Fork me on GitHub

Security configuration: (v5.4)

The security configuration must be defined via a Config object.

1) The basics

It gathers the required:

Example:

FacebookClient facebookClient = new FacebookClient("145278422258960", "be21409ba8f39b5dae2a7de525484da8");
TwitterClient twitterClient = new TwitterClient("CoxUiYwQOSFDReZYdjigBA", "2kAzunH5Btc4gRSaMr7D7MkyoJ5u1VzbOOzE8rBofs");

Config config = new Config("http://localhost:8080/callback", facebookClient, twitterClient);

config.addAuthorizer("admin", new RequireAnyRoleAuthorizer("ROLE_ADMIN"));
config.addAuthorizer("custom", new CustomAuthorizer());

config.addMatcher("excludedPath", new ExcludedPathMatcher("^/facebook/notprotected\\.jsp$"));

http://localhost:8080/callback is the URL of the callback endpoint, which is only necessary for indirect clients and can be removed for web services:

ParameterClient parameterClient = new ParameterClient("token", new JwtAuthenticator(salt));

Config config = new Config(parameterClient);

2) Clients

You can also use an intermediate Clients object to build the Config one.

Example:

Clients clients = new Clients("http://localhost:8080/callback", facebookClient, twitterClient, parameterClient);

Config config = new Config(clients);

In that case, you can define for all the clients:

3) Advanced

You can define at the Config level a few components that will be used by the security filter and callback/logout endpoints: