org.pac4j.vertx.handlers

Class RequiresAuthenticationHandler

java.lang.Object

org.pac4j.vertx.handlers.SessionAwareHandler

org.pac4j.vertx.handlers.RequiresAuthenticationHandler

All Implemented Interfaces:

org.vertx.java.core.Handler<org.vertx.java.core.http.HttpServerRequest>

Direct Known Subclasses:

CallbackHandler

public class RequiresAuthenticationHandler
extends SessionAwareHandler

Wrapper handler acting as a security barrier. If the user is authenticated, the next handler in the chain is called. Otherwise the user is redirected to the pac4j client security provider if stateful or an unauthorized response is sent if stateless.

The pac4j client to use is selected with the clientName attributes.

Since:

1.0.0

Author:

Michael Remond

Field Summary

Fields inherited from class org.pac4j.vertx.handlers.SessionAwareHandler

sessionHelper

Constructor Summary

Constructors

Constructor and Description
RequiresAuthenticationHandler(String clientName, boolean isAjax, org.vertx.java.core.Handler<org.vertx.java.core.http.HttpServerRequest> delegate, Pac4jHelper pac4jHelper, SessionHelper sessionHelper)
RequiresAuthenticationHandler(String clientName, org.vertx.java.core.Handler<org.vertx.java.core.http.HttpServerRequest> delegate, Pac4jHelper pac4jHelper, boolean stateless)
RequiresAuthenticationHandler(String clientName, org.vertx.java.core.Handler<org.vertx.java.core.http.HttpServerRequest> delegate, Pac4jHelper pac4jHelper, SessionHelper sessionHelper)

Method Summary

Modifier and Type	Method and Description
protected void	authenticate(org.vertx.java.core.http.HttpServerRequest req, String sessionId, org.vertx.java.core.json.JsonObject sessionAttributes, org.vertx.java.core.Handler<org.vertx.java.core.eventbus.Message<org.vertx.java.core.json.JsonObject>> handler) Authenticates the given request.
protected void	authenticationFailure(org.vertx.java.core.http.HttpServerRequest req, String sessionId, org.vertx.java.core.json.JsonObject sessionAttributes) Default authentication failure strategy; save the original url in session and redirects to the Identity Provider if stateful.
protected void	authenticationSuccess(AuthHttpServerRequest req, String sessionId, org.vertx.java.core.json.JsonObject sessionAttributes) Default authentication success strategy; forwards the request to the next handler if the user has a granted access, sends a 403 forbidden response otherwise.
protected void	doHandle(org.vertx.java.core.http.HttpServerRequest req, String sessionId, org.vertx.java.core.json.JsonObject sessionAttributes)
String	getRequireAllRoles()
String	getRequireAnyRole()
protected boolean	hasAccess(org.pac4j.core.profile.UserProfile profile, org.vertx.java.core.http.HttpServerRequest req) Default access strategy based on the hasAccess method from the UserProfile.
protected boolean	isAjaxRequest(org.vertx.java.core.http.HttpServerRequest req) Is the current request an Ajax request.
protected void	redirectToIdentityProvider(org.vertx.java.core.http.HttpServerRequest req, String sessionId, org.vertx.java.core.json.JsonObject sessionAttributes) Redirects to the configured Identity Provider.
protected String	retrieveOriginalUrl(org.vertx.java.core.http.HttpServerRequest req, org.vertx.java.core.json.JsonObject sessionAttributes)
protected void	retrieveUserProfile(org.vertx.java.core.http.HttpServerRequest req, String sessionId, org.vertx.java.core.json.JsonObject sessionAttributes, org.vertx.java.core.Handler<org.vertx.java.core.eventbus.Message<org.vertx.java.core.json.JsonObject>> handler) Returns the User Profile from the session if stateful or from the credentials if stateless.
protected void	saveOriginalUrl(org.vertx.java.core.http.HttpServerRequest req, org.vertx.java.core.json.JsonObject sessionAttributes) Save the original url in session if the request is not Ajax.
protected void	saveUrl(String requestedUrlToSave, org.vertx.java.core.json.JsonObject sessionAttributes)
protected AuthHttpServerRequest	saveUserProfile(Object profile, org.vertx.java.core.http.HttpServerRequest req, org.vertx.java.core.json.JsonObject sessionAttributes) Save User Profile in session if stateful.
void	setRequireAllRoles(String requireAllRoles)
void	setRequireAnyRole(String requireAnyRole)

Methods inherited from class org.pac4j.vertx.handlers.SessionAwareHandler

handle, isStateless, saveSessionAttributes

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RequiresAuthenticationHandler

public RequiresAuthenticationHandler(String clientName,
                                     org.vertx.java.core.Handler<org.vertx.java.core.http.HttpServerRequest> delegate,
                                     Pac4jHelper pac4jHelper,
                                     SessionHelper sessionHelper)

