1) Aclient represents an authentication mechanism (flow). It performs the login process and returns a user profile. An indirect client is for UI authentication while a direct client is for web services authentication

2) Anauthenticator is a subcomponent ofclients to validate credentials. It is related to theProfileService component which handles the creation, update, and removal of users

3) Anauthorizer is meant to check authorizations on the authenticated user profile(s) or on the current web context

4) Amatcher defines whether the security must apply on thesecurity filter or additional web processing (security headers for example)

5) Aconfig defines the security configuration composed of clients, authorizers and matchers

6) Auser profile is the profile of the authenticated user. It has an identifier, attributes, roles, a “remember-me” nature and a linked identifier (to another account)

7) Theweb context is an abstraction of the HTTP request and response specific to thepac4j implementation

8) Thesession store is an abstraction of the HTTP session specific to thepac4j implementation

9) The“security filter” (or whatever the mechanism used to intercept HTTP requests) protects an URL by checking that the user is authenticated and that the authorizations are valid, according to the clients and authorizers configuration. If the user is not authenticated, it performs authentication for direct clients or starts the login process for indirect clients

10) The“callback endpoint” finishes the login process for an indirect client

11) The“logout endpoint” handles the application and/or the identity server logouts