| Modifier and Type | Method and Description |
|---|---|
protected boolean |
CheckHttpMethodAuthorizer.check(WebContext context,
CommonProfile profile,
HttpConstants.HTTP_METHOD element) |
protected boolean |
CheckProfileTypeAuthorizer.check(WebContext context,
U profile,
java.lang.Class<U> element) |
protected abstract boolean |
AbstractRequireElementAuthorizer.check(WebContext context,
U profile,
E element)
Check a specific element.
|
protected boolean |
RequireAnyRoleAuthorizer.check(WebContext context,
U profile,
java.lang.String element) |
protected boolean |
RequireAnyPermissionAuthorizer.check(WebContext context,
U profile,
java.lang.String element) |
protected boolean |
RequireAllRolesAuthorizer.check(WebContext context,
U profile,
java.lang.String element) |
protected boolean |
RequireAllPermissionsAuthorizer.check(WebContext context,
U profile,
java.lang.String element) |
protected boolean |
RequireAnyAttributeAuthorizer.check(WebContext context,
U profile,
java.lang.String element) |
protected boolean |
AbstractCheckAuthenticationAuthorizer.handleError(WebContext context) |
protected boolean |
ProfileAuthorizer.handleError(WebContext context)
Handle the error.
|
boolean |
ProfileAuthorizer.isAllAuthorized(WebContext context,
java.util.List<U> profiles)
If all profiles are authorized.
|
boolean |
ProfileAuthorizer.isAnyAuthorized(WebContext context,
java.util.List<U> profiles)
If any of the profiles is authorized.
|
boolean |
CacheControlHeader.isAuthorized(WebContext context,
java.util.List<CommonProfile> profiles) |
boolean |
XFrameOptionsHeader.isAuthorized(WebContext context,
java.util.List<CommonProfile> profiles) |
boolean |
XSSProtectionHeader.isAuthorized(WebContext context,
java.util.List<CommonProfile> profiles) |
boolean |
StrictTransportSecurityHeader.isAuthorized(WebContext context,
java.util.List<CommonProfile> profiles) |
boolean |
XContentTypeOptionsHeader.isAuthorized(WebContext context,
java.util.List<CommonProfile> profiles) |
boolean |
CorsAuthorizer.isAuthorized(WebContext context,
java.util.List<CommonProfile> profiles) |
boolean |
AbstractRequireElementAuthorizer.isAuthorized(WebContext context,
java.util.List<U> profiles) |
boolean |
IsRememberedAuthorizer.isAuthorized(WebContext context,
java.util.List<U> profiles) |
boolean |
Authorizer.isAuthorized(WebContext context,
java.util.List<U> profiles)
Checks if the user profiles and / or the current web context are authorized.
|
boolean |
IsFullyAuthenticatedAuthorizer.isAuthorized(WebContext context,
java.util.List<U> profiles) |
boolean |
IsAnonymousAuthorizer.isAuthorized(WebContext context,
java.util.List<U> profiles) |
boolean |
AndAuthorizer.isAuthorized(WebContext context,
java.util.List<U> profiles) |
boolean |
IsAuthenticatedAuthorizer.isAuthorized(WebContext context,
java.util.List<U> profiles) |
boolean |
OrAuthorizer.isAuthorized(WebContext context,
java.util.List<U> profiles) |
protected boolean |
AbstractRequireAllAuthorizer.isProfileAuthorized(WebContext context,
U profile) |
boolean |
IsRememberedAuthorizer.isProfileAuthorized(WebContext context,
U profile) |
boolean |
IsFullyAuthenticatedAuthorizer.isProfileAuthorized(WebContext context,
U profile) |
boolean |
IsAnonymousAuthorizer.isProfileAuthorized(WebContext context,
U profile) |
protected boolean |
AbstractRequireAnyAuthorizer.isProfileAuthorized(WebContext context,
U profile) |
protected abstract boolean |
ProfileAuthorizer.isProfileAuthorized(WebContext context,
U profile)
Whether a specific profile is authorized.
|
boolean |
IsAuthenticatedAuthorizer.isProfileAuthorized(WebContext context,
U profile) |
| Modifier and Type | Method and Description |
|---|---|
java.lang.String |
CsrfTokenGenerator.get(WebContext context)
Get the CSRF token from the session or create it if it doesn't exist.
