| Modifier and Type | Method and Description |
|---|---|
protected boolean |
CheckHttpMethodAuthorizer.check(WebContext context,
CommonProfile profile,
HttpConstants.HTTP_METHOD element) |
protected boolean |
CheckProfileTypeAuthorizer.check(WebContext context,
U profile,
java.lang.Class<U> element) |
protected abstract boolean |
AbstractRequireElementAuthorizer.check(WebContext context,
U profile,
E element)
Check a specific element.
|
protected boolean |
RequireAnyRoleAuthorizer.check(WebContext context,
U profile,
java.lang.String element) |
protected boolean |
RequireAnyPermissionAuthorizer.check(WebContext context,
U profile,
java.lang.String element) |
protected boolean |
RequireAllRolesAuthorizer.check(WebContext context,
U profile,
java.lang.String element) |
protected boolean |
RequireAllPermissionsAuthorizer.check(WebContext context,
U profile,
java.lang.String element) |
protected boolean |
RequireAnyAttributeAuthorizer.check(WebContext context,
U profile,
java.lang.String element) |
protected boolean |
AbstractCheckAuthenticationAuthorizer.handleError(WebContext context) |
protected boolean |
ProfileAuthorizer.handleError(WebContext context)
Handle the error.
|
boolean |
ProfileAuthorizer.isAllAuthorized(WebContext context,
java.util.List<U> profiles)
If all profiles are authorized.
|
boolean |
ProfileAuthorizer.isAnyAuthorized(WebContext context,
java.util.List<U> profiles)
If any of the profiles is authorized.
|
boolean |
CacheControlHeader.isAuthorized(WebContext context,
java.util.List<CommonProfile> profiles) |
boolean |
XFrameOptionsHeader.isAuthorized(WebContext context,
java.util.List<CommonProfile> profiles) |
boolean |
XSSProtectionHeader.isAuthorized(WebContext context,
java.util.List<CommonProfile> profiles) |
boolean |
StrictTransportSecurityHeader.isAuthorized(WebContext context,
java.util.List<CommonProfile> profiles) |
boolean |
XContentTypeOptionsHeader.isAuthorized(WebContext context,
java.util.List<CommonProfile> profiles) |
boolean |
CorsAuthorizer.isAuthorized(WebContext context,
java.util.List<CommonProfile> profiles) |
boolean |
AbstractRequireElementAuthorizer.isAuthorized(WebContext context,
java.util.List<U> profiles) |
boolean |
IsRememberedAuthorizer.isAuthorized(WebContext context,
java.util.List<U> profiles) |
boolean |
Authorizer.isAuthorized(WebContext context,
java.util.List<U> profiles)
Checks if the user profiles and / or the current web context are authorized.
|
boolean |
IsFullyAuthenticatedAuthorizer.isAuthorized(WebContext context,
java.util.List<U> profiles) |
boolean |
IsAnonymousAuthorizer.isAuthorized(WebContext context,
java.util.List<U> profiles) |
boolean |
IsAuthenticatedAuthorizer.isAuthorized(WebContext context,
java.util.List<U> profiles) |
protected boolean |
AbstractRequireAllAuthorizer.isProfileAuthorized(WebContext context,
U profile) |
boolean |
IsRememberedAuthorizer.isProfileAuthorized(WebContext context,
U profile) |
boolean |
IsFullyAuthenticatedAuthorizer.isProfileAuthorized(WebContext context,
U profile) |
boolean |
IsAnonymousAuthorizer.isProfileAuthorized(WebContext context,
U profile) |
protected boolean |
AbstractRequireAnyAuthorizer.isProfileAuthorized(WebContext context,
U profile) |
protected abstract boolean |
ProfileAuthorizer.isProfileAuthorized(WebContext context,
U profile)
Whether a specific profile is authorized.
|
boolean |
IsAuthenticatedAuthorizer.isProfileAuthorized(WebContext context,
U profile) |
| Modifier and Type | Method and Description |
|---|---|
java.lang.String |
CsrfTokenGenerator.get(WebContext context)
Get the CSRF token from the session or create it if it doesn't exist.
