Class ProtectedWebEndpointMatcher

  • All Implemented Interfaces:
    org.pac4j.core.matching.matcher.Matcher

    public class ProtectedWebEndpointMatcher
    extends Object
    implements org.pac4j.core.matching.matcher.Matcher
    Custom pac4j matcher for checking if the web endpoint of the request is a protected endpoint. This matcher is needed for portal views which may be public. URIs of public portal views are not known beforehand and therefore can not be excluded from the filter mapping for the pac4j security config (see fc-security/src/main/resources/META-INF/web-fragment.xml). For this reason this matcher is needed (using anonymous profiles instead is also not an option because that would lead to problems with redirection in unauthorized cases). DO NOT use this matcher by itself with custom web context (request, response), because the web endpoint and context information that is to be checked is injected via CDI. Therefore the given request is not analyzed / used. CDI is used instead of the given web context (request, response) for performance reasons.
    Since:
    8.0.0
    Author:
    XIMA Media GmbH
    • Field Detail

      • INSTANCE

        public static final org.pac4j.core.matching.matcher.Matcher INSTANCE
    • Method Detail

      • matches

        public boolean matches​(org.pac4j.core.context.WebContext context,
                               org.pac4j.core.context.session.SessionStore sessionStore)
        Checks if the web endpoint of the current request is a protected web endpoint and therefore needs authorization checks. ATTEENTION! Uses CDI to check the web endpoint and NOT the given web context (is the same if used in normal pac4j security flow)!
        Specified by:
        matches in interface org.pac4j.core.matching.matcher.Matcher
        Returns:
        true if the web endpoint of the current request is a protected endpoint which needs authorization checks and false if it is a public web endpoint (e.g. public portal views) and therefore does not need authorization checks.