Package org.pac4j.core.engine

Class DefaultSecurityLogic

java.lang.Object
org.pac4j.core.engine.AbstractExceptionAwareLogic
org.pac4j.core.engine.DefaultSecurityLogic
All Implemented Interfaces:
SecurityLogic
public class DefaultSecurityLogic extends AbstractExceptionAwareLogic implements SecurityLogic

Default security logic:

If the HTTP request matches the matchers configuration (or no matchers are defined), the security is applied. Otherwise, the user is automatically granted access.

First, if the user is not authenticated (no profile) and if some clients have been defined in the clients parameter, a login is tried for the direct clients.

Then, if the user has profile, authorizations are checked according to the authorizers configuration. If the authorizations are valid, the user is granted access. Otherwise, a 403 error page is displayed.

Finally, if the user is not authenticated (no profile), he is redirected to the appropriate identity provider if the first defined client is an indirect one in the clients configuration. Otherwise, a 401 error page is displayed.

Since:
1.9.0
Author:
Jerome Leleu

  • Field Details

  • Constructor Details

    • DefaultSecurityLogic

      public DefaultSecurityLogic()

  • Method Details

    • perform

      public Object perform(Config config, SecurityGrantedAccessAdapter securityGrantedAccessAdapter, String clients, String authorizers, String matchers, FrameworkParameters parameters)
      Perform the security logic.
      Specified by:
      perform in interface SecurityLogic
      Parameters:
      config - the configuration
      securityGrantedAccessAdapter - the success adapter
      clients - the defined clients
      authorizers - the defined authorizers
      matchers - the defined matchers
      parameters - framework parameters
      Returns:
      the resulting action of the security

    • loadProfiles

      protected List<UserProfile> loadProfiles(CallContext ctx, ProfileManager manager, List<Client> clients)
      Load the profiles.
      Parameters:
      ctx - the context
      manager - the profile manager
      clients - the current clients
      Returns:
      a List object

    • forbidden

      protected HttpAction forbidden(CallContext ctx, List<Client> currentClients, List<UserProfile> profiles, String authorizers)
      Return a forbidden error.
      Parameters:
      ctx - the context
      currentClients - the current clients
      profiles - the current profiles
      authorizers - the authorizers
      Returns:
      a forbidden error

    • startAuthentication

      protected boolean startAuthentication(CallContext ctx, List<Client> currentClients)
      Return whether we must start a login process if the first client is an indirect one.
      Parameters:
      ctx - the context
      currentClients - the current clients
      Returns:
      whether we must start a login process

    • saveRequestedUrl

      protected void saveRequestedUrl(CallContext ctx, List<Client> currentClients, AjaxRequestResolver ajaxRequestResolver)
      Save the requested url.
      Parameters:
      ctx - the context
      currentClients - the current clients
      ajaxRequestResolver - the AJAX request resolver

    • redirectToIdentityProvider

      protected HttpAction redirectToIdentityProvider(CallContext ctx, List<Client> currentClients)
      Perform a redirection to start the login process of the first indirect client.
      Parameters:
      ctx - the context
      currentClients - the current clients
      Returns:
      the performed redirection

    • unauthorized

      protected HttpAction unauthorized(CallContext ctx, List<Client> currentClients)
      Return an unauthorized error.
      Parameters:
      ctx - the context
      currentClients - the current clients
      Returns:
      an unauthorized error