Pac4j authorizers ignored fix #1629

Author: jknack

docs/asciidoc/modules/pac4j.adoc

@@ -273,6 +273,57 @@ import io.jooby.pac4j.Pac4jModule
 
 All routes under `/admin` will be protected by Pac4j.
 
+=== Authorizer
+
+Authorizers are registered and group by path. We do provide couple of ways to specific an authorizer:
+
+.Manual configuration
+[source, java]
+-----
+import org.pac4j.core.config.Config;
+{
+  
+  Config pac4j = new Config();
+
+  pac4j.addAuthorizer("test", new Authorizer<CommonProfile>() {
+	@Override public boolean isAuthorized(WebContext context, List<CommonProfile> profiles) {
+		return false;
+	}
+  });
+
+  install(
+      new Pac4jModule(pac4j)
+          .client("/api/*", "test", conf -> {...});
+  );
+}
+-----
+
+.Automatic configuration
+[source, java]
+-----
+{
+  
+  install(
+      new Pac4jModule()
+          .client("/api/*", new MyTestAuthorizer(), conf -> {...});
+  );
+}
+-----
+
+.Registry  (or dependency injection) integration
+[source, java]
+-----
+{
+  
+  install(
+      new Pac4jModule()
+          .client("/api/*", MyTestAuthorizer.class, conf -> {...});
+  );
+}
+-----
+
+This last example ask application registry (dependency injection framework usually) to provisioning the `MyTestAuthorizer` authorizer.
+
 === Advanced Usage
 
 You can customize default options by using the javadoc:pac4j.Pac4jOptions[] and/or providing your

modules/jooby-pac4j/src/main/java/io/jooby/internal/pac4j/ForwardingAuthorizer.java

@@ -0,0 +1,29 @@
+package io.jooby.internal.pac4j;
+
+import io.jooby.Registry;
+import org.pac4j.core.authorization.authorizer.Authorizer;
+import org.pac4j.core.context.WebContext;
+
+import java.util.List;
+
+public class ForwardingAuthorizer implements Authorizer {
+  private Registry registry;
+
+  private Class authorizerType;
+
+  public ForwardingAuthorizer(Class authorizerType) {
+    this.authorizerType = authorizerType;
+  }
+
+  @Override public boolean isAuthorized(WebContext context, List profiles) {
+    return authorizer(authorizerType).isAuthorized(context, profiles);
+  }
+
+  private Authorizer authorizer(Class authorizerType) {
+    return (Authorizer) registry.require(authorizerType);
+  }
+
+  public void setRegistry(Registry registry) {
+    this.registry = registry;
+  }
+}

modules/jooby-pac4j/src/main/java/io/jooby/internal/pac4j/SecurityFilterImpl.java

@@ -34,21 +34,22 @@ public class SecurityFilterImpl implements Route.Decorator, Route.Handler {
 
   private String authorizers;
 
-  public SecurityFilterImpl(String pattern, Config config, Pac4jOptions options, List<Client> clients) {
+  public SecurityFilterImpl(String pattern, Config config, Pac4jOptions options,
+      List<Client> clients, List<String> authorizers) {
     this.pattern = pattern;
     this.config = config;
     this.options = options;
     this.clients = clients.stream().map(it -> it.getName())
         .collect(Collectors.joining(Pac4jConstants.ELEMENT_SEPARATOR));
+    authorizers.forEach(this::addAuthorizer);
   }
 
-  public SecurityFilterImpl addAuthorizer(String authorizer) {
+  public void addAuthorizer(String authorizer) {
     if (authorizers == null) {
       authorizers = authorizer;
     } else {
       authorizers += Pac4jConstants.ELEMENT_SEPARATOR + authorizer;
     }
-    return this;
   }
 
   @Nonnull @Override public Route.Handler apply(@Nonnull Route.Handler next) {