|
java.lang.String |
DefaultCsrfTokenGenerator.get(WebContext context) |
protected java.lang.String |
DefaultCsrfTokenGenerator.getTokenFromSession(WebContext context) |
boolean |
CsrfTokenGeneratorAuthorizer.isAuthorized(WebContext context,
java.util.List<CommonProfile> profiles) |
boolean |
CsrfAuthorizer.isAuthorized(WebContext context,
java.util.List<CommonProfile> profiles) |
| Modifier and Type | Method and Description |
|---|---|
protected boolean |
DefaultAuthorizationChecker.isAuthorized(WebContext context,
java.util.List<CommonProfile> profiles,
java.util.List<Authorizer> authorizers) |
boolean |
AuthorizationChecker.isAuthorized(WebContext context,
java.util.List<CommonProfile> profiles,
java.lang.String authorizerNames,
java.util.Map<java.lang.String,Authorizer> authorizersMap)
Check whether the user is authorized.
|
boolean |
DefaultAuthorizationChecker.isAuthorized(WebContext context,
java.util.List<CommonProfile> profiles,
java.lang.String authorizerNames,
java.util.Map<java.lang.String,Authorizer> authorizersMap) |
| Modifier and Type | Method and Description |
|---|---|
U |
SpringSecurityPropertiesAuthorizationGenerator.generate(WebContext context,
U profile) |
U |
AuthorizationGenerator.generate(WebContext context,
U profile)
Generate the authorization information from and for the user profile.
|
U |
LoadLinkedUserAuthorizationGenerator.generate(WebContext context,
U profile) |
U |
FromAttributesAuthorizationGenerator.generate(WebContext context,
U profile) |
U |
DefaultRolesPermissionsAuthorizationGenerator.generate(WebContext context,
U profile) |
| Modifier and Type | Method and Description |
|---|---|
java.lang.String |
IndirectClient.computeFinalCallbackUrl(WebContext context) |
C |
IndirectClient.getCredentials(WebContext context)
Get the credentials from the web context.
|
C |
DirectClient.getCredentials(WebContext context) |
C |
Client.getCredentials(WebContext context)
Get the credentials from the web context.
|
RedirectAction |
IndirectClient.getLogoutAction(WebContext context,
U currentProfile,
java.lang.String targetUrl) |
RedirectAction |
DirectClient.getLogoutAction(WebContext context,
U currentProfile,
java.lang.String targetUrl) |
RedirectAction |
Client.getLogoutAction(WebContext context,
U currentProfile,
java.lang.String targetUrl)
Return the logout action (indirect clients).
|
RedirectAction |
IndirectClient.getRedirectAction(WebContext context)
Get the redirectAction computed for this client.
|
U |
BaseClient.getUserProfile(C credentials,
WebContext context) |
U |
Client.getUserProfile(C credentials,
WebContext context)
Get the user profile based on the provided credentials.
|
void |
BaseClient.notifySessionRenewal(java.lang.String oldSessionId,
WebContext context)
Notify of the web session renewal.
|
HttpAction |
IndirectClient.redirect(WebContext context) |
HttpAction |
DirectClient.redirect(WebContext context) |
HttpAction |
Client.redirect(WebContext context)
Redirect to the authentication provider for an indirect client.
|
protected C |
BaseClient.retrieveCredentials(WebContext context)
Retrieve the credentials.
|
protected U |
BaseClient.retrieveUserProfile(C credentials,
WebContext context)
Retrieve a user userprofile.
|
| Modifier and Type | Method and Description |
|---|---|
java.util.List<Client> |
DefaultSecurityClientFinder.find(Clients clients,
WebContext context,
java.lang.String clientNames) |
java.util.List<Client> |
ClientFinder.find(Clients clients,
WebContext context,
java.lang.String clientNames) |
java.util.List<Client> |
DefaultCallbackClientFinder.find(Clients clients,
WebContext context,
java.lang.String clientNames) |
| Modifier and Type | Field and Description |
|---|---|
protected java.util.function.Function<WebContext,ProfileManager> |
Config.profileManagerFactory |
| Modifier and Type | Method and Description |
|---|---|
java.util.function.Function<WebContext,ProfileManager> |
Config.getProfileManagerFactory() |
| Modifier and Type | Method and Description |
|---|---|
void |
Config.setProfileManagerFactory(java.util.function.Function<WebContext,ProfileManager> profileManagerFactory) |
| Modifier and Type | Class and Description |
|---|---|
class |
J2EContext
This implementation uses the J2E
HttpServletRequest and HttpServletResponse. |
| Modifier and Type | Method and Description |
|---|---|
static Cookie |
ContextHelper.getCookie(WebContext context,
java.lang.String name)
Get a specific cookie by its name.
