pac4j

pac4j

Authentication module via: Pac4j.

exports

dependency

<dependency>
  <groupId>org.jooby</groupId>
  <artifactId>jooby-pac4j</artifactId>
  <version>1.0.3</version>
</dependency>

usage

{

  get("/public", () -> ..);

  use(new Auth());

  get("/private", () -> ..);
}

Previous example adds a very basic but ready to use form login auth every time you try to access to /private or any route defined below the auth module.

clients

Pac4j is a powerful library that supports multiple clients and/or authentication protocols. In the next example, we will see how to configure the most basic of them, but also some complex protocols.

basic auth

If basic auth is all you need, then:

{
  use(new Auth().basic());
}

A IndirectBasicAuthClient depends on UsernamePasswordAuthenticator, default is SimpleTestUsernamePasswordAuthenticator which is great for development, but nothing good for other environments. Next example setup a basic auth with a custom: UsernamePasswordAuthenticator:

{
  use(new Auth().basic("*", MyUsernamePasswordAuthenticator.class));
}

form auth

Form authentication will be activated by calling form:

{
  use(new Auth().form());
}

Form is the default authentication method so previous example is the same as:

{
  use(new Auth());
}

Like basic auth, form auth depends on a UsernamePasswordAuthenticator.

A login form will be ready under the path: /login. Again, it is a very basic login form useful for development. If you need a custom login page, just add a route before the Auth module, like: </p>

{
  get("/login", () -> Results.html("login"));

  use(new Auth());
}

Simply and easy!

oauth, openid, etc…

Twitter, example:

{
  use(new Auth()
    .client(conf ->
       new TwitterClient(conf.getString("twitter.key"), conf.getString("twitter.secret"))));
}

Keep in mind you will have to add the require Maven dependency to your project, beside that it is pretty straight forward.

protecting urls

By default a Client will protect all the urls defined below the module, because routes in are executed in the order they where defined.

You can customize what urls are protected by specifying a path pattern:

{
  use(new Auth().form("/private/**"));

  get("/hello", () -> "no auth");

  get("/private", () -> "auth");
}

Here the /hello path is un-protected, because the client will intercept everything under /private.

user profile

Jooby relies on AuthStore for saving and retrieving a CommonProfile. By default, the CommonProfile is stored in the Session via auth session store

After a successful authentication the CommonProfile is accessible as a request scoped attribute:

{
  use(new Auth().form());

  get("/private", req -> require(HttpProfile.class));
}

facebook (or any oauth, openid, etc…)

{
  use(new Auth().client(new FacebookClient(key, secret));

  get("/private", req -> require(FacebookProfile.class));
}

Custom AuthStore is provided via Auth#store method:

{
  use(new Auth().store(MyDbStore.class));

  get("/private", req -> require(HttpProfile.class));
}

logout

A default /logout handler is provided it too. The handler will remove the profile from AuthStore by calling the AuthStore#unset method. The default login will redirect to /.

A custom logout and redirect urls can be set via .conf file or programmatically:

{
  use(new Auth().logout("/mylogout", "/redirectTo"));
}

That’s all folks! Enjoy it!!!

auth.conf

auth {

  # default callback, like http://localhost:8080/auth 
  callback = "http://"${application.host}":"${application.port}${contextPath}"/auth"

  # login options 
  login {

    # Where to go after a successful login? Default is: ${application.path} 
    redirectTo = ""

  }

  # logout options 
  logout {

    url = /logout

    redirectTo = ${application.path}

  }

  # form auth 
  form.loginUrl = /login

}

Share