Class DefaultSecurityLogic
- All Implemented Interfaces:
SecurityLogic
Default security logic:
If the HTTP request matches the matchers
configuration (or no matchers
are defined),
the security is applied. Otherwise, the user is automatically granted access.
First, if the user is not authenticated (no profile) and if some clients have been defined in the clients
parameter,
a login is tried for the direct clients.
Then, if the user has profile, authorizations are checked according to the authorizers
configuration.
If the authorizations are valid, the user is granted access. Otherwise, a 403 error page is displayed.
Finally, if the user is not authenticated (no profile), he is redirected to the appropriate identity provider
if the first defined client is an indirect one in the clients
configuration. Otherwise, a 401 error page is displayed.
- Since:
- 1.9.0
- Author:
- Jerome Leleu
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected HttpAction
forbidden
(CallContext ctx, List<Client> currentClients, List<UserProfile> profiles, String authorizers) Return a forbidden error.protected List
<UserProfile> loadProfiles
(CallContext ctx, ProfileManager manager, List<Client> clients) Load the profiles.perform
(Config config, SecurityGrantedAccessAdapter securityGrantedAccessAdapter, String clients, String authorizers, String matchers, FrameworkParameters parameters) Perform the security logic.protected HttpAction
redirectToIdentityProvider
(CallContext ctx, List<Client> currentClients) Perform a redirection to start the login process of the first indirect client.protected void
saveRequestedUrl
(CallContext ctx, List<Client> currentClients, AjaxRequestResolver ajaxRequestResolver) Save the requested url.protected boolean
startAuthentication
(CallContext ctx, List<Client> currentClients) Return whether we must start a login process if the first client is an indirect one.protected HttpAction
unauthorized
(CallContext ctx, List<Client> currentClients) Return an unauthorized error.Methods inherited from class org.pac4j.core.engine.AbstractExceptionAwareLogic
buildContext, handleException, runtimeException
-
Field Details
-
INSTANCE
ConstantINSTANCE
-
-
Constructor Details
-
DefaultSecurityLogic
public DefaultSecurityLogic()
-
-
Method Details
-
perform
public Object perform(Config config, SecurityGrantedAccessAdapter securityGrantedAccessAdapter, String clients, String authorizers, String matchers, FrameworkParameters parameters) Perform the security logic.- Specified by:
perform
in interfaceSecurityLogic
- Parameters:
config
- the configurationsecurityGrantedAccessAdapter
- the success adapterclients
- the defined clientsauthorizers
- the defined authorizersmatchers
- the defined matchersparameters
- framework parameters- Returns:
- the resulting action of the security
-
loadProfiles
protected List<UserProfile> loadProfiles(CallContext ctx, ProfileManager manager, List<Client> clients) Load the profiles.- Parameters:
ctx
- the contextmanager
- the profile managerclients
- the current clients- Returns:
- a
List
object
-
forbidden
protected HttpAction forbidden(CallContext ctx, List<Client> currentClients, List<UserProfile> profiles, String authorizers) Return a forbidden error.- Parameters:
ctx
- the contextcurrentClients
- the current clientsprofiles
- the current profilesauthorizers
- the authorizers- Returns:
- a forbidden error
-
startAuthentication
Return whether we must start a login process if the first client is an indirect one.- Parameters:
ctx
- the contextcurrentClients
- the current clients- Returns:
- whether we must start a login process
-
saveRequestedUrl
protected void saveRequestedUrl(CallContext ctx, List<Client> currentClients, AjaxRequestResolver ajaxRequestResolver) Save the requested url.- Parameters:
ctx
- the contextcurrentClients
- the current clientsajaxRequestResolver
- the AJAX request resolver
-
redirectToIdentityProvider
Perform a redirection to start the login process of the first indirect client.- Parameters:
ctx
- the contextcurrentClients
- the current clients- Returns:
- the performed redirection
-
unauthorized
Return an unauthorized error.- Parameters:
ctx
- the contextcurrentClients
- the current clients- Returns:
- an unauthorized error
-