|
java.lang.String |
DefaultCsrfTokenGenerator.get(WebContext context) |
boolean |
CsrfTokenGeneratorAuthorizer.isAuthorized(WebContext context,
java.util.List<CommonProfile> profiles) |
boolean |
CsrfAuthorizer.isAuthorized(WebContext context,
java.util.List<CommonProfile> profiles) |
| Modifier and Type | Method and Description |
|---|---|
protected boolean |
DefaultAuthorizationChecker.isAuthorized(WebContext context,
java.util.List<CommonProfile> profiles,
java.util.List<Authorizer> authorizers) |
boolean |
AuthorizationChecker.isAuthorized(WebContext context,
java.util.List<CommonProfile> profiles,
java.lang.String authorizerNames,
java.util.Map<java.lang.String,Authorizer> authorizersMap)
Check whether the user is authorized.
|
boolean |
DefaultAuthorizationChecker.isAuthorized(WebContext context,
java.util.List<CommonProfile> profiles,
java.lang.String authorizerNames,
java.util.Map<java.lang.String,Authorizer> authorizersMap) |
| Modifier and Type | Method and Description |
|---|---|
U |
SpringSecurityPropertiesAuthorizationGenerator.generate(WebContext context,
U profile) |
U |
AuthorizationGenerator.generate(WebContext context,
U profile)
Generate the authorization information from and for the user profile.
|
U |
LoadLinkedUserAuthorizationGenerator.generate(WebContext context,
U profile) |
U |
FromAttributesAuthorizationGenerator.generate(WebContext context,
U profile) |
U |
DefaultRolesPermissionsAuthorizationGenerator.generate(WebContext context,
U profile) |
| Modifier and Type | Method and Description |
|---|---|
protected abstract void |
IndirectClient.clientInit(WebContext context)
Initialize the client.
|
protected abstract void |
DirectClient.clientInit(WebContext context)
Initialize the client.
|
java.lang.String |
IndirectClient.computeFinalCallbackUrl(WebContext context) |
Client |
Clients.findClient(WebContext context)
Return the right client according to the web context.
|
C |
IndirectClient.getCredentials(WebContext context)
Get the credentials from the web context.
|
C |
DirectClient.getCredentials(WebContext context) |
C |
Client.getCredentials(WebContext context)
Get the credentials from the web context.
|
RedirectAction |
IndirectClient.getLogoutAction(WebContext context,
U currentProfile,
java.lang.String targetUrl) |
RedirectAction |
DirectClient.getLogoutAction(WebContext context,
U currentProfile,
java.lang.String targetUrl) |
RedirectAction |
Client.getLogoutAction(WebContext context,
U currentProfile,
java.lang.String targetUrl)
Return the logout action (indirect clients).
|
RedirectAction |
IndirectClient.getRedirectAction(WebContext context)
Get the redirectAction computed for this client.
|
U |
BaseClient.getUserProfile(C credentials,
WebContext context) |
U |
Client.getUserProfile(C credentials,
WebContext context)
Get the user profile based on the provided credentials.
|
protected void |
IndirectClient.internalInit(WebContext context) |
protected void |
DirectClient.internalInit(WebContext context) |
void |
BaseClient.notifySessionRenewal(java.lang.String oldSessionId,
WebContext context)
Notify of the web session renewal.
|
HttpAction |
IndirectClient.redirect(WebContext context) |
HttpAction |
DirectClient.redirect(WebContext context) |
HttpAction |
Client.redirect(WebContext context)
Redirect to the authentication provider for an indirect client.
|
protected C |
BaseClient.retrieveCredentials(WebContext context)
Retrieve the credentials.
|
protected U |
BaseClient.retrieveUserProfile(C credentials,
WebContext context)
Retrieve a user userprofile.
