org.pac4j.core.engine

Class DefaultSecurityLogic<R,C extends WebContext>

java.lang.Object

org.pac4j.core.profile.ProfileManagerFactoryAware<C>

org.pac4j.core.engine.AbstractExceptionAwareLogic<R,C>

org.pac4j.core.engine.DefaultSecurityLogic<R,C>

All Implemented Interfaces:

SecurityLogic<R,C>

public class DefaultSecurityLogic<R,C extends WebContext>
extends AbstractExceptionAwareLogic<R,C>
implements SecurityLogic<R,C>

Default security logic:

If the HTTP request matches the matchers configuration (or no matchers are defined), the security is applied. Otherwise, the user is automatically granted access.

First, if the user is not authenticated (no profile) and if some clients have been defined in the clients parameter, a login is tried for the direct clients.

Then, if the user has profile, authorizations are checked according to the authorizers configuration. If the authorizations are valid, the user is granted access. Otherwise, a 403 error page is displayed.

Finally, if the user is still not authenticated (no profile), he is redirected to the appropriate identity provider if the first defined client is an indirect one in the clients configuration. Otherwise, a 401 error page is displayed.

Since:

1.9.0

Author:

Jerome Leleu

Field Summary

Fields inherited from class org.pac4j.core.engine.AbstractExceptionAwareLogic

logger

Constructor Summary

Constructors

Constructor and Description
DefaultSecurityLogic()

Method Summary

Modifier and Type	Method and Description
protected HttpAction	forbidden(C context, java.util.List<Client> currentClients, java.util.List<CommonProfile> profiles, java.lang.String authorizers) Return a forbidden error.
AjaxRequestResolver	getAjaxRequestResolver()
AuthorizationChecker	getAuthorizationChecker()
ClientFinder	getClientFinder()
MatchingChecker	getMatchingChecker()
ProfileStorageDecision	getProfileStorageDecision()
R	perform(C context, Config config, SecurityGrantedAccessAdapter<R,C> securityGrantedAccessAdapter, HttpActionAdapter<R,C> httpActionAdapter, java.lang.String clients, java.lang.String authorizers, java.lang.String matchers, java.lang.Boolean inputMultiProfile, java.lang.Object... parameters) Perform the security logic.
protected HttpAction	redirectToIdentityProvider(C context, java.util.List<Client> currentClients) Perform a redirection to start the login process of the first indirect client.
protected void	saveRequestedUrl(C context, java.util.List<Client> currentClients) Save the requested url.
void	setAjaxRequestResolver(AjaxRequestResolver ajaxRequestResolver)
void	setAuthorizationChecker(AuthorizationChecker authorizationChecker)
void	setClientFinder(ClientFinder clientFinder)
void	setMatchingChecker(MatchingChecker matchingChecker)
void	setProfileStorageDecision(ProfileStorageDecision profileStorageDecision)
protected boolean	startAuthentication(C context, java.util.List<Client> currentClients) Return whether we must start a login process if the first client is an indirect one.
java.lang.String	toString()
protected HttpAction	unauthorized(C context, java.util.List<Client> currentClients) Return an unauthorized error.

Methods inherited from class org.pac4j.core.engine.AbstractExceptionAwareLogic

getErrorUrl, handleException, runtimeException, setErrorUrl

Methods inherited from class org.pac4j.core.profile.ProfileManagerFactoryAware

getProfileManager, getProfileManagerFactory, setProfileManagerFactory

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

DefaultSecurityLogic

public DefaultSecurityLogic()

Method Detail

perform

public R perform(C context,
                 Config config,
                 SecurityGrantedAccessAdapter<R,C> securityGrantedAccessAdapter,
                 HttpActionAdapter<R,C> httpActionAdapter,
                 java.lang.String clients,
                 java.lang.String authorizers,
                 java.lang.String matchers,
                 java.lang.Boolean inputMultiProfile,
                 java.lang.Object... parameters)

Description copied from interface: SecurityLogic

Perform the security logic.

Specified by:

perform in interface SecurityLogic<R,C extends WebContext>

Parameters:

context - the web context

config - the configuration

securityGrantedAccessAdapter - the success adapter

httpActionAdapter - the HTTP action adapter

clients - the defined clients

authorizers - the defined authorizers

matchers - the defined matchers

inputMultiProfile - whether multi profiles are supported

parameters - additional parameters

Returns:

the resulting action of the security

forbidden

protected HttpAction forbidden(C context,
                               java.util.List<Client> currentClients,
                               java.util.List<CommonProfile> profiles,
                               java.lang.String authorizers)

Return a forbidden error.

Parameters:

context - the web context

currentClients - the current clients

profiles - the current profiles

authorizers - the authorizers

Returns:

a forbidden error

startAuthentication

protected boolean startAuthentication(C context,
                                      java.util.List<Client> currentClients)

Return whether we must start a login process if the first client is an indirect one.

Parameters:

context - the web context

currentClients - the current clients

Returns:

whether we must start a login process

saveRequestedUrl

protected void saveRequestedUrl(C context,
                                java.util.List<Client> currentClients)

Save the requested url.

Parameters:

context - the web context

currentClients - the current clients

redirectToIdentityProvider

protected HttpAction redirectToIdentityProvider(C context,
                                                java.util.List<Client> currentClients)

Perform a redirection to start the login process of the first indirect client.

Parameters:

context - the web context

currentClients - the current clients

Returns:

the performed redirection

unauthorized

protected HttpAction unauthorized(C context,
                                  java.util.List<Client> currentClients)

Return an unauthorized error.

Parameters:

context - the web context

currentClients - the current clients

Returns:

an unauthorized error

getClientFinder

public ClientFinder getClientFinder()

setClientFinder

public void setClientFinder(ClientFinder clientFinder)

getAuthorizationChecker

public AuthorizationChecker getAuthorizationChecker()

setAuthorizationChecker

public void setAuthorizationChecker(AuthorizationChecker authorizationChecker)

getMatchingChecker

public MatchingChecker getMatchingChecker()

setMatchingChecker

public void setMatchingChecker(MatchingChecker matchingChecker)

getProfileStorageDecision

public ProfileStorageDecision getProfileStorageDecision()

setProfileStorageDecision

public void setProfileStorageDecision(ProfileStorageDecision profileStorageDecision)

getAjaxRequestResolver

public AjaxRequestResolver getAjaxRequestResolver()

setAjaxRequestResolver

public void setAjaxRequestResolver(AjaxRequestResolver ajaxRequestResolver)

toString

public java.lang.String toString()

Overrides:

toString in class java.lang.Object