Over a million developers have joined DZone.

Secure Your Vertx 3 App With Pac4j

The new vertx-pac4j version 2 is out, and can be used to secure Vertx 3 apps! Here's a brief overview of v2.0, and four steps to secure webapps.

· Web Dev Zone

Make the transition to Node.js if you are a Java, PHP, Rails or .NET developer with these resources to help jumpstart your Node.js knowledge plus pick up some development tips.  Brought to you in partnership with IBM.

I'm proud to announce the release of vertx-pac4j v2.0 (https://github.com/pac4j/vertx-pac4j) based on pac4j v1.8 (https://github.com/pac4j/pac4j) for any Vert.x 3 web application. It's now a full security library, easy and powerful, which supports authentication and authorization, but also application logout and advanced features like CSRF protection.

It supports most authentication mechanisms: OAuth (Facebook, Twitter, Google, Yahoo...), CAS, HTTP (form, basic auth...), OpenID, SAML, Google App Engine, OpenID Connect, JWT, LDAP, RDBMS, MongoDB, and Stormpath and authorization checks (role/permission, CSRF token...)

In four easy steps, secure your webapp:

1) Add the dependencies on the library (vertx-pac4j library) and on the required authentication mechanisms (the pac4j-oauth module for Facebook for example)

2) Define the authentication mechanisms (clients) and authorizers (to check authorizations). For example: Facebook authentication and ROLE_ADMIN

FacebookClient facebookClient = new FacebookClient("mykey", "mysecret");
Config config = new Config("http://localhost:9000/callback", facebookClient);
config.addAuthorizer("admin", new RequireAnyRoleAuthorizer("ROLE_ADMIN"));

3) Define the callback handler for Facebook authentication:

CallbackHandler callbackHandler = new CallbackHandler(vertx, config);
router.get("/callback").handler(callbackHandler);
router.post("/callback").handler(BodyHandler.create().setMergeFormAttributes(true));
router.post("/callback").handler(callbackHandler);

4) Secure the /facebook/index.html url to require the user to be authenticated and perform a Facebook authentication if he is not:

Pac4jAuthProvider authProvider = new Pac4jAuthProvider();
Pac4jAuthHandlerOptions options = new Pac4jAuthHandlerOptions()
  .withClientName("FacebookClient");
router.get("/facebook/index.html")
  .handler(new RequiresAuthenticationHandler(vertx, config, authProvider, options));

and/or to require the user to have the ROLE_ADMIN:

Pac4jAuthHandlerOptions options = new Pac4jAuthHandlerOptions()
  .withClientName("FacebookClient").withAuthorizerName("admin");

Read the documentation: https://github.com/pac4j/vertx-pac4j and try the demo: https://github.com/pac4j/vertx-pac4j-demo

Learn why developers are gravitating towards Node and its ability to retain and leverage the skills of JavaScript developers and the ability to deliver projects faster than other languages can.  Brought to you in partnership with IBM.

Topics:
vertx ,security

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}