import org.pac4j.core.credentials.authenticator.Authenticator; //导入依赖的package包/类
@RefreshScope
@Bean
public Config oauthSecConfig() {
    final CasConfiguration cfg = new CasConfiguration(casProperties.getServer().getLoginUrl());
    final CasClient oauthCasClient = new CasClient(cfg);
    oauthCasClient.setRedirectActionBuilder(webContext -> oauthCasClientRedirectActionBuilder().build(oauthCasClient, webContext));
    oauthCasClient.setName(Authenticators.CAS_OAUTH_CLIENT);
    oauthCasClient.setUrlResolver(casCallbackUrlResolver());

    final Authenticator authenticator = oAuthClientAuthenticator();
    final DirectBasicAuthClient basicAuthClient = new DirectBasicAuthClient(authenticator);
    basicAuthClient.setName(Authenticators.CAS_OAUTH_CLIENT_BASIC_AUTHN);

    final DirectFormClient directFormClient = new DirectFormClient(authenticator);
    directFormClient.setName(Authenticators.CAS_OAUTH_CLIENT_DIRECT_FORM);
    directFormClient.setUsernameParameter(CLIENT_ID);
    directFormClient.setPasswordParameter(CLIENT_SECRET);

    final DirectFormClient userFormClient = new DirectFormClient(oAuthUserAuthenticator());
    userFormClient.setName(Authenticators.CAS_OAUTH_CLIENT_USER_FORM);
    return new Config(OAuth20Utils.casOAuthCallbackUrl(casProperties.getServer().getPrefix()),
            oauthCasClient, basicAuthClient, directFormClient, userFormClient);
}
 

import org.pac4j.core.credentials.authenticator.Authenticator; //导入依赖的package包/类
private void internalTestRestForm(final Authenticator authenticator) throws HttpAction {
    final CasRestFormClient client = new CasRestFormClient();
    client.setAuthenticator(authenticator);

    final MockWebContext context = MockWebContext.create();
    context.addRequestParameter(client.getUsernameParameter(), USER);
    context.addRequestParameter(client.getPasswordParameter(), USER);

    final UsernamePasswordCredentials credentials = client.getCredentials(context);
    final CasRestProfile profile = client.getUserProfile(credentials, context);
    assertEquals(USER, profile.getId());
    assertNotNull(profile.getTicketGrantingTicketId());

    final TokenCredentials casCreds = client.requestServiceTicket(PAC4J_BASE_URL, profile);
    final CasProfile casProfile = client.validateServiceTicket(PAC4J_BASE_URL, casCreds);
    assertNotNull(casProfile);
    assertEquals(USER, casProfile.getId());
    assertTrue(casProfile.getAttributes().size() > 0);
}
 

import org.pac4j.core.credentials.authenticator.Authenticator; //导入依赖的package包/类
default Config getConfig() {
    // login not used because the ajax resolver always answer true
    Authenticator<UsernamePasswordCredentials> auth = new SimpleTestUsernamePasswordAuthenticator();
    FormClient client = new FormClient("notUsedLoginUrl", auth);
    DirectFormClient client2 = new DirectFormClient(auth);
    DirectFormClient client3 = new DirectFormClient(auth);
    client3.setName(DEFAULT_CLIENT);

    Clients clients = new Clients("notUsedCallbackUrl", client, client2, client3);
    // in case of invalid credentials, we simply want the error, not a redirect to the login url
    clients.setAjaxRequestResolver((c) -> true);
    // so that callback url have the correct prefix w.r.t. the container's context
    clients.setUrlResolver(new JaxRsUrlResolver());

    JaxRsConfig config = new JaxRsConfig();
    config.setClients(clients);
    config.setDefaultClients(DEFAULT_CLIENT);

    return config;
}
 

import org.pac4j.core.credentials.authenticator.Authenticator; //导入依赖的package包/类
/**
 * Add a form auth client.
 *
 * @param pattern URL pattern to protect.
 * @param authenticator Authenticator to use.
 * @return This module.
 */
public Auth form(final String pattern,
    final Class<? extends Authenticator<UsernamePasswordCredentials>> authenticator) {
  bindings.put(pattern, (binder, conf) -> {
    TypeLiteral<Authenticator<UsernamePasswordCredentials>> usernamePasswordAuthenticator = new TypeLiteral<Authenticator<UsernamePasswordCredentials>>() {
    };
    binder.bind(usernamePasswordAuthenticator.getRawType()).to(authenticator);

    bindProfile(binder, CommonProfile.class);

