Package org.pac4j.core.engine

Class DefaultSecurityLogic<R,​C extends WebContext>

  • All Implemented Interfaces:
    SecurityLogic<R,​C>
    public class DefaultSecurityLogic<R,​C extends WebContext>
extends AbstractExceptionAwareLogic<R,​C>
implements SecurityLogic<R,​C>

    Default security logic:

    If the HTTP request matches the matchers configuration (or no matchers are defined), the security is applied. Otherwise, the user is automatically granted access.

    First, if the user is not authenticated (no profile) and if some clients have been defined in the clients parameter, a login is tried for the direct clients.

    Then, if the user has profile, authorizations are checked according to the authorizers configuration. If the authorizations are valid, the user is granted access. Otherwise, a 403 error page is displayed.

    Finally, if the user is still not authenticated (no profile), he is redirected to the appropriate identity provider if the first defined client is an indirect one in the clients configuration. Otherwise, a 401 error page is displayed.

    Since:
    1.9.0
    Author:
    Jerome Leleu

    • Constructor Detail

      • DefaultSecurityLogic

        public DefaultSecurityLogic()

    • Method Detail

      • perform

        public R perform​(C context,
                 Config config,
                 SecurityGrantedAccessAdapter<R,​C> securityGrantedAccessAdapter,
                 HttpActionAdapter<R,​C> httpActionAdapter,
                 String clients,
                 String authorizers,
                 String matchers,
                 Boolean inputMultiProfile,
                 Object... parameters)
        Description copied from interface: SecurityLogic
        Perform the security logic.
        Specified by:
        perform in interface SecurityLogic<R,​C extends WebContext>
        Parameters:
        context - the web context
        config - the configuration
        securityGrantedAccessAdapter - the success adapter
        httpActionAdapter - the HTTP action adapter
        clients - the defined clients
        authorizers - the defined authorizers
        matchers - the defined matchers
        inputMultiProfile - whether multi profiles are supported
        parameters - additional parameters
        Returns:
        the resulting action of the security

      • forbidden

        protected HttpAction forbidden​(C context,
                               List<Client> currentClients,
                               List<UserProfile> profiles,
                               String authorizers)
        Return a forbidden error.
        Parameters:
        context - the web context
        currentClients - the current clients
        profiles - the current profiles
        authorizers - the authorizers
        Returns:
        a forbidden error

      • startAuthentication

        protected boolean startAuthentication​(C context,
                                      List<Client> currentClients)
        Return whether we must start a login process if the first client is an indirect one.
        Parameters:
        context - the web context
        currentClients - the current clients
        Returns:
        whether we must start a login process

      • saveRequestedUrl

        protected void saveRequestedUrl​(C context,
                                List<Client> currentClients,
                                AjaxRequestResolver ajaxRequestResolver)
        Save the requested url.
        Parameters:
        context - the web context
        currentClients - the current clients

      • redirectToIdentityProvider

        protected HttpAction redirectToIdentityProvider​(C context,
                                                List<Client> currentClients)
        Perform a redirection to start the login process of the first indirect client.
        Parameters:
        context - the web context
        currentClients - the current clients
        Returns:
        the performed redirection

      • unauthorized

        protected HttpAction unauthorized​(C context,
                                  List<Client> currentClients)
        Return an unauthorized error.
        Parameters:
        context - the web context
        currentClients - the current clients
        Returns:
        an unauthorized error

      • setClientFinder

        public void setClientFinder​(ClientFinder clientFinder)

      • setAuthorizationChecker

        public void setAuthorizationChecker​(AuthorizationChecker authorizationChecker)

      • setMatchingChecker

        public void setMatchingChecker​(MatchingChecker matchingChecker)

      • setProfileStorageDecision

        public void setProfileStorageDecision​(ProfileStorageDecision profileStorageDecision)

      • setSavedRequestHandler

        public void setSavedRequestHandler​(SavedRequestHandler savedRequestHandler)