I am using DirectBearerAuthClient with Authorizes. According to the pac4j default behavior if multiple authorizes aredefined , then all should be stisfied, lets take below example, there are two authorizes and a URL
Authorizer : allowRead, allowRight URL: /student/action
#Config Ex1:
pac4j.security.rules = [
{
"/student/action" = {
authorizers = "allowRead,AllowRight"
clients = "DirectBearerAuthClient"
}
}
]
#Config Ex2:
pac4j.security.rules = [
{
"/student/action" = {
authorizers = "allowRead"
clients = "DirectBearerAuthClient"
}
}
]
Ex1 : both Authorizes should be statisifed "allowRead,AllowRight" to access the URL, so both should be satisfied
Ex2 : only one authorized "allowRead" should be satisfied to access the URL, if user have "allowWrite" instead of "allowReady" then not to access URL
is it possible to configure Authorize as with 'OR' condition , like authorizers = "allowRead OR AllowRight", which mean any user has one to these two authorizes can access the URL , for example to configure something like
pac4j.security.rules = [
{
"/student/action" = {
authorizers = "allowRead OR AllowRight"
clients = "DirectBearerAuthClient"
}
}
]
The authorizers listed in the authorizers parameter must be all satisfied, meaning they are treated as "AND".
If you want to implement the "OR" logic, you must define a specific authorizer based on the OrAuthorizer. Example:
final Config c = new Config(clients);
c.addAuthorizer("orAuthorizer",
OrAuthorizer.or(
new RequireAnyRoleAuthorizer("allowRead"),
new RequireAnyRoleAuthorizer("AllowRight")
)
);
return c;