    Multibinder.newSetBinder(binder, Client.class)
        .addBinding().toProvider(FormAuth.class);

    return new FormFilter(conf.getString("auth.form.loginUrl"),
        conf.getString("application.path") + authCallbackPath(conf));
  });

  return this;
}
 

import org.pac4j.core.credentials.authenticator.Authenticator; //导入依赖的package包/类
/**
 * Add a basic auth client.
 *
 * @param pattern URL pattern to protect.
 * @param authenticator Authenticator to use.
 * @return This module.
 */
public Auth basic(final String pattern,
    final Class<? extends Authenticator<UsernamePasswordCredentials>> authenticator) {
  bindings.put(pattern, (binder, config) -> {
    TypeLiteral<Authenticator<UsernamePasswordCredentials>> usernamePasswordAuthenticator = new TypeLiteral<Authenticator<UsernamePasswordCredentials>>() {
    };
    binder.bind(usernamePasswordAuthenticator.getRawType()).to(authenticator);

    bindProfile(binder, CommonProfile.class);

    Multibinder.newSetBinder(binder, Client.class)
        .addBinding().toProvider(BasicAuth.class);

    return new AuthFilter(IndirectBasicAuthClient.class, CommonProfile.class);
  });
  return this;
}
 

import org.pac4j.core.credentials.authenticator.Authenticator; //导入依赖的package包/类
@Override
protected HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
    CommonHelper.assertNotNull("profileCreator", this.profileCreator);

    final C credentials = convertToPac4jCredentials((I) credential);
    LOGGER.debug("credentials: [{}]", credentials);

    try {
        final Authenticator authenticator = getAuthenticator(credential);
 
        if (authenticator instanceof InitializableObject) {
            ((InitializableObject) authenticator).init();
        }
        if (authenticator instanceof InitializableWebObject) {
            ((InitializableWebObject) authenticator).init(getWebContext());
        }
        
        CommonHelper.assertNotNull("authenticator", authenticator);
        authenticator.validate(credentials, getWebContext());

        final UserProfile profile = this.profileCreator.create(credentials, getWebContext());
        LOGGER.debug("profile: [{}]", profile);

        return createResult(new ClientCredential(credentials), profile);
    } catch (final Exception e) {
        LOGGER.error("Failed to validate credentials", e);
        throw new FailedLoginException("Failed to validate credentials: " + e.getMessage());
    }
}
 

import org.pac4j.core.credentials.authenticator.Authenticator; //导入依赖的package包/类
@Override
protected Authenticator<UsernamePasswordCredentials> getAuthenticator(final Credential credential) {
    final MongoClientURI uri = new MongoClientURI(this.mongoHostUri);
    final MongoClient client = new MongoClient(uri);
    LOGGER.info("Connected to MongoDb instance @ [{}] using database [{}]",
            uri.getHosts(), uri.getDatabase());

    final MongoAuthenticator mongoAuthenticator = new MongoAuthenticator(client, this.attributes);
    mongoAuthenticator.setUsersCollection(this.collectionName);
    mongoAuthenticator.setUsersDatabase(uri.getDatabase());
    mongoAuthenticator.setUsernameAttribute(this.usernameAttribute);
    mongoAuthenticator.setPasswordAttribute(this.passwordAttribute);
    mongoAuthenticator.setPasswordEncoder(this.mongoPasswordEncoder);
    return mongoAuthenticator;
}
 

import org.pac4j.core.credentials.authenticator.Authenticator; //导入依赖的package包/类
public ParameterClient(final String parameterName,
                       final Authenticator tokenAuthenticator,
                       final ProfileCreator profileCreator) {
    this.parameterName = parameterName;
    setAuthenticator(tokenAuthenticator);
    setProfileCreator(profileCreator);
}
 

import org.pac4j.core.credentials.authenticator.Authenticator; //导入依赖的package包/类
public HeaderClient(final String headerName, final String prefixHeader,
                    final Authenticator tokenAuthenticator, final ProfileCreator profileCreator) {
    this.headerName = headerName;
    this.prefixHeader = prefixHeader;
    setAuthenticator(tokenAuthenticator);
    setProfileCreator(profileCreator);
}
 