RequiresAuthenticationHandler

public RequiresAuthenticationHandler(String clientName,
                                     boolean isAjax,
                                     org.vertx.java.core.Handler<org.vertx.java.core.http.HttpServerRequest> delegate,
                                     Pac4jHelper pac4jHelper,
                                     SessionHelper sessionHelper)

RequiresAuthenticationHandler

public RequiresAuthenticationHandler(String clientName,
                                     org.vertx.java.core.Handler<org.vertx.java.core.http.HttpServerRequest> delegate,
                                     Pac4jHelper pac4jHelper,
                                     boolean stateless)

Method Detail

doHandle

protected void doHandle(org.vertx.java.core.http.HttpServerRequest req,
                        String sessionId,
                        org.vertx.java.core.json.JsonObject sessionAttributes)

Specified by:

doHandle in class SessionAwareHandler

retrieveUserProfile

protected void retrieveUserProfile(org.vertx.java.core.http.HttpServerRequest req,
                                   String sessionId,
                                   org.vertx.java.core.json.JsonObject sessionAttributes,
                                   org.vertx.java.core.Handler<org.vertx.java.core.eventbus.Message<org.vertx.java.core.json.JsonObject>> handler)

Returns the User Profile from the session if stateful or from the credentials if stateless.

Parameters:

req - the HTTP request

sessionId - the session identifier

sessionAttributes - the session attributes

handler - the handler

authenticate

protected void authenticate(org.vertx.java.core.http.HttpServerRequest req,
                            String sessionId,
                            org.vertx.java.core.json.JsonObject sessionAttributes,
                            org.vertx.java.core.Handler<org.vertx.java.core.eventbus.Message<org.vertx.java.core.json.JsonObject>> handler)

Authenticates the given request.

Parameters:

req - the HTTP request

sessionId - the session identifier

sessionAttributes - the session attributes

handler - the handler

authenticationSuccess

protected void authenticationSuccess(AuthHttpServerRequest req,
                                     String sessionId,
                                     org.vertx.java.core.json.JsonObject sessionAttributes)

Default authentication success strategy; forwards the request to the next handler if the user has a granted access, sends a 403 forbidden response otherwise.

Parameters:

req - the HTTP request

sessionId - the session identifier

sessionAttributes - the session attributes

authenticationFailure

protected void authenticationFailure(org.vertx.java.core.http.HttpServerRequest req,
                                     String sessionId,
                                     org.vertx.java.core.json.JsonObject sessionAttributes)

Default authentication failure strategy; save the original url in session and redirects to the Identity Provider if stateful. Sends an unauthorized response if stateless.

Parameters:

req - the HTTP request

sessionId - the session identifier

sessionAttributes - the session attributes

hasAccess

protected boolean hasAccess(org.pac4j.core.profile.UserProfile profile,
                            org.vertx.java.core.http.HttpServerRequest req)

Default access strategy based on the hasAccess method from the UserProfile.

Parameters:

profile - the user profile

req - the HTTP request

Returns:

whether the user has accessed

saveUserProfile

protected AuthHttpServerRequest saveUserProfile(Object profile,
                                                org.vertx.java.core.http.HttpServerRequest req,
                                                org.vertx.java.core.json.JsonObject sessionAttributes)

Save User Profile in session if stateful. Wraps and returns the current HttpServerRequest in an AuthHttpServerRequest.

Parameters:

profile - the user profile

req - the HTTP request

sessionAttributes - the session attributes

Returns:

the authenticated HTTP request

redirectToIdentityProvider

protected void redirectToIdentityProvider(org.vertx.java.core.http.HttpServerRequest req,
                                          String sessionId,
                                          org.vertx.java.core.json.JsonObject sessionAttributes)

Redirects to the configured Identity Provider.

Parameters:

req - the HTTP request

sessionId - the session identifier

sessionAttributes - the session attributes

isAjaxRequest

protected boolean isAjaxRequest(org.vertx.java.core.http.HttpServerRequest req)

Is the current request an Ajax request.

Parameters:

req - the HTTP request

Returns:

whether it is an AJAX call

saveOriginalUrl

protected void saveOriginalUrl(org.vertx.java.core.http.HttpServerRequest req,
                               org.vertx.java.core.json.JsonObject sessionAttributes)

Save the original url in session if the request is not Ajax.

Parameters:

req - the HTTP request

sessionAttributes - the session attributes

saveUrl

protected void saveUrl(String requestedUrlToSave,
                       org.vertx.java.core.json.JsonObject sessionAttributes)

retrieveOriginalUrl

protected String retrieveOriginalUrl(org.vertx.java.core.http.HttpServerRequest req,
                                     org.vertx.java.core.json.JsonObject sessionAttributes)

getRequireAnyRole

public String getRequireAnyRole()

setRequireAnyRole

public void setRequireAnyRole(String requireAnyRole)

getRequireAllRoles

public String getRequireAllRoles()

setRequireAllRoles

public void setRequireAllRoles(String requireAllRoles)