|
static boolean |
ContextHelper.isGet(WebContext context)
Whether it is a GET request.
|
static boolean |
ContextHelper.isHttp(WebContext context)
Whether the request is HTTP.
|
static boolean |
ContextHelper.isHttps(WebContext context)
Whether the request is HTTPS.
|
static boolean |
ContextHelper.isHttpsOrSecure(WebContext context)
Whether the request is HTTPS or secure.
|
static boolean |
ContextHelper.isPost(WebContext context)
Whether it is a POST request.
|
| Modifier and Type | Interface and Description |
|---|---|
interface |
SessionStore<C extends WebContext>
To store data in session.
|
| Modifier and Type | Method and Description |
|---|---|
void |
Authenticator.validate(C credentials,
WebContext context)
Validate the credentials.
|
void |
LocalCachingAuthenticator.validate(T credentials,
WebContext context) |
| Modifier and Type | Method and Description |
|---|---|
UsernamePasswordCredentials |
BasicAuthExtractor.extract(WebContext context) |
C |
CredentialsExtractor.extract(WebContext context)
Extract the right credentials.
|
TokenCredentials |
BearerAuthExtractor.extract(WebContext context) |
TokenCredentials |
HeaderExtractor.extract(WebContext context) |
UsernamePasswordCredentials |
FormExtractor.extract(WebContext context) |
TokenCredentials |
ParameterExtractor.extract(WebContext context) |
| Modifier and Type | Class and Description |
|---|---|
class |
AbstractExceptionAwareLogic<R,C extends WebContext>
Abstract logic to handle exceptions:
if it's a
HttpAction, the HTTP action (which has already been performed on the web context) is "adapted"
else if an AbstractExceptionAwareLogic.errorUrl is defined, the user is redirected to this error URL
otherwise the exception is thrown again
|
interface |
CallbackLogic<R,C extends WebContext>
Callback logic to finish the login process for an indirect client.
|
class |
DefaultCallbackLogic<R,C extends WebContext>
Default callback logic:
The credentials are extracted from the current request to fetch the user profile (from the identity provider) which is then saved in
the web session.
|
class |
DefaultLogoutLogic<R,C extends WebContext>
Default logout logic:
If the
localLogout property is true, the pac4j profiles are removed from the web session
(and the web session is destroyed if the destroySession property is true). |
class |
DefaultSecurityLogic<R,C extends WebContext>
Default security logic:
If the HTTP request matches the
matchers configuration (or no matchers are defined),
the security is applied. |
interface |
LogoutLogic<R,C extends WebContext>
Logout logic for the application and the identity provider.
|
interface |
SecurityGrantedAccessAdapter<R,C extends WebContext>
Success adapter.
|
interface |
SecurityLogic<R,C extends WebContext>
Security logic to protect an url.
|
| Modifier and Type | Class and Description |
|---|---|
class |
AlwaysUseSessionProfileStorageDecision<C extends WebContext>
A decision class where the session is always used, generally when indirect and direct clients are mixed in the same web application.
|
class |
DefaultProfileStorageDecision<C extends WebContext>
Default decision class where the indirect clients are handled separately from the direct clients.
|
interface |
ProfileStorageDecision<C extends WebContext>
Defines the decisions related to load/save the profile(s) from/into the session store.
|
| Modifier and Type | Method and Description |
|---|---|
static HttpAction |
HttpAction.forbidden(WebContext context)
Build a forbidden response.
|
static HttpAction |
HttpAction.noContent(WebContext context)
Build an HTTP No content.
|
static HttpAction |
HttpAction.ok(WebContext context,
java.lang.String content)
Build an HTTP Ok.
|
static HttpAction |
HttpAction.redirect(WebContext context,
java.lang.String url)
Build a redirection.
|
static HttpAction |
HttpAction.status(int status,
WebContext context)
Build a response with status.
|
static HttpAction |
HttpAction.unauthorized(WebContext context)
Build a basic auth popup credentials.
|
| Modifier and Type | Interface and Description |
|---|---|
interface |
HttpActionAdapter<R,C extends WebContext>
HTTP action adapter.
|
| Modifier and Type | Method and Description |
|---|---|
RedirectAction |
DefaultAjaxRequestResolver.buildAjaxResponse(java.lang.String url,
WebContext context) |
RedirectAction |
AjaxRequestResolver.buildAjaxResponse(java.lang.String url,
WebContext context)
Build an AJAX reponse.
|
boolean |
DefaultAjaxRequestResolver.isAjax(WebContext context) |
boolean |
AjaxRequestResolver.isAjax(WebContext context)
Whether it is an AJAX request.