import org.pac4j.core.credentials.authenticator.Authenticator; //导入依赖的package包/类
public FormClient(final String loginUrl, final String usernameParameter, final String passwordParameter,
                  final Authenticator usernamePasswordAuthenticator) {
    this.loginUrl = loginUrl;
    this.usernameParameter = usernameParameter;
    this.passwordParameter = passwordParameter;
    setAuthenticator(usernamePasswordAuthenticator);
}
 

import org.pac4j.core.credentials.authenticator.Authenticator; //导入依赖的package包/类
public CasRestAuthenticator getCasRestAuthenticator() {
    Authenticator authenticator = getAuthenticator();
    if (authenticator instanceof LocalCachingAuthenticator) {
        authenticator = ((LocalCachingAuthenticator) authenticator).getDelegate();
    }
    if (authenticator instanceof CasRestAuthenticator) {
        return (CasRestAuthenticator) authenticator;
    }
    throw new TechnicalException("authenticator must be a CasRestAuthenticator (or via a LocalCachingAuthenticator)");
}
 

import org.pac4j.core.credentials.authenticator.Authenticator; //导入依赖的package包/类
@Override
public void setup(Bootstrap<?> bootstrap) {
    ObjectMapper om = bootstrap.getObjectMapper();

    // for Config
    om.addMixIn(SessionStore.class, sessionStoreMixin());
    om.addMixIn(Authorizer.class, authorizerMixin());
    om.addMixIn(HttpActionAdapter.class, httpActionAdapterMixin());
    om.addMixIn(Matcher.class, matcherMixin());
    om.addMixIn(SecurityLogic.class, securityLogicMixin());
    om.addMixIn(CallbackLogic.class, callbackLogicMixin());
    om.addMixIn(LogoutLogic.class, logoutLogicMixin());

    // for Clients
    om.addMixIn(Client.class, clientMixin());
    om.addMixIn(BaseClient.class, baseClientMixin());

    // for Clients and Client subsclasses
    om.addMixIn(AjaxRequestResolver.class, ajaxRequestResolverMixin());
    om.addMixIn(UrlResolver.class, urlResolverMixin());
    om.addMixIn(AuthorizationGenerator.class,
            authorizationGeneratorMixin());

    // for Client/BaseClient
    om.addMixIn(Authenticator.class, authenticatorMixin());
    om.addMixIn(CredentialsExtractor.class, credentialExtractorMixin());
    om.addMixIn(ProfileCreator.class, profileCreatorMixin());

    // for IndirectClient
    om.addMixIn(RedirectActionBuilder.class, redirectActionBuilderMixin());
    om.addMixIn(LogoutActionBuilder.class, logoutActionBuilderMixin());
    
    // for some of the Authenticators
    om.addMixIn(PasswordEncoder.class, passwordEncoderMixin());
}
 

import org.pac4j.core.credentials.authenticator.Authenticator; //导入依赖的package包/类
@Override
protected Authenticator<UsernamePasswordCredentials> getAuthenticator(final Credential credential) {
    return this.authenticator;
}
 

import org.pac4j.core.credentials.authenticator.Authenticator; //导入依赖的package包/类
public void setAuthenticator(final Authenticator<UsernamePasswordCredentials> authenticator) {
    this.authenticator = authenticator;
}
 

import org.pac4j.core.credentials.authenticator.Authenticator; //导入依赖的package包/类
@ConditionalOnMissingBean(name = "oAuthClientAuthenticator")
@Bean
@RefreshScope
public Authenticator<UsernamePasswordCredentials> oAuthClientAuthenticator() {
    return new OAuthClientAuthenticator(oAuthValidator(), this.servicesManager);
}
 

import org.pac4j.core.credentials.authenticator.Authenticator; //导入依赖的package包/类
@ConditionalOnMissingBean(name = "oAuthUserAuthenticator")
@Bean
@RefreshScope
public Authenticator<UsernamePasswordCredentials> oAuthUserAuthenticator() {
    return new OAuthUserAuthenticator(authenticationSystemSupport, servicesManager, webApplicationServiceFactory);
}
 

