Search in sources :

Example 1 with DirectClient

use of org.pac4j.core.client.DirectClient in project pac4j by pac4j.

the class DefaultSecurityLogic method perform.

@Override
public R perform(final C context, final Config config, final SecurityGrantedAccessAdapter<R, C> securityGrantedAccessAdapter, final HttpActionAdapter<R, C> httpActionAdapter, final String clients, final String authorizers, final String matchers, final Boolean inputMultiProfile, final Object... parameters) {
    logger.debug("=== SECURITY ===");
    HttpAction action;
    try {
        // default value
        final boolean multiProfile;
        if (inputMultiProfile == null) {
            multiProfile = false;
        } else {
            multiProfile = inputMultiProfile;
        }
        // checks
        assertNotNull("context", context);
        assertNotNull("config", config);
        assertNotNull("httpActionAdapter", httpActionAdapter);
        assertNotNull("clientFinder", clientFinder);
        assertNotNull("authorizationChecker", authorizationChecker);
        assertNotNull("matchingChecker", matchingChecker);
        assertNotNull("profileStorageDecision", profileStorageDecision);
        final Clients configClients = config.getClients();
        assertNotNull("configClients", configClients);
        // logic
        logger.debug("url: {}", context.getFullRequestURL());
        logger.debug("matchers: {}", matchers);
        if (matchingChecker.matches(context, matchers, config.getMatchers())) {
            logger.debug("clients: {}", clients);
            final List<Client> currentClients = clientFinder.find(configClients, context, clients);
            logger.debug("currentClients: {}", currentClients);
            final boolean loadProfilesFromSession = profileStorageDecision.mustLoadProfilesFromSession(context, currentClients);
            logger.debug("loadProfilesFromSession: {}", loadProfilesFromSession);
            final ProfileManager manager = getProfileManager(context, config);
            List<CommonProfile> profiles = manager.getAll(loadProfilesFromSession);
            logger.debug("profiles: {}", profiles);
            // no profile and some current clients
            if (isEmpty(profiles) && isNotEmpty(currentClients)) {
                boolean updated = false;
                // loop on all clients searching direct ones to perform authentication
                for (final Client currentClient : currentClients) {
                    if (currentClient instanceof DirectClient) {
                        logger.debug("Performing authentication for direct client: {}", currentClient);
                        final Credentials credentials = currentClient.getCredentials(context);
                        logger.debug("credentials: {}", credentials);
                        final CommonProfile profile = currentClient.getUserProfile(credentials, context);
                        logger.debug("profile: {}", profile);
                        if (profile != null) {
                            final boolean saveProfileInSession = profileStorageDecision.mustSaveProfileInSession(context, currentClients, (DirectClient) currentClient, profile);
                            logger.debug("saveProfileInSession: {} / multiProfile: {}", saveProfileInSession, multiProfile);
                            manager.save(saveProfileInSession, profile, multiProfile);
                            updated = true;
                            if (!multiProfile) {
                                break;
                            }
                        }
                    }
                }
                if (updated) {
                    profiles = manager.getAll(loadProfilesFromSession);
                    logger.debug("new profiles: {}", profiles);
                }
            }
            // we have profile(s) -> check authorizations
            if (isNotEmpty(profiles)) {
                logger.debug("authorizers: {}", authorizers);
                if (authorizationChecker.isAuthorized(context, profiles, authorizers, config.getAuthorizers())) {
                    logger.debug("authenticated and authorized -> grant access");
                    return securityGrantedAccessAdapter.adapt(context, profiles, parameters);
                } else {
                    logger.debug("forbidden");
                    action = forbidden(context, currentClients, profiles, authorizers);
                }
            } else {
                if (startAuthentication(context, currentClients)) {
                    logger.debug("Starting authentication");
                    saveRequestedUrl(context, currentClients);
                    action = redirectToIdentityProvider(context, currentClients);
                } else {
                    logger.debug("unauthorized");
                    action = unauthorized(context, currentClients);
                }
            }
        } else {
            logger.debug("no matching for this request -> grant access");
            return securityGrantedAccessAdapter.adapt(context, Arrays.asList(), parameters);
        }
    } catch (final Exception e) {
        return handleException(e, httpActionAdapter, context);
    }
    return httpActionAdapter.adapt(action.getCode(), context);
}
Also used : ProfileManager(org.pac4j.core.profile.ProfileManager) DirectClient(org.pac4j.core.client.DirectClient) CommonProfile(org.pac4j.core.profile.CommonProfile) Clients(org.pac4j.core.client.Clients) DirectClient(org.pac4j.core.client.DirectClient) Client(org.pac4j.core.client.Client) IndirectClient(org.pac4j.core.client.IndirectClient) HttpAction(org.pac4j.core.exception.HttpAction) Credentials(org.pac4j.core.credentials.Credentials)

Aggregations

Client (org.pac4j.core.client.Client)1 Clients (org.pac4j.core.client.Clients)1 DirectClient (org.pac4j.core.client.DirectClient)1 IndirectClient (org.pac4j.core.client.IndirectClient)1 Credentials (org.pac4j.core.credentials.Credentials)1 HttpAction (org.pac4j.core.exception.HttpAction)1 CommonProfile (org.pac4j.core.profile.CommonProfile)1 ProfileManager (org.pac4j.core.profile.ProfileManager)1