public class DefaultSecurityLogic<R,C extends WebContext> extends Object implements SecurityLogic<R,C>
Default security logic:
If the HTTP request matches the matchers
configuration (or no matchers
are defined), the security is applied.
Otherwise, the user is automatically granted access.
First, if the user is not authenticated (no profile) and if some clients have been defined in the clients
parameter,
a login is tried for the direct clients.
Then, if the user has profile, authorizations are checked according to the authorizers
configuration.
If the authorizations are valid, the user is granted access. Otherwise, a 403 error page is displayed.
Finally, if the user is still not authenticated (no profile), he is redirected to the appropriate identity provider
if the first defined client is an indirect one in the clients
configuration. Otherwise, a 401 error page is displayed.
Modifier and Type | Field and Description |
---|---|
protected org.slf4j.Logger |
logger |
Constructor and Description |
---|
DefaultSecurityLogic() |
Modifier and Type | Method and Description |
---|---|
protected HttpAction |
forbidden(C context,
List<Client> currentClients,
List<CommonProfile> profiles,
String authorizers)
Return a forbidden error.
|
AuthorizationChecker |
getAuthorizationChecker() |
ClientFinder |
getClientFinder() |
MatchingChecker |
getMatchingChecker() |
protected ProfileManager |
getProfileManager(C context)
Given a webcontext generate a profileManager for it.
|
boolean |
isSaveProfileInSession() |
protected boolean |
loadProfilesFromSession(C context,
List<Client> currentClients)
Load the profiles from the web context if no clients are defined or if the first client is an indirect one or the
AnonymousClient . |
R |
perform(C context,
Config config,
SecurityGrantedAccessAdapter<R,C> securityGrantedAccessAdapter,
HttpActionAdapter<R,C> httpActionAdapter,
String clients,
String authorizers,
String matchers,
Boolean inputMultiProfile,
Object... parameters)
Perform the security logic.
|
protected HttpAction |
redirectToIdentityProvider(C context,
List<Client> currentClients)
Perform a redirection to start the login process of the first indirect client.
|
protected boolean |
saveProfileInSession(C context,
List<Client> currentClients,
DirectClient directClient,
CommonProfile profile)
Whether we need to save the profile in session after the authentication of direct client(s).
|
protected void |
saveRequestedUrl(C context,
List<Client> currentClients)
Save the requested url.
|
void |
setAuthorizationChecker(AuthorizationChecker authorizationChecker) |
void |
setClientFinder(ClientFinder clientFinder) |
void |
setMatchingChecker(MatchingChecker matchingChecker) |
void |
setSaveProfileInSession(boolean saveProfileInSession) |
protected boolean |
startAuthentication(C context,
List<Client> currentClients)
Return whether we must start a login process if the first client is an indirect one.
|
protected HttpAction |
unauthorized(C context,
List<Client> currentClients)
Return an unauthorized error.
|
public R perform(C context, Config config, SecurityGrantedAccessAdapter<R,C> securityGrantedAccessAdapter, HttpActionAdapter<R,C> httpActionAdapter, String clients, String authorizers, String matchers, Boolean inputMultiProfile, Object... parameters)
SecurityLogic
perform
in interface SecurityLogic<R,C extends WebContext>
context
- the web contextconfig
- the configurationsecurityGrantedAccessAdapter
- the success adapterhttpActionAdapter
- the HTTP action adapterclients
- the defined clientsauthorizers
- the defined authorizersmatchers
- the defined matchersinputMultiProfile
- whether multi profiles are supportedparameters
- additional parametersprotected ProfileManager getProfileManager(C context)
context
- the web contextprotected boolean loadProfilesFromSession(C context, List<Client> currentClients)
AnonymousClient
.context
- the web contextcurrentClients
- the current clientsprotected boolean saveProfileInSession(C context, List<Client> currentClients, DirectClient directClient, CommonProfile profile)
false
by default as direct clients profiles
are not meant to be saved in the web session.context
- the web contextcurrentClients
- the current clientsdirectClient
- the direct clientsprofile
- the retrieved profile after loginprotected HttpAction forbidden(C context, List<Client> currentClients, List<CommonProfile> profiles, String authorizers)
context
- the web contextcurrentClients
- the current clientsprofiles
- the current profilesauthorizers
- the authorizersprotected boolean startAuthentication(C context, List<Client> currentClients)
context
- the web contextcurrentClients
- the current clientsprotected void saveRequestedUrl(C context, List<Client> currentClients) throws HttpAction
context
- the web contextcurrentClients
- the current clientsHttpAction
- whether an additional HTTP action is requiredprotected HttpAction redirectToIdentityProvider(C context, List<Client> currentClients) throws HttpAction
context
- the web contextcurrentClients
- the current clientsHttpAction
- whether an additional HTTP action is requiredprotected HttpAction unauthorized(C context, List<Client> currentClients)
context
- the web contextcurrentClients
- the current clientspublic ClientFinder getClientFinder()
public void setClientFinder(ClientFinder clientFinder)
public AuthorizationChecker getAuthorizationChecker()
public void setAuthorizationChecker(AuthorizationChecker authorizationChecker)
public MatchingChecker getMatchingChecker()
public void setMatchingChecker(MatchingChecker matchingChecker)
public boolean isSaveProfileInSession()
public void setSaveProfileInSession(boolean saveProfileInSession)
Copyright © 2016. All rights reserved.