Skip to content

Apply security

Jump to bottom Edit New page
LELEU Jérôme edited this page Nov 20, 2020 · 11 revisions

You can protect (authentication + authorization) the URLs of web application/services by using the SecurityFilter.

>> Read the documentation to understand its behavior and the available options.

The available options can be set via setters and servlet parameters. Yet, there is no config servlet parameter, the configFactory servlet parameter may be used instead to define a configuration.

The SecurityFilter can be defined in the web.xml file:

<filter>
  <filter-name>FacebookAdminFilter</filter-name>
  <filter-class>org.pac4j.j2e.filter.SecurityFilter</filter-class>
  <init-param>
    <param-name>configFactory</param-name>
    <param-value>org.pac4j.demo.j2e.DemoConfigFactory</param-value>
  </init-param>
  <init-param>
    <param-name>clients</param-name>
    <param-value>FacebookClient</param-value>
  </init-param>
</filter>
<filter-mapping>
  <filter-name>FacebookAdminFilter</filter-name>
  <url-pattern>/facebook/*</url-pattern>
</filter-mapping>

or using CDI and the org.pac4j.jee.util.FilterHelper:

@Named
@ApplicationScoped
public class WebConfig {

    @Inject
    private Config config;

    public void build(@Observes @Initialized(ApplicationScoped.class) ServletContext servletContext) {

        final FilterHelper filterHelper = new FilterHelper(servletContext);

        ...

        final SecurityFilter facebookAdminFilter = new SecurityFilter(config, "FacebookClient", "admin,securityHeaders");
        filterHelper.addFilterMapping("facebookAdminFilter", facebookAdminFilter, "/facebookadmin/*");

        ...
    }
}

The default internal components of the SecurityFilter are: JEESessionStore.INSTANCE, JEEHttpActionAdapter.INSTANCE, DefaultSecurityLogic.INSTANCE and JEEContextFactory.INSTANCE.

Add a custom footer
Add a custom sidebar
Clone this wiki locally