Javalin-Pac4j per-endpoint based access mechanism

[Billy J.B.]

Hi,

I can't seem to find the best way to do this in the documentation and I would appreciate any/all pointers if I've missed it!

My problem is the following:

I want to secure separate REST endpoints in the same javalin-pac4j application with different requirements.
I need to check for certain UserProfile claims in some cases (e.g. 'editor') but only check isAuthenticated for other endpoints.
Do I need to create separate SecurityConfig with separate handlers and add these to the Javalin Route configuration or is there way to use the same SecurityConfig and access several separate handlers at method/API route level?

A lot of the configuration is else reusable, the user will be submitting the same tokens, so it would be nice to avoid re-duplicating the security configs.

Best regards

[Jérôme LELEU]

Hi,

You need one Config where you define any new Authorizer you want like your custom isEditor.

Then, you instantiate for your URLs as many SecurityHandler as you need with various uses of clients, authorizers and matchers.

Thanks.

Best regards,

Jérôme

--
You received this message because you are subscribed to the Google Groups "Pac4j users mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pac4j-users/8c1e71f0-921a-48c7-a099-6ef121e52606n%40googlegroups.com.