Package org.pac4j.core.engine

Class DefaultSecurityLogic

  • All Implemented Interfaces:
    SecurityLogic
    public class DefaultSecurityLogic
extends AbstractExceptionAwareLogic
implements SecurityLogic

    Default security logic:

    If the HTTP request matches the matchers configuration (or no matchers are defined), the security is applied. Otherwise, the user is automatically granted access.

    First, if the user is not authenticated (no profile) and if some clients have been defined in the clients parameter, a login is tried for the direct clients.

    Then, if the user has profile, authorizations are checked according to the authorizers configuration. If the authorizations are valid, the user is granted access. Otherwise, a 403 error page is displayed.

    Finally, if the user is not authenticated (no profile), he is redirected to the appropriate identity provider if the first defined client is an indirect one in the clients configuration. Otherwise, a 401 error page is displayed.

    Since:
    1.9.0
    Author:
    Jerome Leleu

    • Constructor Detail

      • DefaultSecurityLogic

        public DefaultSecurityLogic()

    • Method Detail

      • perform

        public java.lang.Object perform​(WebContext context,
                                SessionStore sessionStore,
                                Config config,
                                SecurityGrantedAccessAdapter securityGrantedAccessAdapter,
                                HttpActionAdapter httpActionAdapter,
                                java.lang.String clients,
                                java.lang.String authorizers,
                                java.lang.String matchers,
                                java.lang.Object... parameters)
        Description copied from interface: SecurityLogic
        Perform the security logic.
        Specified by:
        perform in interface SecurityLogic
        Parameters:
        context - the web context
        sessionStore - the session store
        config - the configuration
        securityGrantedAccessAdapter - the success adapter
        httpActionAdapter - the HTTP action adapter
        clients - the defined clients
        authorizers - the defined authorizers
        matchers - the defined matchers
        parameters - additional parameters
        Returns:
        the resulting action of the security

      • loadProfiles

        protected java.util.List<UserProfile> loadProfiles​(ProfileManager manager,
                                                   WebContext context,
                                                   SessionStore sessionStore,
                                                   java.util.List<Client> clients)
        Load the profiles.
        Parameters:
        manager - the profile manager
        context - the web context
        sessionStore - the session store
        clients - the current clients
        Returns:

      • forbidden

        protected HttpAction forbidden​(WebContext context,
                               SessionStore sessionStore,
                               java.util.List<Client> currentClients,
                               java.util.List<UserProfile> profiles,
                               java.lang.String authorizers)
        Return a forbidden error.
        Parameters:
        context - the web context
        sessionStore - the session store
        currentClients - the current clients
        profiles - the current profiles
        authorizers - the authorizers
        Returns:
        a forbidden error

      • startAuthentication

        protected boolean startAuthentication​(WebContext context,
                                      SessionStore sessionStore,
                                      java.util.List<Client> currentClients)
        Return whether we must start a login process if the first client is an indirect one.
        Parameters:
        context - the web context
        sessionStore - the session store
        currentClients - the current clients
        Returns:
        whether we must start a login process

      • saveRequestedUrl

        protected void saveRequestedUrl​(WebContext context,
                                SessionStore sessionStore,
                                java.util.List<Client> currentClients,
                                AjaxRequestResolver ajaxRequestResolver)
        Save the requested url.
        Parameters:
        context - the web context
        sessionStore - the session store
        currentClients - the current clients
        ajaxRequestResolver - the AJAX request resolver

      • redirectToIdentityProvider

        protected HttpAction redirectToIdentityProvider​(WebContext context,
                                                SessionStore sessionStore,
                                                java.util.List<Client> currentClients)
        Perform a redirection to start the login process of the first indirect client.
        Parameters:
        context - the web context
        sessionStore - the session store
        currentClients - the current clients
        Returns:
        the performed redirection

      • unauthorized

        protected HttpAction unauthorized​(WebContext context,
                                  SessionStore sessionStore,
                                  java.util.List<Client> currentClients)
        Return an unauthorized error.
        Parameters:
        context - the web context
        sessionStore - the session store
        currentClients - the current clients
        Returns:
        an unauthorized error

      • setClientFinder

        public void setClientFinder​(ClientFinder clientFinder)

      • setAuthorizationChecker

        public void setAuthorizationChecker​(AuthorizationChecker authorizationChecker)

      • setMatchingChecker

        public void setMatchingChecker​(MatchingChecker matchingChecker)

      • setSavedRequestHandler

        public void setSavedRequestHandler​(SavedRequestHandler savedRequestHandler)

      • setLoadProfilesFromSession

        public void setLoadProfilesFromSession​(boolean loadProfilesFromSession)

      • isLoadProfilesFromSession

        public boolean isLoadProfilesFromSession()

      • toString

        public java.lang.String toString()
        Overrides:
        toString in class java.lang.Object