DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

How does AI transform chaos engineering from an experiment into a critical capability? Learn how to effectively operationalize the chaos.

Data quality isn't just a technical issue: It impacts an organization's compliance, operational efficiency, and customer satisfaction.

Are you a front-end or full-stack developer frustrated by front-end distractions? Learn to move forward with tooling and clear boundaries.

Developer Experience: Demand to support engineering teams has risen, and there is a shift from traditional DevOps to workflow improvements.

Related

  • Develop a Secure CRUD Application Using Angular and Spring Boot
  • How to Implement Two-Factor Authentication in a Spring Boot OAuth Server? Part 1: Configuration
  • Leveraging Salesforce Using Spring Boot
  • How to Use Java to Build Single Sign-on

Trending

  • The Perfection Trap: Rethinking Parkinson's Law for Modern Engineering Teams
  • Chaos Engineering for Microservices
  • Turbocharge Load Testing: Yandex.Tank + ghz Combo for Lightning-Fast Code Checks
  • Domain-Centric Agile Modeling for Legacy Insurance Systems
  1. DZone
  2. Coding
  3. Frameworks
  4. Secure your Spring Boot Web App in 5 Minutes with pac4j

Secure your Spring Boot Web App in 5 Minutes with pac4j

pac4j is a full security library, easy and powerful, which supports authentication and authorization, but also application logout and advanced features like CSRF protection.

By 
Jérôme Leleu user avatar
Jérôme Leleu
·
Nov. 04, 15 · News
Likes (5)
Comment
Save
Tweet
Share
14.2K Views

Join the DZone community and get the full member experience.

Join For Free

I'm proud to announce the release of spring-webmvc-pac4j v1.0 (https://github.com/pac4j/spring-webmvc-pac4j) based on pac4j v1.8 (https://github.com/pac4j/pac4j) for any Spring MVC / Boot web application. It's a full security library, easy and powerful, which supports authentication and authorization, but also application logout and advanced features like CSRF protection.

It supports most authentication mechanisms: OAuth (Facebook, Twitter, Google, Yahoo...), CAS, HTTP (form, basic auth...), OpenID, SAML, Google App Engine, OpenID Connect, JWT, LDAP, RDBMS, MongoDB and Stormpath and authorization checks (role / permission, CSRF token...)

In four easy steps, secure your webapp:

1) add the dependency on the library (spring-webmvc-pac4j) and on the required authentication mechanisms (the pac4j-oauth library for Facebook for example)

2) define the authentication mechanisms (clients) and authorizers (to check authorizations). For example: Facebook authentication and ROLE_ADMIN

@Configuration
public class Pac4jConfig {

    @Bean
    public Config config() {
        FacebookClient facebookClient = new FacebookClient("fbId", "fbSecret");
        Config config = new Config("http://localhost:8080/callback", facebookClient);
        config.addAuthorizer("admin", new RequireAnyRoleAuthorizer("ROLE_ADMIN"));
        return config;
    }
}

3) Define the callback controller on the /callback url (by scanning the appropriate package):


@ComponentScan(basePackages = "org.pac4j.springframework.web")


4) Secure the /facebook/* url to require the user to be authenticated and perform a Facebook authentication if he is not:

@Configuration
public class SecurityConfig extends WebMvcConfigurerAdapter {

    @Autowired
    private Config config;

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry
          .addInterceptor(new RequiresAuthenticationInterceptor(config, "FacebookClient"))
          .addPathPatterns("/facebook/*");
    }
}

or in addition, requires the user to have the ROLE_ADMIN:

@Configuration
public class SecurityConfig extends WebMvcConfigurerAdapter {

    @Autowired
    private Config config;

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry
          .addInterceptor(new RequiresAuthenticationInterceptor(config, "FacebookClient", "admin"))
          .addPathPatterns("/facebook/*");
    }
}

Read the documentation: https://github.com/pac4j/spring-webmvc-pac4j and the demo: https://github.com/pac4j/spring-webmvc-pac4j-boot-demo

Spring Framework security Spring Boot app authentication

Opinions expressed by DZone contributors are their own.

Related

  • Develop a Secure CRUD Application Using Angular and Spring Boot
  • How to Implement Two-Factor Authentication in a Spring Boot OAuth Server? Part 1: Configuration
  • Leveraging Salesforce Using Spring Boot
  • How to Use Java to Build Single Sign-on

Partner Resources

×

Comments

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • [email protected]

Let's be friends: