Skip to content

Apply security

Jump to bottom
CAS in the cloud LELEU Jérôme edited this page Sep 6, 2022 · 2 revisions

You can protect (authentication + authorization) the URLs of your web application/services by using the SecurityFilter.

>> Read the documentation to understand its behavior and the available options.

Spring configuration class example:

@Configuration
@ComponentScan(basePackages = "org.pac4j.springframework.web")
public class ApplicationConfig {

    @Bean
    public WebFilter securityFilter() {
        return new SecurityFilter(config(), "MyClient", null, "securitypath");
    }

    @Bean
    public Config config() {
        ...
        final Clients clients = new Clients("http://localhost:8080/callback", ...);
        final Config config = new Config(clients);
        final PathMatcher matcher = new PathMatcher().excludePaths("/", "/callback", "/logout");
        config.addMatcher("securitypath", matcher);
        return config;
    }
}

Notice that you can also use the smart builder (which accepts almost any parameter type and number):

    @Bean
    public WebFilter securityFilter() {
        return SecurityFilter.build(config(), "MyClient", new PathMatcher().includePath("securitypath"));
    }

The default internal components of the SecurityFilter are: SpringWebfluxSessionStore, SpringWebfluxHttpActionAdapter.INSTANCE, DefaultSecurityLogic.INSTANCE and SpringWebfluxWebContextFactory.INSTANCE.

Clone this wiki locally