import org.pac4j.core.credentials.authenticator.Authenticator; //导入依赖的package包/类
@Override
protected Authenticator<UsernamePasswordCredentials> getAuthenticator(final Credential credential) {
    return new StormpathAuthenticator(this.apiKey, this.secretkey, this.applicationId);
}
 

import org.pac4j.core.credentials.authenticator.Authenticator; //导入依赖的package包/类
@Override
protected Authenticator<TokenCredentials> getAuthenticator(final Credential credential) {
    final TokenCredential tokenCredential = (TokenCredential) credential;
    LOGGER.debug("Locating token secret for service [{}]", tokenCredential.getService());

    final RegisteredService service = this.servicesManager.findServiceBy(tokenCredential.getService());
    final String signingSecret = getRegisteredServiceJwtSigningSecret(service);
    final String encryptionSecret = getRegisteredServiceJwtEncryptionSecret(service);

    final String signingSecretAlg =
            StringUtils.defaultString(getRegisteredServiceJwtSecret(service, TokenConstants.PROPERTY_NAME_TOKEN_SECRET_SIGNING_ALG),
                    JWSAlgorithm.HS256.getName());

    final String encryptionSecretAlg =
            StringUtils.defaultString(getRegisteredServiceJwtSecret(service, TokenConstants.PROPERTY_NAME_TOKEN_SECRET_ENCRYPTION_ALG),
                    JWEAlgorithm.DIR.getName());

    final String encryptionSecretMethod =
            StringUtils.defaultString(getRegisteredServiceJwtSecret(service, TokenConstants.PROPERTY_NAME_TOKEN_SECRET_ENCRYPTION_METHOD),
                    EncryptionMethod.A192CBC_HS384.getName());

    if (StringUtils.isNotBlank(signingSecret)) {
        Set<Algorithm> sets = new HashSet<>();
        sets.addAll(JWSAlgorithm.Family.EC);
        sets.addAll(JWSAlgorithm.Family.HMAC_SHA);
        sets.addAll(JWSAlgorithm.Family.RSA);
        sets.addAll(JWSAlgorithm.Family.SIGNATURE);

        final JWSAlgorithm signingAlg = findAlgorithmFamily(sets, signingSecretAlg);

        final JwtAuthenticator a = new JwtAuthenticator();
        a.setSignatureConfiguration(new SecretSignatureConfiguration(signingSecret, signingAlg));

        if (StringUtils.isNotBlank(encryptionSecret)) {
            sets = new HashSet<>();
            sets.addAll(JWEAlgorithm.Family.AES_GCM_KW);
            sets.addAll(JWEAlgorithm.Family.AES_KW);
            sets.addAll(JWEAlgorithm.Family.ASYMMETRIC);
            sets.addAll(JWEAlgorithm.Family.ECDH_ES);
            sets.addAll(JWEAlgorithm.Family.PBES2);
            sets.addAll(JWEAlgorithm.Family.RSA);
            sets.addAll(JWEAlgorithm.Family.SYMMETRIC);

            final JWEAlgorithm encAlg = findAlgorithmFamily(sets, encryptionSecretAlg);

            sets = new HashSet<>();
            sets.addAll(EncryptionMethod.Family.AES_CBC_HMAC_SHA);
            sets.addAll(EncryptionMethod.Family.AES_GCM);

            final EncryptionMethod encMethod = findAlgorithmFamily(sets, encryptionSecretMethod);
            a.setEncryptionConfiguration(new SecretEncryptionConfiguration(encryptionSecret, encAlg, encMethod));
        } else {
            LOGGER.warn("JWT authentication is configured to share a single key for both signing/encryption");
        }
        return a;
    }
    LOGGER.warn("No token signing secret is defined for service [{}]. Ensure [{}] property is defined for service",
            service.getServiceId(), TokenConstants.PROPERTY_NAME_TOKEN_SECRET_SIGNING);
    return null;
}
 

import org.pac4j.core.credentials.authenticator.Authenticator; //导入依赖的package包/类
public DirectBasicAuthClient(Authenticator usernamePasswordAuthenticator) {
    this.defaultAuthenticator(usernamePasswordAuthenticator);
}
 

import org.pac4j.core.credentials.authenticator.Authenticator; //导入依赖的package包/类
public Authenticator<C, WC> getAuthenticator() {
    return authenticator;
}