Security configuration: (v6.0)
The security configuration must be defined via a Config
object.
1) The basics
It gathers the required:
- Clients (authentication mechanisms)
- Authenticators (credentials validation)
- Authorizers (authorization checks)
- Matchers
Example:
FacebookClient facebookClient = new FacebookClient("145278422258960", "be21409ba8f39b5dae2a7de525484da8");
TwitterClient twitterClient = new TwitterClient("CoxUiYwQOSFDReZYdjigBA", "2kAzunH5Btc4gRSaMr7D7MkyoJ5u1VzbOOzE8rBofs");
Config config = new Config("http://localhost:8080/callback", facebookClient, twitterClient);
config.addAuthorizer("admin", new RequireAnyRoleAuthorizer("ROLE_ADMIN"));
config.addAuthorizer("custom", new CustomAuthorizer());
config.addMatcher("excludedPath", new ExcludedPathMatcher("^/facebook/notprotected\\.jsp$"));
http://localhost:8080/callback
is the URL of the callback endpoint, which is only necessary for indirect clients and can be removed for web services:
ParameterClient parameterClient = new ParameterClient("token", new JwtAuthenticator(salt));
Config config = new Config(parameterClient);
2) Clients
You can also use an intermediate Clients
object to build the Config
one.
Example:
Clients clients = new Clients("http://localhost:8080/callback", facebookClient, twitterClient, parameterClient);
Config config = new Config(clients);
In that case, you can define for all the clients:
- the same callback URL,
UrlResolver
andCallbackUrlResolver
:clients.setCallbackUrl(callbackUrl)
,clients.setUrlResolver(urlResolver)
andclients.setCallbackUrlResolver(callbackUrlResolver)
- the same
AjaxRequestResolver
:clients.setAjaxRequestResolver(ajaxRequestResolver)
- the same
AuthorizationGenerator
:clients.addAuthorizationGenerator(authorizationGenerator)
3) Advanced
You can define at the Config
level a few components that will be used by the security filter and callback/logout endpoints:
config.setProfileManagerFactory(x)
to build a specificProfileManager
from theWebContext
config.setSessionStoreFactory(x)
to set a specificSessionStore
config.setHttpActionAdapter(x)
to set a specificHttpActionAdapter
config.setSecurityLogic(x)
to set a specificSecurityLogic
config.setCallbackLogic(x)
to set a specificCallbackLogic
config.setLogoutLogic(x)
to set a specificLogoutLogic
config.setWebContextFactory(x)
to set a specificWebContextFactory
config.setSessionLogoutHandler
to set a specificSessionLogoutHandler
(instead of theDefaultSessionLogoutHandler
by default).