Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Secure Your Vertx 3 App With Pac4j

DZone's Guide to

Secure Your Vertx 3 App With Pac4j

The new vertx-pac4j version 2 is out, and can be used to secure Vertx 3 apps! Here's a brief overview of v2.0, and four steps to secure webapps.

· Web Dev Zone
Free Resource

Should you build your own web experimentation solution? Download this whitepaper by Optimizely to find out.

I'm proud to announce the release of vertx-pac4j v2.0 (https://github.com/pac4j/vertx-pac4j) based on pac4j v1.8 (https://github.com/pac4j/pac4j) for any Vert.x 3 web application. It's now a full security library, easy and powerful, which supports authentication and authorization, but also application logout and advanced features like CSRF protection.

It supports most authentication mechanisms: OAuth (Facebook, Twitter, Google, Yahoo...), CAS, HTTP (form, basic auth...), OpenID, SAML, Google App Engine, OpenID Connect, JWT, LDAP, RDBMS, MongoDB, and Stormpath and authorization checks (role/permission, CSRF token...)

In four easy steps, secure your webapp:

1) Add the dependencies on the library (vertx-pac4j library) and on the required authentication mechanisms (the pac4j-oauth module for Facebook for example)

2) Define the authentication mechanisms (clients) and authorizers (to check authorizations). For example: Facebook authentication and ROLE_ADMIN

FacebookClient facebookClient = new FacebookClient("mykey", "mysecret");
Config config = new Config("http://localhost:9000/callback", facebookClient);
config.addAuthorizer("admin", new RequireAnyRoleAuthorizer("ROLE_ADMIN"));

3) Define the callback handler for Facebook authentication:

CallbackHandler callbackHandler = new CallbackHandler(vertx, config);
router.get("/callback").handler(callbackHandler);
router.post("/callback").handler(BodyHandler.create().setMergeFormAttributes(true));
router.post("/callback").handler(callbackHandler);

4) Secure the /facebook/index.html url to require the user to be authenticated and perform a Facebook authentication if he is not:

Pac4jAuthProvider authProvider = new Pac4jAuthProvider();
Pac4jAuthHandlerOptions options = new Pac4jAuthHandlerOptions()
  .withClientName("FacebookClient");
router.get("/facebook/index.html")
  .handler(new RequiresAuthenticationHandler(vertx, config, authProvider, options));

and/or to require the user to have the ROLE_ADMIN:

Pac4jAuthHandlerOptions options = new Pac4jAuthHandlerOptions()
  .withClientName("FacebookClient").withAuthorizerName("admin");

Read the documentation: https://github.com/pac4j/vertx-pac4j and try the demo: https://github.com/pac4j/vertx-pac4j-demo

Implementing an Experimentation Solution: Choosing whether to build or buy?

Topics:
vertx ,security

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}