|
| Modifier and Type | Method and Description |
|---|---|
java.lang.String |
PathParameterCallbackUrlResolver.compute(UrlResolver urlResolver,
java.lang.String url,
java.lang.String clientName,
WebContext context) |
java.lang.String |
NoParameterCallbackUrlResolver.compute(UrlResolver urlResolver,
java.lang.String url,
java.lang.String clientName,
WebContext context) |
java.lang.String |
CallbackUrlResolver.compute(UrlResolver urlResolver,
java.lang.String url,
java.lang.String clientName,
WebContext context)
Compute a callback URL from the provided URL resolver, URL, client name and web context.
|
java.lang.String |
QueryParameterCallbackUrlResolver.compute(UrlResolver urlResolver,
java.lang.String url,
java.lang.String clientName,
WebContext context) |
boolean |
PathParameterCallbackUrlResolver.matches(java.lang.String clientName,
WebContext context) |
boolean |
NoParameterCallbackUrlResolver.matches(java.lang.String clientName,
WebContext context) |
boolean |
CallbackUrlResolver.matches(java.lang.String clientName,
WebContext context)
Whether the current context matches the client name.
|
boolean |
QueryParameterCallbackUrlResolver.matches(java.lang.String clientName,
WebContext context) |
| Modifier and Type | Method and Description |
|---|---|
java.lang.String |
UrlResolver.compute(java.lang.String url,
WebContext context)
Compute a new URL from the provided URL and the web context.
|
java.lang.String |
DefaultUrlResolver.compute(java.lang.String url,
WebContext context) |
| Modifier and Type | Method and Description |
|---|---|
RedirectAction |
GoogleLogoutActionBuilder.getLogoutAction(WebContext context,
U currentProfile,
java.lang.String targetUrl) |
RedirectAction |
CasLogoutActionBuilder.getLogoutAction(WebContext context,
U currentProfile,
java.lang.String targetUrl) |
RedirectAction |
LogoutActionBuilder.getLogoutAction(WebContext context,
U currentProfile,
java.lang.String targetUrl)
Return the
RedirectAction for logout. |
RedirectAction |
NoLogoutActionBuilder.getLogoutAction(WebContext context,
U currentProfile,
java.lang.String targetUrl) |
| Modifier and Type | Class and Description |
|---|---|
class |
DefaultLogoutHandler<C extends WebContext>
Default logout handler.
|
interface |
LogoutHandler<C extends WebContext>
This interface defines how to handle logout requests on client side.
|
| Modifier and Type | Method and Description |
|---|---|
boolean |
HeaderMatcher.matches(WebContext context) |
boolean |
HttpMethodMatcher.matches(WebContext context) |
boolean |
Matcher.matches(WebContext context)
Check if the web context matches.
|
boolean |
PathMatcher.matches(WebContext context) |
boolean |
MatchingChecker.matches(WebContext context,
java.lang.String matcherNames,
java.util.Map<java.lang.String,Matcher> matchersMap)
Check if the web context matches.
|
boolean |
RequireAllMatchersChecker.matches(WebContext context,
java.lang.String matcherNames,
java.util.Map<java.lang.String,Matcher> matchersMap) |
| Modifier and Type | Class and Description |
|---|---|
class |
ProfileManagerFactoryAware<C extends WebContext>
For classes that can set the profile manager factory.
|
| Modifier and Type | Field and Description |
|---|---|
protected WebContext |
ProfileManager.context |
| Constructor and Description |
|---|
ProfileManager(WebContext context) |
ProfileManager(WebContext context,
SessionStore sessionStore) |
| Modifier and Type | Method and Description |
|---|---|
P |
AuthenticatorProfileCreator.create(C credentials,
WebContext context) |
U |
ProfileCreator.create(C credentials,
WebContext context)
Create a profile from a credentials.
|
| Modifier and Type | Method and Description |
|---|---|
void |
AbstractProfileService.validate(UsernamePasswordCredentials credentials,
WebContext context) |
| Modifier and Type | Method and Description |
|---|---|
HttpAction |
RedirectAction.perform(WebContext context)
Perform a
RedirectAction on the web context. |
RedirectAction |
RedirectActionBuilder.redirect(WebContext context)
Return a redirect action for the web context.
|
| Modifier and Type | Method and Description |
|---|---|
java.lang.String |
StaticOrRandomStateGenerator.generateState(WebContext webContext) |
java.lang.String |
StateGenerator.generateState(WebContext webContext) |
Copyright © 2019. All Rights Reserved.