Skip to content

Security configuration

Jump to bottom
Sergey Morgunov edited this page Dec 19, 2018 · 3 revisions

You need to define the authentication mechanisms (Client) and authorization checks (Authorizer) you want.

The configuration (org.pac4j.core.config.Config) contains all the clients and authorizers required by the application to handle security.

The Config is bound for injection in a SecurityModule (or whatever the name you call it):

In Java:

public class SecurityModule extends AbstractModule {

    ...

    @Provides
    @Named(HEADER_CLIENT)
    protected HeaderClient provideHttpClient() {
        HeaderClient headerClient = new HeaderClient(AUTHORIZATION_HEADER, (credentials, webContext) -> {
            final CommonProfile profile = new CommonProfile();
            profile.setId(((TokenCredentials)credentials).getToken());
            credentials.setUserProfile(profile);
        });
        headerClient.setName(HEADER_CLIENT);
        return headerClient;
    }

    @Provides
    @Named(COOKIE_CLIENT)
    protected CookieClient provideCookieClient() {
        CookieClient cookieClient = new CookieClient("auth", (credentials, webContext) -> {
            final CommonProfile profile = new CommonProfile();
            profile.setId(((TokenCredentials) credentials).getToken());
            credentials.setUserProfile(profile);
        });
        cookieClient.setName(COOKIE_CLIENT);
        return cookieClient;
    }

    @Provides
    protected Config provideConfig(@Named(HEADER_CLIENT) HeaderClient headerClient
                                   @Named(COOKIE_CLIENT) CookieClient cookieClient) {
        final Config config = new Config(headerClient, cookieClient);
        config.getClients().setDefaultSecurityClients(headerClient.getName());
        config.addAuthorizer("_anonymous_", isAnonymous());
        config.addAuthorizer("_authenticated_", isAuthenticated());
        return config;
    }
}

In Scala:

trait SecurityModule {

    lazy val client: HeaderClient = {
        val headerClient = new HeaderClient(AUTHORIZATION_HEADER, new Authenticator[Credentials]() {
            override def validate(credentials: Credentials, webContext: WebContext): Unit = {
                val profile = new CommonProfile()
                profile.setId(credentials.asInstanceOf[TokenCredentials].getToken)
                credentials.setUserProfile(profile)
            }
        })
        headerClient.setName(ClientNames.HEADER_CLIENT)
        headerClient
    }

    lazy val cookieClient: CookieClient = {
      val cookieClient = new CookieClient("auth", new Authenticator[Credentials]() {
        override def validate(credentials: Credentials, webContext: WebContext): Unit = {
          val profile = new CommonProfile()
          profile.setId(credentials.asInstanceOf[TokenCredentials].getToken)
          credentials.setUserProfile(profile)
        }
      })
      cookieClient.setName(COOKIE_CLIENT)
      cookieClient
    }

    lazy val serviceConfig: Config = {
        val config = new Config(client, cookieClient)
        config.getClients.setDefaultSecurityClients(client.getName)
        config.addAuthorizer("_anonymous_", isAnonymous())
        config.addAuthorizer("_authenticated_", isAuthenticated())
        config
    }
}
Clone this wiki locally