Security configuration: (v5.7)
The security configuration must be defined via a Config object.
1) The basics
It gathers the required:
- Clients (authentication mechanisms)
- Authenticators (credentials validation)
- Authorizers (authorization checks)
- Matchers
Example:
FacebookClient facebookClient = new FacebookClient("145278422258960", "be21409ba8f39b5dae2a7de525484da8");
TwitterClient twitterClient = new TwitterClient("CoxUiYwQOSFDReZYdjigBA", "2kAzunH5Btc4gRSaMr7D7MkyoJ5u1VzbOOzE8rBofs");
Config config = new Config("http://localhost:8080/callback", facebookClient, twitterClient);
config.addAuthorizer("admin", new RequireAnyRoleAuthorizer("ROLE_ADMIN"));
config.addAuthorizer("custom", new CustomAuthorizer());
config.addMatcher("excludedPath", new ExcludedPathMatcher("^/facebook/notprotected\\.jsp$"));
http://localhost:8080/callback is the URL of the callback endpoint, which is only necessary for indirect clients and can be removed for web services:
ParameterClient parameterClient = new ParameterClient("token", new JwtAuthenticator(salt));
Config config = new Config(parameterClient);
2) Clients
You can also use an intermediate Clients object to build the Config one.
Example:
Clients clients = new Clients("http://localhost:8080/callback", facebookClient, twitterClient, parameterClient);
Config config = new Config(clients);
In that case, you can define for all the clients:
- the same callback URL,
UrlResolverandCallbackUrlResolver:clients.setCallbackUrl(callbackUrl),clients.setUrlResolver(urlResolver)andclients.setCallbackUrlResolver(callbackUrlResolver) - the same
AjaxRequestResolver:clients.setAjaxRequestResolver(ajaxRequestResolver) - the same
AuthorizationGenerator:clients.addAuthorizationGenerator(authorizationGenerator)
3) Advanced
You can define at the Config level a few components that will be used by the security filter and callback/logout endpoints:
config.setProfileManagerFactory(x)to build a specificProfileManagerfrom theWebContextconfig.setSessionStore(x)to set a specificSessionStoreconfig.setHttpActionAdapter(x)to set a specificHttpActionAdapterconfig.setSecurityLogic(x)to set a specificSecurityLogicconfig.setCallbackLogic(x)to set a specificCallbackLogicconfig.setLogoutLogic(x)to set a specificLogoutLogicconfig.setWebContextFactory(x)to set a specificWebContextFactory.