-
Notifications
You must be signed in to change notification settings - Fork 21
Callback configuration
You need to define a callback endpoint using the CallbackFilter only for web applications (that is for IndirectClient). The callback endpoint must not be protected.
>> Read the documentation to understand its behavior and the available options.
The available options can be set via setters and servlet parameters.
Yet, there is no config servlet parameter, the configFactory servlet parameter may be used instead to define a configuration.
The configFactory servlet parameter must be defined at least for one filter: it will be shared with other filters.
The CallbackFilter can be defined in the web.xml file:
<filter>
<filter-name>callbackFilter</filter-name>
<filter-class>org.pac4j.jee.filter.CallbackFilter</filter-class>
<init-param>
<param-name>defaultUrl</param-name>
<param-value>/</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>callbackFilter</filter-name>
<url-pattern>/callback</url-pattern>
</filter-mapping>or using CDI and the org.pac4j.jee.util.FilterHelper:
@Named
@ApplicationScoped
public class WebConfig {
@Inject
private Config config;
public void build(@Observes @Initialized(ApplicationScoped.class) ServletContext servletContext) {
final FilterHelper filterHelper = new FilterHelper(servletContext);
...
final CallbackFilter callbackFilter = new CallbackFilter(config, "/");
callbackFilter.setRenewSession(true);
filterHelper.addFilterMapping("callbackFilter", callbackFilter, "/callback");
...
}
}or using dependency injection via Spring, you can define the CallbackFilter as a DelegatingFilterProxy in the web.xml file:
<filter>
<filter-name>callbackFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>callbackFilter</filter-name>
<url-pattern>/callback</url-pattern>
</filter-mapping>and the specific bean in the application-context.xml file:
<bean id="callbackFilter" class="org.pac4j.j2e.filter.CallbackFilter">
<property name="defaultUrl" value="/" />
</bean>It can be defined as a simple JEE filter via Spring:
@Bean
public FilterRegistrationBean callbackFilter() {
final CallbackFilter filter = new CallbackFilter(config());
final FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(filter);
registrationBean.addUrlPatterns("/callback");
return registrationBean;
}It can be defined in a Java configuration like any Spring Security filter:
@Configuration
@Order(5)
public static class CallbackWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Autowired
private Config config;
protected void configure(final HttpSecurity http) throws Exception {
final CallbackFilter callbackFilter = new CallbackFilter(config);
http
.antMatcher("/callback*")
.addFilterBefore(callbackFilter, BasicAuthenticationFilter.class)
.csrf().disable();
}
}Or it can be defined in a shiro.ini file:
[main]
callbackFilter = org.pac4j.jee.filter.CallbackFilter
callbackFilter.config = $config
[urls]
/callback = callbackFilter