|
| Modifier and Type | Method and Description |
|---|---|
protected void |
AnonymousClient.clientInit(WebContext context) |
| Modifier and Type | Method and Description |
|---|---|
java.util.List<Client> |
DefaultClientFinder.find(Clients clients,
WebContext context,
java.lang.String clientNames) |
java.util.List<Client> |
ClientFinder.find(Clients clients,
WebContext context,
java.lang.String clientNames) |
| Modifier and Type | Field and Description |
|---|---|
protected java.util.function.Function<WebContext,ProfileManager> |
Config.profileManagerFactory |
| Modifier and Type | Method and Description |
|---|---|
java.util.function.Function<WebContext,ProfileManager> |
Config.getProfileManagerFactory() |
| Modifier and Type | Method and Description |
|---|---|
void |
Config.setProfileManagerFactory(java.util.function.Function<WebContext,ProfileManager> profileManagerFactory) |
| Modifier and Type | Class and Description |
|---|---|
class |
J2EContext
This implementation uses the J2E request, response and session.
|
| Modifier and Type | Method and Description |
|---|---|
static Cookie |
ContextHelper.getCookie(WebContext context,
java.lang.String name)
Get a specific cookie by its name.
|
static boolean |
ContextHelper.isGet(WebContext context)
Whether it is a GET request.
|
static boolean |
ContextHelper.isHttp(WebContext context)
Whether the request is HTTP.
|
static boolean |
ContextHelper.isHttps(WebContext context)
Whether the request is HTTPS.
|
static boolean |
ContextHelper.isHttpsOrSecure(WebContext context)
Whether the request is HTTPS or secure.
|
static boolean |
ContextHelper.isPost(WebContext context)
Whether it is a POST request.
|
| Modifier and Type | Interface and Description |
|---|---|
interface |
SessionStore<C extends WebContext>
To store data in session.
|
| Modifier and Type | Method and Description |
|---|---|
protected void |
LocalCachingAuthenticator.internalInit(WebContext context) |
void |
Authenticator.validate(C credentials,
WebContext context)
Validate the credentials.
|
void |
LocalCachingAuthenticator.validate(T credentials,
WebContext context) |
| Modifier and Type | Method and Description |
|---|---|
UsernamePasswordCredentials |
BasicAuthExtractor.extract(WebContext context) |
C |
CredentialsExtractor.extract(WebContext context)
Extract the right credentials.
|
TokenCredentials |
HeaderExtractor.extract(WebContext context) |
UsernamePasswordCredentials |
FormExtractor.extract(WebContext context) |
TokenCredentials |
ParameterExtractor.extract(WebContext context) |
| Modifier and Type | Interface and Description |
|---|---|
interface |
CallbackLogic<R,C extends WebContext>
Callback logic to finish the login process for an indirect client.
|
class |
DefaultCallbackLogic<R,C extends WebContext>
Default callback logic:
The credentials are extracted from the current request to fetch the user profile (from the identity provider) which is then saved in
the web session (depending on the saveInSession attribut, default is true).
|
class |
DefaultLogoutLogic<R,C extends WebContext>
Default logout logic:
If the
localLogout property is true, the pac4j profiles are removed from the web session
(and the web session is destroyed if the destroySession property is true). |
class |
DefaultSecurityLogic<R,C extends WebContext>
Default security logic:
If the HTTP request matches the
matchers configuration (or no matchers are defined),
the security is applied. |
interface |
LogoutLogic<R,C extends WebContext>
Logout logic for the application and the identity provider.
|
interface |
SecurityGrantedAccessAdapter<R,C extends WebContext>
Success adapter.
|
interface |
SecurityLogic<R,C extends WebContext>
Security logic to protect an url.
|
| Modifier and Type | Method and Description |
|---|---|
static HttpAction |
HttpAction.forbidden(java.lang.String message,
WebContext context)
Build a forbidden response.
|
static HttpAction |
HttpAction.ok(java.lang.String message,
WebContext context)
Build an HTTP Ok without any content.
|
static HttpAction |
HttpAction.ok(java.lang.String message,
WebContext context,
java.lang.String content)
Build an HTTP Ok.
|
static HttpAction |
HttpAction.redirect(java.lang.String message,
WebContext context,
java.lang.String url)
Build a redirection.
|
static HttpAction |
HttpAction.status(java.lang.String message,
int status,
WebContext context)
Build a response with message and status.
|
static HttpAction |
HttpAction.unauthorized(java.lang.String message,
WebContext context,
java.lang.String realmName)
Build a basic auth popup credentials.
