I'm proud to announce the release of spark-pac4j v1.1 (https://github.com/pac4j/spark-pac4j) based on pac4j v1.8 (https://github.com/pac4j/pac4j) for any SparkJava v2.3 web application. It's a full security library, easy and powerful, which supports authentication and authorization, but also application logout and advanced features like CSRF protection.
It supports most authentication mechanisms: OAuth (Facebook, Twitter, Google, Yahoo...), CAS, HTTP (form, basic auth...), OpenID Connect, SAML, Google App Engine, JWT, LDAP, RDBMS, MongoDB, and Stormpath as well as most authorization checks (role/permission, CSRF token...)
In four easy steps, secure your webapp:
1) Add the dependencies on the library (spark-pac4j library) and on the required authentication mechanisms (the pac4j-oauth module for Facebook for example)
2) Define the authentication mechanisms (clients) and authorizers (to check authorizations). For example: Facebook authentication and ROLE_ADMIN
FacebookClient facebookClient = new FacebookClient("mykey", "mysecret"); Config config = new Config("http://localhost:9000/callback", facebookClient); config.addAuthorizer("admin", new RequireAnyRoleAuthorizer("ROLE_ADMIN"));
3) Define the callback route for Facebook authentication:
Route callback = new CallbackRoute(config); get("/callback", callback); post("/callback", callback);
4) Secure the /facebook/* URL to require the user to be authenticated and perform a Facebook authentication if he is not:
before("/facebook/*", new RequiresAuthenticationFilter(config, "FacebookClient"));
And/or to require the user to have the ROLE_ADMIN:
before("/facebook/*", new RequiresAuthenticationFilter(config, "FacebookClient", "admin"));
Very easy, isn't it?