Class DefaultSecurityLogic<R,C extends WebContext>
- java.lang.Object
-
- org.pac4j.core.profile.factory.ProfileManagerFactoryAware<C>
-
- org.pac4j.core.engine.AbstractExceptionAwareLogic<R,C>
-
- org.pac4j.core.engine.DefaultSecurityLogic<R,C>
-
- All Implemented Interfaces:
SecurityLogic<R,C>
public class DefaultSecurityLogic<R,C extends WebContext> extends AbstractExceptionAwareLogic<R,C> implements SecurityLogic<R,C>
Default security logic:
If the HTTP request matches the
matchers
configuration (or nomatchers
are defined), the security is applied. Otherwise, the user is automatically granted access.First, if the user is not authenticated (no profile) and if some clients have been defined in the
clients
parameter, a login is tried for the direct clients.Then, if the user has profile, authorizations are checked according to the
authorizers
configuration. If the authorizations are valid, the user is granted access. Otherwise, a 403 error page is displayed.Finally, if the user is still not authenticated (no profile), he is redirected to the appropriate identity provider if the first defined client is an indirect one in the
clients
configuration. Otherwise, a 401 error page is displayed.- Since:
- 1.9.0
- Author:
- Jerome Leleu
-
-
Field Summary
-
Fields inherited from class org.pac4j.core.engine.AbstractExceptionAwareLogic
logger
-
-
Constructor Summary
Constructors Constructor Description DefaultSecurityLogic()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected HttpAction
forbidden(C context, List<Client> currentClients, List<UserProfile> profiles, String authorizers)
Return a forbidden error.AuthorizationChecker
getAuthorizationChecker()
ClientFinder
getClientFinder()
MatchingChecker
getMatchingChecker()
ProfileStorageDecision
getProfileStorageDecision()
SavedRequestHandler
getSavedRequestHandler()
R
perform(C context, Config config, SecurityGrantedAccessAdapter<R,C> securityGrantedAccessAdapter, HttpActionAdapter<R,C> httpActionAdapter, String clients, String authorizers, String matchers, Boolean inputMultiProfile, Object... parameters)
Perform the security logic.protected HttpAction
redirectToIdentityProvider(C context, List<Client> currentClients)
Perform a redirection to start the login process of the first indirect client.protected void
saveRequestedUrl(C context, List<Client> currentClients, AjaxRequestResolver ajaxRequestResolver)
Save the requested url.void
setAuthorizationChecker(AuthorizationChecker authorizationChecker)
void
setClientFinder(ClientFinder clientFinder)
void
setMatchingChecker(MatchingChecker matchingChecker)
void
setProfileStorageDecision(ProfileStorageDecision profileStorageDecision)
void
setSavedRequestHandler(SavedRequestHandler savedRequestHandler)
protected boolean
startAuthentication(C context, List<Client> currentClients)
Return whether we must start a login process if the first client is an indirect one.String
toString()
protected HttpAction
unauthorized(C context, List<Client> currentClients)
Return an unauthorized error.-
Methods inherited from class org.pac4j.core.engine.AbstractExceptionAwareLogic
getErrorUrl, handleException, runtimeException, setErrorUrl
-
Methods inherited from class org.pac4j.core.profile.factory.ProfileManagerFactoryAware
getProfileManager, getProfileManagerFactory, setProfileManagerFactory
-
-
-
-
Method Detail
-
perform
public R perform(C context, Config config, SecurityGrantedAccessAdapter<R,C> securityGrantedAccessAdapter, HttpActionAdapter<R,C> httpActionAdapter, String clients, String authorizers, String matchers, Boolean inputMultiProfile, Object... parameters)
Description copied from interface:SecurityLogic
Perform the security logic.- Specified by:
perform
in interfaceSecurityLogic<R,C extends WebContext>
- Parameters:
context
- the web contextconfig
- the configurationsecurityGrantedAccessAdapter
- the success adapterhttpActionAdapter
- the HTTP action adapterclients
- the defined clientsauthorizers
- the defined authorizersmatchers
- the defined matchersinputMultiProfile
- whether multi profiles are supportedparameters
- additional parameters- Returns:
- the resulting action of the security
-
forbidden
protected HttpAction forbidden(C context, List<Client> currentClients, List<UserProfile> profiles, String authorizers)
Return a forbidden error.- Parameters:
context
- the web contextcurrentClients
- the current clientsprofiles
- the current profilesauthorizers
- the authorizers- Returns:
- a forbidden error
-
startAuthentication
protected boolean startAuthentication(C context, List<Client> currentClients)
Return whether we must start a login process if the first client is an indirect one.- Parameters:
context
- the web contextcurrentClients
- the current clients- Returns:
- whether we must start a login process
-
saveRequestedUrl
protected void saveRequestedUrl(C context, List<Client> currentClients, AjaxRequestResolver ajaxRequestResolver)
Save the requested url.- Parameters:
context
- the web contextcurrentClients
- the current clients
-
redirectToIdentityProvider
protected HttpAction redirectToIdentityProvider(C context, List<Client> currentClients)
Perform a redirection to start the login process of the first indirect client.- Parameters:
context
- the web contextcurrentClients
- the current clients- Returns:
- the performed redirection
-
unauthorized
protected HttpAction unauthorized(C context, List<Client> currentClients)
Return an unauthorized error.- Parameters:
context
- the web contextcurrentClients
- the current clients- Returns:
- an unauthorized error
-
getClientFinder
public ClientFinder getClientFinder()
-
setClientFinder
public void setClientFinder(ClientFinder clientFinder)
-
getAuthorizationChecker
public AuthorizationChecker getAuthorizationChecker()
-
setAuthorizationChecker
public void setAuthorizationChecker(AuthorizationChecker authorizationChecker)
-
getMatchingChecker
public MatchingChecker getMatchingChecker()
-
setMatchingChecker
public void setMatchingChecker(MatchingChecker matchingChecker)
-
getProfileStorageDecision
public ProfileStorageDecision getProfileStorageDecision()
-
setProfileStorageDecision
public void setProfileStorageDecision(ProfileStorageDecision profileStorageDecision)
-
getSavedRequestHandler
public SavedRequestHandler getSavedRequestHandler()
-
setSavedRequestHandler
public void setSavedRequestHandler(SavedRequestHandler savedRequestHandler)
-
-