Fork me on GitHub

Matchers: (v6.0)

1) Definition

pac4j provides a security model and engine (specific behaviours). The “security filter” is in charge of protecting url, requesting authentication and optionally authorization.

In some cases, you may want to bypass this “security filter” and this can be done using the matchers parameter which is generally a list of matcher names. A matcher is generally defined in the security configuration.

2) Available matchers

A matcher can be defined by implementing the Matcher interface. It has only one method: boolean matches(WebContext context) to say if the “security filter” must be applied.

A few matchers are available (but you can of course develop yours):

3) Default matchers

In the RequireAllMatchersChecker class used by the DefaultSecurityLogic class, the get, post, put and delete matchers based on the HttpMethodMatcher are automatically defined if they do not exist.