Package de.xima.fc.security.pac4j.matching.matcher

Class ProtectedWebEndpointMatcher

java.lang.Object
de.xima.fc.security.pac4j.matching.matcher.ProtectedWebEndpointMatcher
All Implemented Interfaces:
org.pac4j.core.matching.matcher.Matcher
public class ProtectedWebEndpointMatcher extends Object implements org.pac4j.core.matching.matcher.Matcher
Custom pac4j matcher for checking if the web endpoint of the request is a protected endpoint. This matcher is needed for portal views which may be public. URIs of public portal views are not known beforehand and therefore can not be excluded from the filter mapping for the pac4j security config (see fc-security/src/main/resources/META-INF/web-fragment.xml). For this reason this matcher is needed (using anonymous profiles instead is also not an option because that would lead to problems with redirection in unauthorized cases). DO NOT use this matcher by itself with custom web context (request, response), because the web endpoint and context information that is to be checked is injected via CDI. Therefore the given request is not analyzed / used. CDI is used instead of the given web context (request, response) for performance reasons.
Since:
8.0.0
Author:
XIMA Media GmbH

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final org.pac4j.core.matching.matcher.Matcher
    INSTANCE
     

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    matches(org.pac4j.core.context.WebContext context, org.pac4j.core.context.session.SessionStore sessionStore)
    Checks if the web endpoint of the current request is a protected web endpoint and therefore needs authorization checks.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • INSTANCE

      public static final org.pac4j.core.matching.matcher.Matcher INSTANCE

  • Method Details

    • matches

      public boolean matches(org.pac4j.core.context.WebContext context, org.pac4j.core.context.session.SessionStore sessionStore)
      Checks if the web endpoint of the current request is a protected web endpoint and therefore needs authorization checks. ATTEENTION! Uses CDI to check the web endpoint and NOT the given web context (is the same if used in normal pac4j security flow)!
      Specified by:
      matches in interface org.pac4j.core.matching.matcher.Matcher
      Returns:
      true if the web endpoint of the current request is a protected endpoint which needs authorization checks and false if it is a public web endpoint (e.g. public portal views) and therefore does not need authorization checks.