public abstract class IndirectClient<C extends Credentials,U extends CommonProfile> extends BaseClient<C,U>
This class is the default indirect (with redirection, stateful) implementation of an authentication client (whatever the protocol). It has the core concepts:
setCallbackUrl(String)
and getCallbackUrl()
methodsisDirectRedirection()
method: if true, the
redirect(WebContext, boolean)
method will always return the redirection to the provider where as if it's false, the
redirection url will be the callback url with an additional parameter: NEEDS_CLIENT_REDIRECTION_PARAMETER
to require the
redirection, which will be handled later in the getCredentials(WebContext)
method.
To force a direct redirection, the getRedirectAction(WebContext, boolean)
must be used with true
for the
protectedTarget
parametercallbackUrlResolver
which is by default the provided callbackUrl
.Modifier and Type | Field and Description |
---|---|
static String |
ATTEMPTED_AUTHENTICATION_SUFFIX |
protected String |
callbackUrl |
protected CallbackUrlResolver |
callbackUrlResolver |
static String |
NEEDS_CLIENT_REDIRECTION_PARAMETER |
logger
Constructor and Description |
---|
IndirectClient() |
Modifier and Type | Method and Description |
---|---|
String |
computeFinalCallbackUrl(WebContext context) |
AjaxRequestResolver |
getAjaxRequestResolver() |
String |
getCallbackUrl() |
CallbackUrlResolver |
getCallbackUrlResolver() |
C |
getCredentials(WebContext context)
Get the credentials from the web context.
|
RedirectAction |
getRedirectAction(WebContext context,
boolean protectedTarget)
Get the redirectAction computed for this client.
|
String |
getRedirectionUrl(WebContext context)
Return the redirection url to the provider, requested from an anonymous page.
|
protected String |
getStateParameter(WebContext webContext)
Return the state parameter required by some security protocols like SAML or OAuth.
|
protected abstract boolean |
isDirectRedirection()
Define if this client has a direct redirection.
|
boolean |
isIncludeClientNameInCallbackUrl()
Returns if the client name should be implicitly added to the callback url if it is not already specified
|
void |
redirect(WebContext context,
boolean protectedTarget)
Redirect to the authentication provider by updating the WebContext accordingly.
|
protected abstract C |
retrieveCredentials(WebContext context) |
protected abstract RedirectAction |
retrieveRedirectAction(WebContext context) |
void |
setAjaxRequestResolver(AjaxRequestResolver ajaxRequestResolver) |
void |
setCallbackUrl(String callbackUrl) |
void |
setCallbackUrlResolver(CallbackUrlResolver callbackUrlResolver) |
void |
setIncludeClientNameInCallbackUrl(boolean includeClientNameInCallbackUrl)
Sets whether the client name should be implicitly added to the callback url for this client.
|
addAuthorizationGenerator, clone, getAuthorizationGenerators, getClientType, getName, getUserProfile, newClient, retrieveUserProfile, setAuthorizationGenerator, setAuthorizationGenerators, setAuthorizationGenerators, setName, toString
init, internalInit, reinit
public static final String NEEDS_CLIENT_REDIRECTION_PARAMETER
public static final String ATTEMPTED_AUTHENTICATION_SUFFIX
protected String callbackUrl
protected CallbackUrlResolver callbackUrlResolver
protected abstract boolean isDirectRedirection()
public final void redirect(WebContext context, boolean protectedTarget) throws RequiresHttpAction
Redirect to the authentication provider by updating the WebContext accordingly.
Though, if this client requires an indirect redirection, it will return a redirection to the callback url (with an additionnal parameter requesting a
redirection). Whatever the kind of client's redirection, the protectedTarget
parameter set to true
enforces
a direct redirection.
If an authentication has already been tried for this client and has failed (previous null
credentials) and if the target
is protected (protectedTarget
set to true
), a forbidden response (403 HTTP status code) is returned.
If the request is an AJAX one, an authorized response (401 HTTP status code) is returned instead of a redirection.
context
- the current web contextprotectedTarget
- whether the target url is protectedRequiresHttpAction
- whether an additional HTTP action is requiredpublic final RedirectAction getRedirectAction(WebContext context, boolean protectedTarget) throws RequiresHttpAction
redirect(WebContext, boolean)
should be generally called instead.context
- contextprotectedTarget
- requires authenticationRequiresHttpAction
- requires an additional HTTP actionpublic String computeFinalCallbackUrl(WebContext context)
public String getRedirectionUrl(WebContext context)
context
- the current web contextprotected abstract RedirectAction retrieveRedirectAction(WebContext context)
public final C getCredentials(WebContext context) throws RequiresHttpAction
Get the credentials from the web context. In some cases, a RequiresHttpAction
may be thrown instead:
redirect(WebContext, boolean)
one (302 HTTP status code)CasClient
receives a logout request, it returns a 200 HTTP status codeIndirectBasicAuthClient
, if no credentials are sent to the callback url, an unauthorized response (401 HTTP status
code) is returned to request credentials through a popup.context
- the current web contextRequiresHttpAction
- whether an additional HTTP action is requiredprotected abstract C retrieveCredentials(WebContext context) throws RequiresHttpAction
RequiresHttpAction
protected String getStateParameter(WebContext webContext)
webContext
- web contextpublic boolean isIncludeClientNameInCallbackUrl()
public void setIncludeClientNameInCallbackUrl(boolean includeClientNameInCallbackUrl)
includeClientNameInCallbackUrl
- enable inclusion of the client name in the callback url.public void setCallbackUrl(String callbackUrl)
public String getCallbackUrl()
public AjaxRequestResolver getAjaxRequestResolver()
public void setAjaxRequestResolver(AjaxRequestResolver ajaxRequestResolver)
public CallbackUrlResolver getCallbackUrlResolver()
public void setCallbackUrlResolver(CallbackUrlResolver callbackUrlResolver)
Copyright © 2016. All rights reserved.