lang.String authorizers, java.lang.String matchers, java.lang.Object... parameters)
Description copied from interface:SecurityLogic
Perform the security logic.- Specified by:
perform
in interfaceSecurityLogic
- Parameters:
context
- the web contextsessionStore
- the session storeconfig
- the configurationsecurityGrantedAccessAdapter
- the success adapterhttpActionAdapter
- the HTTP action adapterclients
- the defined clientsauthorizers
- the defined authorizersmatchers
- the defined matchersparameters
- additional parameters- Returns:
- the resulting action of the security
-
loadProfiles
protected java.util.List<UserProfile> loadProfiles(ProfileManager manager, WebContext context, SessionStore sessionStore, java.util.List<Client> clients)
Load the profiles.- Parameters:
manager
- the profile managercontext
- the web contextsessionStore
- the session storeclients
- the current clients- Returns:
-
forbidden
protected HttpAction forbidden(WebContext context, SessionStore sessionStore, java.util.List<Client> currentClients, java.util.List<UserProfile> profiles, java.lang.String authorizers)
Return a forbidden error.- Parameters:
context
- the web contextsessionStore
- the session storecurrentClients
- the current clientsprofiles
- the current profilesauthorizers
- the authorizers- Returns:
- a forbidden error
-
startAuthentication
protected boolean startAuthentication(WebContext context, SessionStore sessionStore, java.util.List<Client> currentClients)
Return whether we must start a login process if the first client is an indirect one.- Parameters:
context
- the web contextsessionStore
- the session storecurrentClients
- the current clients- Returns:
- whether we must start a login process
-
saveRequestedUrl
protected void saveRequestedUrl(WebContext context, SessionStore sessionStore, java.util.List<Client> currentClients, AjaxRequestResolver ajaxRequestResolver)
Save the requested url.- Parameters:
context
- the web contextsessionStore
- the session storecurrentClients
- the current clientsajaxRequestResolver
- the AJAX request resolver
-
redirectToIdentityProvider
protected HttpAction redirectToIdentityProvider(WebContext context, SessionStore sessionStore, java.util.List<Client> currentClients)
Perform a redirection to start the login process of the first indirect client.- Parameters:
context
- the web contextsessionStore
- the session storecurrentClients
- the current clients- Returns:
- the performed redirection
-
unauthorized
protected HttpAction unauthorized(WebContext context, SessionStore sessionStore, java.util.List<Client> currentClients)
Return an unauthorized error.- Parameters:
context
- the web contextsessionStore
- the session storecurrentClients
- the current clients- Returns:
- an unauthorized error
-
getClientFinder
public ClientFinder getClientFinder()
-
setClientFinder
public void setClientFinder(ClientFinder clientFinder)
-
getAuthorizationChecker
public AuthorizationChecker getAuthorizationChecker()
-
setAuthorizationChecker
public void setAuthorizationChecker(AuthorizationChecker authorizationChecker)
-
getMatchingChecker
public MatchingChecker getMatchingChecker()
-
setMatchingChecker
public void setMatchingChecker(MatchingChecker matchingChecker)
-
getSavedRequestHandler
public SavedRequestHandler getSavedRequestHandler()
-
setSavedRequestHandler
public void setSavedRequestHandler(SavedRequestHandler savedRequestHandler)
-
setLoadProfilesFromSession
public void setLoadProfilesFromSession(boolean loadProfilesFromSession)
-
isLoadProfilesFromSession
public boolean isLoadProfilesFromSession()
-
toString
public java.lang.String toString()
- Overrides:
toString
in classjava.lang.Object
-
-