org.pac4j.core.engine.DefaultSecurityLogic Java Examples

The following examples show how to use org.pac4j.core.engine.DefaultSecurityLogic. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SecurityFilter.java    From jee-pac4j with Apache License 2.0 6 votes vote down vote up 
@Override
protected final void internalFilter(final HttpServletRequest request, final HttpServletResponse response,
                                    final FilterChain filterChain) throws IOException, ServletException {

    final Config config = getSharedConfig();

    final SessionStore<JEEContext> bestSessionStore = FindBest.sessionStore(null, config, JEESessionStore.INSTANCE);
    final HttpActionAdapter<Object, JEEContext> bestAdapter = FindBest.httpActionAdapter(null, config, JEEHttpActionAdapter.INSTANCE);
    final SecurityLogic<Object, JEEContext> bestLogic = FindBest.securityLogic(securityLogic, config, DefaultSecurityLogic.INSTANCE);

    final JEEContext context = new JEEContext(request, response, bestSessionStore);
    bestLogic.perform(context, config, (ctx, profiles, parameters) -> {
        // if no profiles are loaded, pac4j is not concerned with this request
        filterChain.doFilter(profiles.isEmpty() ? request : new Pac4JHttpServletRequestWrapper(request, profiles), response);
        return null;
    }, bestAdapter, clients, authorizers, matchers, multiProfile);
}
Example #2
Source File: SecurityFilter.java    From jax-rs-pac4j with Apache License 2.0 5 votes vote down vote up 
protected SecurityLogic<Object, JaxRsContext> buildLogic(Config config) {
    if (securityLogic != null) {
        return securityLogic;
    } else if (config.getSecurityLogic() != null) {
        return config.getSecurityLogic();
    } else {
        DefaultSecurityLogic<Object, JaxRsContext> logic = new DefaultSecurityLogic<>();
        logic.setProfileManagerFactory(JaxRsProfileManager::new);
        return logic;
    }
}
Example #3
Source File: SecurityInterceptor.java    From spring-webmvc-pac4j with Apache License 2.0 5 votes vote down vote up 
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {

    final SessionStore<JEEContext> bestSessionStore = FindBest.sessionStore(null, config, JEESessionStore.INSTANCE);
    final HttpActionAdapter<Boolean, JEEContext> bestAdapter = FindBest.httpActionAdapter(httpActionAdapter, config, JEEHttpActionAdapter.INSTANCE);
    final SecurityLogic<Boolean, JEEContext> bestLogic = FindBest.securityLogic(securityLogic, config, DefaultSecurityLogic.INSTANCE);

    final JEEContext context = (JEEContext) FindBest.webContextFactory(null, config, JEEContextFactory.INSTANCE)
            .newContext(request, response, bestSessionStore);
    final Object result = bestLogic.perform(context, config, (ctx, profiles, parameters) -> true, bestAdapter, clients, authorizers, matchers, multiProfile);
    if (result == null) {
        return false;
    }
    return Boolean.parseBoolean(result.toString());
}
Example #4
Source File: SecurityHandler.java    From vertx-pac4j with Apache License 2.0 5 votes vote down vote up 
@Override
public void handle(final RoutingContext routingContext) {

    final SecurityLogic<Void, VertxWebContext> bestLogic = FindBest.securityLogic(null, config, DefaultSecurityLogic.INSTANCE);
    final HttpActionAdapter<Void, VertxWebContext> bestAdapter = FindBest.httpActionAdapter(null, config, VertxHttpActionAdapter.INSTANCE);

    final VertxWebContext webContext = new VertxWebContext(routingContext, sessionStore);

    vertx.executeBlocking(future -> bestLogic.perform(webContext, config,
        (ctx, profiles, parameters) -> {
            // This is what should occur if we are authenticated and authorized to view the requested
            // resource
            future.complete();
            return null;
        },
        bestAdapter,
        clientNames,
        authorizerName,
        matcherName,
        multiProfile),
    asyncResult -> {
        // If we succeeded we're all good here, the job is done either through approving, or redirect, or
        // forbidding
        // However, if an error occurred we need to handle this here
        if (asyncResult.failed()) {
            unexpectedFailure(routingContext, asyncResult.cause());
        } else {
            LOG.info("Authorised to view resource " + routingContext.request().path());
            routingContext.next();
        }
    });

}