Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Secure Your SparkJava Webapp With pac4j

DZone's Guide to

Secure Your SparkJava Webapp With pac4j

I'm proud to announce the release of spark-pac4j v1.1 based on pac4j v1.8 for any SparkJava v2.3 web application. It's a full security library, easy and powerful, which supports authentication and authorization, but also application logout and advanced features like CSRF protection.

· Web Dev Zone ·
Free Resource

Deploying code to production can be filled with uncertainty. Reduce the risks, and deploy earlier and more often. Download this free guide to learn more. Brought to you in partnership with Rollbar.

I'm proud to announce the release of spark-pac4j v1.1 (https://github.com/pac4j/spark-pac4j) based on pac4j v1.8 (https://github.com/pac4j/pac4j) for any SparkJava v2.3 web application. It's a full security library, easy and powerful, which supports authentication and authorization, but also application logout and advanced features like CSRF protection.

It supports most authentication mechanisms: OAuth (Facebook, Twitter, Google, Yahoo...), CAS, HTTP (form, basic auth...), OpenID Connect, SAML, Google App Engine, JWT, LDAP, RDBMS, MongoDB, and Stormpath as well as most authorization checks (role/permission, CSRF token...)

In four easy steps, secure your webapp:

1) Add the dependencies on the library (spark-pac4j library) and on the required authentication mechanisms (the pac4j-oauth module for Facebook for example)

2) Define the authentication mechanisms (clients) and authorizers (to check authorizations). For example: Facebook authentication and ROLE_ADMIN

FacebookClient facebookClient = new FacebookClient("mykey", "mysecret");
Config config = new Config("http://localhost:9000/callback", facebookClient);
config.addAuthorizer("admin", new RequireAnyRoleAuthorizer("ROLE_ADMIN"));

3) Define the callback route for Facebook authentication:

Route callback = new CallbackRoute(config);
get("/callback", callback);
post("/callback", callback);

4) Secure the /facebook/* URL to require the user to be authenticated and perform a Facebook authentication if he is not:

before("/facebook/*", new RequiresAuthenticationFilter(config, "FacebookClient"));

And/or to require the user to have the ROLE_ADMIN:

before("/facebook/*", new RequiresAuthenticationFilter(config, "FacebookClient", "admin"));

Very easy, isn't it?

Try the demo: https://github.com/pac4j/spark-pac4j-demo and read the documentation: https://github.com/pac4j/spark-pac4j

Deploying code to production can be filled with uncertainty. Reduce the risks, and deploy earlier and more often. Download this free guide to learn more. Brought to you in partnership with Rollbar.

Topics:
spark ,java ,security

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}