ProtectedWebEndpointMatcher (formcycle: bom 8.2.0 API)

java.lang.Object
- de.xima.fc.security.pac4j.matching.matcher.ProtectedWebEndpointMatcher

All Implemented Interfaces:

org.pac4j.core.matching.matcher.Matcher
```
public class ProtectedWebEndpointMatcher
extends Object
implements org.pac4j.core.matching.matcher.Matcher
```
Custom pac4j matcher for checking if the web endpoint of the request is a protected endpoint. This matcher is needed for portal views which may be public. URIs of public portal views are not known beforehand and therefore can not be excluded from the filter mapping for the pac4j security config (see fc-security/src/main/resources/META-INF/web-fragment.xml). For this reason this matcher is needed (using anonymous profiles instead is also not an option because that would lead to problems with redirection in unauthorized cases). DO NOT use this matcher by itself with custom web context (request, response), because the web endpoint and context information that is to be checked is injected via CDI. Therefore the given request is not analyzed / used. CDI is used instead of the given web context (request, response) for performance reasons.

Since:

8.0.0

Author:

XIMA Media GmbH

Field Summary

Fields
Modifier and Type Field Description

static org.pac4j.core.matching.matcher.Matcher INSTANCE

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`boolean`	`matches(org.pac4j.core.context.WebContext context, org.pac4j.core.context.session.SessionStore sessionStore)`	Checks if the web endpoint of the current request is a protected web endpoint and therefore needs authorization checks.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - INSTANCE
```
public static final org.pac4j.core.matching.matcher.Matcher INSTANCE
```
- Method Detail
  - matches
```
public boolean matches(org.pac4j.core.context.WebContext context,
                       org.pac4j.core.context.session.SessionStore sessionStore)
```
    Checks if the web endpoint of the current request is a protected web endpoint and therefore needs authorization checks. ATTEENTION! Uses CDI to check the web endpoint and NOT the given web context (is the same if used in normal pac4j security flow)!
    
    Specified by:
    
    matches in interface org.pac4j.core.matching.matcher.Matcher
    
    Returns:
    
    true if the web endpoint of the current request is a protected endpoint which needs authorization checks and false if it is a public web endpoint (e.g. public portal views) and therefore does not need authorization checks.