|
static HttpAction |
HttpAction.unauthorized(java.lang.String message,
WebContext context,
java.lang.String realmName,
java.lang.String url)
Build a basic auth popup credentials.
|
static HttpAction |
HttpAction.unauthorizedDigest(java.lang.String message,
WebContext context,
java.lang.String realmName,
java.lang.String qop,
java.lang.String nonce)
Build a digest auth popup credentials.
|
static HttpAction |
HttpAction.unauthorizedNegotiate(java.lang.String message,
WebContext context)
Build a response requesting to provide credentials via Kerberos/SPNEGO Negotiate mechanism.
|
| Modifier and Type | Interface and Description |
|---|---|
interface |
HttpActionAdapter<R,C extends WebContext>
HTTP action adapter.
|
| Modifier and Type | Method and Description |
|---|---|
java.lang.String |
RelativeUrlResolver.compute(java.lang.String url,
WebContext context) |
java.lang.String |
UrlResolver.compute(java.lang.String url,
WebContext context)
Compute a new URL from the provided URL and the web context.
|
java.lang.String |
DefaultUrlResolver.compute(java.lang.String url,
WebContext context) |
boolean |
DefaultAjaxRequestResolver.isAjax(WebContext context) |
boolean |
AjaxRequestResolver.isAjax(WebContext context)
Whether it is an AJAX request.
|
| Modifier and Type | Method and Description |
|---|---|
RedirectAction |
GoogleLogoutActionBuilder.getLogoutAction(WebContext context,
U currentProfile,
java.lang.String targetUrl) |
RedirectAction |
CasLogoutActionBuilder.getLogoutAction(WebContext context,
U currentProfile,
java.lang.String targetUrl) |
RedirectAction |
LogoutActionBuilder.getLogoutAction(WebContext context,
U currentProfile,
java.lang.String targetUrl)
Return the
RedirectAction for logout. |
RedirectAction |
NoLogoutActionBuilder.getLogoutAction(WebContext context,
U currentProfile,
java.lang.String targetUrl) |
| Modifier and Type | Method and Description |
|---|---|
boolean |
HeaderMatcher.matches(WebContext context) |
boolean |
HttpMethodMatcher.matches(WebContext context) |
boolean |
Matcher.matches(WebContext context)
Check if the web context matches.
|
boolean |
PathMatcher.matches(WebContext context) |
boolean |
MatchingChecker.matches(WebContext context,
java.lang.String matcherNames,
java.util.Map<java.lang.String,Matcher> matchersMap)
Check if the web context matches.
|
boolean |
DefaultMatchingChecker.matches(WebContext context,
java.lang.String matcherNames,
java.util.Map<java.lang.String,Matcher> matchersMap) |
| Modifier and Type | Class and Description |
|---|---|
class |
ProfileManagerFactoryAware<C extends WebContext>
For classes that can set the profile manager factory.
|
| Modifier and Type | Field and Description |
|---|---|
protected WebContext |
ProfileManager.context |
| Constructor and Description |
|---|
ProfileManager(WebContext context) |
| Modifier and Type | Method and Description |
|---|---|
P |
AuthenticatorProfileCreator.create(C credentials,
WebContext context) |
U |
ProfileCreator.create(C credentials,
WebContext context)
Create a profile from a credentials.
|
| Modifier and Type | Method and Description |
|---|---|
protected void |
AbstractProfileService.internalInit(WebContext context) |
protected void |
InMemoryProfileService.internalInit(WebContext context) |
void |
AbstractProfileService.validate(UsernamePasswordCredentials credentials,
WebContext context) |
| Modifier and Type | Method and Description |
|---|---|
HttpAction |
RedirectAction.perform(WebContext context)
Perform a
RedirectAction on the web context. |
RedirectAction |
RedirectActionBuilder.redirect(WebContext context)
Return a redirect action for the web context.
|
| Modifier and Type | Method and Description |
|---|---|
void |
InitializableWebObject.init(WebContext context)
Initialize the object.
|
protected abstract void |
InitializableWebObject.internalInit(WebContext context)
Internal initialization of the object.
|
void |
InitializableWebObject.reinit(WebContext context)
Force (again) the initialization of the object.
|
Copyright © 2018. All Rights Reserved.