Package org.pac4j.core.engine

Class DefaultSecurityLogic

java.lang.Object
org.pac4j.core.profile.factory.ProfileManagerFactoryAware
org.pac4j.core.engine.AbstractExceptionAwareLogic
org.pac4j.core.engine.DefaultSecurityLogic
All Implemented Interfaces:
SecurityLogic
public class DefaultSecurityLogic extends AbstractExceptionAwareLogic implements SecurityLogic

Default security logic:

If the HTTP request matches the matchers configuration (or no matchers are defined), the security is applied. Otherwise, the user is automatically granted access.

First, if the user is not authenticated (no profile) and if some clients have been defined in the clients parameter, a login is tried for the direct clients.

Then, if the user has profile, authorizations are checked according to the authorizers configuration. If the authorizations are valid, the user is granted access. Otherwise, a 403 error page is displayed.

Finally, if the user is not authenticated (no profile), he is redirected to the appropriate identity provider if the first defined client is an indirect one in the clients configuration. Otherwise, a 401 error page is displayed.

Since:
1.9.0
Author:
Jerome Leleu

  • Field Details

  • Constructor Details

    • DefaultSecurityLogic

      public DefaultSecurityLogic()

  • Method Details

    • perform

      public Object perform(WebContext context, SessionStore sessionStore, Config config, SecurityGrantedAccessAdapter securityGrantedAccessAdapter, HttpActionAdapter httpActionAdapter, String clients, String authorizers, String matchers, Object... parameters)
      Description copied from interface: SecurityLogic
      Perform the security logic.
      Specified by:
      perform in interface SecurityLogic
      Parameters:
      context - the web context
      sessionStore - the session store
      config - the configuration
      securityGrantedAccessAdapter - the success adapter
      httpActionAdapter - the HTTP action adapter
      clients - the defined clients
      authorizers - the defined authorizers
      matchers - the defined matchers
      parameters - additional parameters
      Returns:
      the resulting action of the security

    • loadProfiles

      protected List<UserProfile> loadProfiles(ProfileManager manager, WebContext context, SessionStore sessionStore, List<Client> clients)
      Load the profiles.
      Parameters:
      manager - the profile manager
      context - the web context
      sessionStore - the session store
      clients - the current clients
      Returns:

    • forbidden

      protected HttpAction forbidden(WebContext context, SessionStore sessionStore, List<Client> currentClients, List<UserProfile> profiles, String authorizers)
      Return a forbidden error.
      Parameters:
      context - the web context
      sessionStore - the session store
      currentClients - the current clients
      profiles - the current profiles
      authorizers - the authorizers
      Returns:
      a forbidden error

    • startAuthentication

      protected boolean startAuthentication(WebContext context, SessionStore sessionStore, List<Client> currentClients)
      Return whether we must start a login process if the first client is an indirect one.
      Parameters:
      context - the web context
      sessionStore - the session store
      currentClients - the current clients
      Returns:
      whether we must start a login process

    • saveRequestedUrl

      protected void saveRequestedUrl(WebContext context, SessionStore sessionStore, List<Client> currentClients, AjaxRequestResolver ajaxRequestResolver)
      Save the requested url.
      Parameters:
      context - the web context
      sessionStore - the session store
      currentClients - the current clients
      ajaxRequestResolver - the AJAX request resolver

    • redirectToIdentityProvider

      protected HttpAction redirectToIdentityProvider(WebContext context, SessionStore sessionStore, List<Client> currentClients)
      Perform a redirection to start the login process of the first indirect client.
      Parameters:
      context - the web context
      sessionStore - the session store
      currentClients - the current clients
      Returns:
      the performed redirection

    • unauthorized

      protected HttpAction unauthorized(WebContext context, SessionStore sessionStore, List<Client> currentClients)
      Return an unauthorized error.
      Parameters:
      context - the web context
      sessionStore - the session store
      currentClients - the current clients
      Returns:
      an unauthorized error

    • getClientFinder

      public ClientFinder getClientFinder()

    • setClientFinder

      public void setClientFinder(ClientFinder clientFinder)

    • getAuthorizationChecker

      public AuthorizationChecker getAuthorizationChecker()

    • setAuthorizationChecker

      public void setAuthorizationChecker(AuthorizationChecker authorizationChecker)

    • getMatchingChecker

      public MatchingChecker getMatchingChecker()

    • setMatchingChecker

      public void setMatchingChecker(MatchingChecker matchingChecker)

    • getSavedRequestHandler

      public SavedRequestHandler getSavedRequestHandler()

    • setSavedRequestHandler

      public void setSavedRequestHandler(SavedRequestHandler savedRequestHandler)

    • setLoadProfilesFromSession

      public void setLoadProfilesFromSession(boolean loadProfilesFromSession)

    • isLoadProfilesFromSession

      public boolean isLoadProfilesFromSession()

    • toString

      public String toString()
      Overrides:
      toString in class Object