HTTP (v5.4)
pac4j allows you to login using HTTP mechanims (like basic auth or form posting).
The HTTP clients require to define an Authenticator to handle the credentials validation.
Except the X509Client
with its default X509Authenticator
whichs extracts an identifier from the subjectDN of the X509 certificate.
1) Dependency
You need to use the following module: pac4j-http
.
Example (Maven dependency):
<dependency>
<groupId>org.pac4j</groupId>
<artifactId>pac4j-http</artifactId>
<version>${pac4j.version}</version>
</dependency>
2) Clients
You can use the following clients depending on what are the credentials and how they are passed in the HTTP request:
Credentials | Client |
---|---|
username/password sent via a form posting | FormClient (indirect client)DirectFormClient (direct client) |
username/password sent via basic auth | IndirectBasicAuthClient (indirect client)DirectBasicAuthClient (direct client) |
value sent as a cookie | CookieClient (direct client) |
value sent as a HTTP header | HeaderClient (direct client) |
value sent as a Authorization header starting with “Bearer “ | DirectBearerAuthClient (direct client) |
value sent as a HTTP parameter | ParameterClient (direct client) |
IP address | IpClient (direct client) |
X509 certificate | X509Client (direct client) |
username/token sent via digest auth | DirectDigestAuthClient (direct client) |
Examples:
// REST authentication with JWT token passed in the url as the "token" parameter
ParameterClient parameterClient = new ParameterClient("token", new JwtAuthenticator(salt));
parameterClient.setSupportGetRequest(true);
parameterClient.setSupportPostRequest(false);
// if the 'Authorization' header is passed with the 'Basic token' value
HeaderClient client = new HeaderClient("Authorization", "Basic ", (credentials, ctx) -> {
String token = ((TokenCredentials) credentials).getToken();
// check the token and create a profile
if ("goodToken".equals(token)) {
CommonProfile profile = new CommonProfile();
profile.setId("myId");
// save in the credentials to be passed to the default AuthenticatorProfileCreator
credentials.setUserProfile(profile);
}
});