Skip to content

pac4j/lagom-pac4j

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
3 branches 6 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.mvn/wrapper
 
 
lagom-pac4j_2.11
 
 
lagom-pac4j_2.12
 
 
lagom-pac4j_2.13
 
 
shared/src
 
 
travis
 
 
.gitignore
 
 
.travis.yml
 
 
README.md
 
 
findbugs-exclude.xml
 
 
mvnw
 
 
mvnw.cmd
 
 
pom.xml
 
 
Usage 1) Add the required dependencies 2) Define: - the security configuration 3) Apply security and get the authenticated user profiles Demos Versions Need help?

README.md

The lagom-pac4j project is an easy and powerful security library for Lagom framework which supports authentication and authorization. It's based on Lagom 1.5/1.6 (and Scala 2.11/2.12/2.13) and the pac4j security engine v3. It's available under the Apache 2 license.

Several versions of the library are available for the different versions of the Lagom framework:

Lagom version pac4j version lagom-pac4j version
1.4+ 3.6 1.x.y (Java & Scala)
1.[5|6]+ 3.7 2.x.y (Java & Scala)

Main concepts and components:

  1. A client represents an authentication mechanism. It performs the login process and returns a user profile. An indirect client is for web applications authentication while a direct client is for web services authentication:

▸ OAuth - SAML - CAS - OpenID Connect - HTTP - OpenID - Google App Engine - Kerberos - LDAP - SQL - JWT - MongoDB - CouchDB - IP address - REST API

  1. An authorizer is meant to check authorizations on the authenticated user profile(s) or on the current web context:

▸ Roles / permissions - Anonymous / remember-me / (fully) authenticated - Profile type, attribute - CORS - CSRF - Security headers - IP address, HTTP method

  1. The SecuredService interface/trait protect methods in Lagom service by checking that the user is authenticated and that the authorizations are valid, according to the clients and authorizers configuration. If the user is not authenticated, the method can be processed with an anonymous profile.

Usage

1) Add the required dependencies

2) Define:

- the security configuration

3) Apply security and get the authenticated user profiles

Demos

Two demo services demonstrate authenticate/authorize by JWT: (Scala/Sbt demo, Java/Maven demo)

Versions

The latest released version is the Maven The next version is under development.

See the release notes. Learn more by browsing the pac4j documentation and the lagom-pac4j Javadoc.

Need help?

If you need commercial support (premium support or new/specific features), contact us at info@pac4j.org.

If you have any questions, want to contribute or be notified about the new releases and security fixes, please subscribe to the following mailing lists:

About

Security library for Lagom

www.pac4j.org

Resources

Readme

Stars

22 stars

Watchers

6 watching

Forks

4 forks

Releases 6

2.2.1 Latest
Nov 9, 2020
+ 5 releases

Packages

No packages published

Contributors 5

Languages