public abstract class IndirectClient<C extends Credentials,U extends CommonProfile> extends BaseClient<C,U>
This class is the default indirect (with redirection, stateful) implementation of an authentication client (whatever the mechanism).
The callback url is managed via the setCallbackUrl(String)
and getCallbackUrl()
methods. The way the callback url
is finally computed is done by the callbackUrlResolver
which returns by default the provided callbackUrl
.
Modifier and Type | Field and Description |
---|---|
static String |
ATTEMPTED_AUTHENTICATION_SUFFIX |
protected String |
callbackUrl |
protected CallbackUrlResolver |
callbackUrlResolver |
logger
Constructor and Description |
---|
IndirectClient() |
Modifier and Type | Method and Description |
---|---|
String |
computeFinalCallbackUrl(WebContext context) |
AjaxRequestResolver |
getAjaxRequestResolver() |
String |
getCallbackUrl() |
CallbackUrlResolver |
getCallbackUrlResolver() |
C |
getCredentials(WebContext context)
Get the credentials from the web context.
|
RedirectAction |
getRedirectAction(WebContext context)
Get the redirectAction computed for this client.
|
protected String |
getStateParameter(WebContext webContext)
Return the state parameter required by some security protocols like SAML or OAuth.
|
protected void |
internalInit(WebContext context)
Internal initialization of the object.
|
boolean |
isIncludeClientNameInCallbackUrl() |
HttpAction |
redirect(WebContext context)
Redirect to the authentication provider for an indirect client.
|
protected abstract C |
retrieveCredentials(WebContext context)
Retrieve the credentials.
|
protected abstract RedirectAction |
retrieveRedirectAction(WebContext context)
Retrieve the redirect action.
|
void |
setAjaxRequestResolver(AjaxRequestResolver ajaxRequestResolver) |
void |
setCallbackUrl(String callbackUrl) |
void |
setCallbackUrlResolver(CallbackUrlResolver callbackUrlResolver) |
void |
setIncludeClientNameInCallbackUrl(boolean includeClientNameInCallbackUrl) |
addAuthorizationGenerator, getAuthorizationGenerators, getName, getUserProfile, retrieveUserProfile, setAuthorizationGenerator, setAuthorizationGenerators, setAuthorizationGenerators, setName, toString
init, reinit
public static final String ATTEMPTED_AUTHENTICATION_SUFFIX
protected String callbackUrl
protected CallbackUrlResolver callbackUrlResolver
protected void internalInit(WebContext context)
InitializableWebObject
internalInit
in class InitializableWebObject
context
- the web contextpublic final HttpAction redirect(WebContext context) throws HttpAction
Client
Redirect to the authentication provider for an indirect client.
context
- the current web contextHttpAction
- whether an additional HTTP action is requiredpublic final RedirectAction getRedirectAction(WebContext context) throws HttpAction
Get the redirectAction computed for this client. All the logic is encapsulated here. It should not be called be directly, the
redirect(WebContext)
should be generally called instead.
If an authentication has already been tried for this client and has failed (null
credentials) or if the request is an AJAX one,
an authorized response (401 HTTP status code) is returned instead of a redirection.
context
- contextHttpAction
- requires an additional HTTP actionpublic String computeFinalCallbackUrl(WebContext context)
protected abstract RedirectAction retrieveRedirectAction(WebContext context) throws HttpAction
context
- the web contextHttpAction
- requires a specific HTTP action if necessarypublic final C getCredentials(WebContext context) throws HttpAction
Get the credentials from the web context. In some cases, a HttpAction
may be thrown:
CasClient
receives a logout request, it returns a 200 HTTP status codeIndirectBasicAuthClient
, if no credentials are sent to the callback url, an unauthorized response (401 HTTP status
code) is returned to request credentials through a popup.context
- the current web contextHttpAction
- whether an additional HTTP action is requiredprotected abstract C retrieveCredentials(WebContext context) throws HttpAction
context
- the web contextHttpAction
- whether an additional HTTP action is requiredprotected String getStateParameter(WebContext webContext)
webContext
- web contextpublic boolean isIncludeClientNameInCallbackUrl()
public void setIncludeClientNameInCallbackUrl(boolean includeClientNameInCallbackUrl)
public void setCallbackUrl(String callbackUrl)
public String getCallbackUrl()
public AjaxRequestResolver getAjaxRequestResolver()
public void setAjaxRequestResolver(AjaxRequestResolver ajaxRequestResolver)
public CallbackUrlResolver getCallbackUrlResolver()
public void setCallbackUrlResolver(CallbackUrlResolver callbackUrlResolver)
Copyright © 2016. All rights reserved.