A Cloud-Native Security Monitoring and Protection for Modern Applications
Documentation | Quick Start | Blog | Chat with us on Slack!
SecureNative performs user monitoring by analyzing user interactions with your application and various factors such as network, devices, locations and access patterns to stop and prevent account takeover attacks.
When using Maven, add the following dependency to your pom.xml
file:
<dependency>
<groupId>com.securenative.java</groupId>
<artifactId>securenative-java</artifactId>
<version>LATEST</version>
</dependency>
When using Gradle, add the following dependency to your build.gradle
file:
compile group: 'com.securenative.java', name: 'sdk-parent', version: '0.3.1', ext: 'pom'
When using SBT, add the following dependency to your build.sbt
file:
libraryDependencies += "com.securenative.java" % "sdk-parent" % "0.3.1" pomOnly()
To get your API KEY, login to your SecureNative account and go to project settings page:
SecureNative can automatically load your config from securenative.properties file or from the file that is specified in your SECURENATIVE_CONFIG_FILE env variable:
// Options 1: Use default config file path
try {
SecureNative securenative = SecureNative.init();
} catch (SecureNativeSDKException | SecureNativeConfigException e) {
e.printStackTrace();
}
// Options 2: Use specific config file path
Path path = Paths.get("/path/to/securenative.properties");
try {
SecureNative.init(path);
} catch (SecureNativeSDKException | SecureNativeConfigException e) {
System.err.printf("Could not initialize SecureNative sdk; %s%n", e);
}
try {
SecureNative securenative = SecureNative.init("YOUR_API_KEY");
} catch (SecureNativeSDKException | SecureNativeConfigException e) {
e.printStackTrace();
}
try {
securenative = SecureNative.init(SecureNative.configBuilder()
.withApiKey("API_KEY")
.withMaxEvents(10)
.withLogLevel("error")
.build());
} catch (SecureNativeSDKException e) {
e.printStackTrace();
}
Once initialized, sdk will create a singleton instance which you can get:
SecureNative securenative = null;
try {
securenative = SecureNative.getInstance();
} catch (SecureNativeSDKIllegalStateException e) {
System.err.printf("Could not get SecureNative instance; %s%n", e);
}
Once the SDK has been initialized, tracking requests sent through the SDK instance. Make sure you build event with the EventBuilder:
@RequestMapping("/track")
public void track() {
SecureNative securenative = null;
try {
securenative = SecureNative.getInstance();
} catch (SecureNativeSDKIllegalStateException e) {
System.err.printf("Could not get SecureNative instance; %s%n", e);
}
SecureNativeContext context = SecureNative.contextBuilder()
.withIp("37.86.255.94")
.withClientToken("SECURENATIVE_CLIENT_TOKEN")
.withHeaders(Maps.defaultBuilder()
.put("user-agent", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36")
.build())
.build();
EventOptions eventOptions = null;
try {
eventOptions = EventOptionsBuilder.builder(EventTypes.LOG_IN)
.userId("1234")
.userTraits("Your Name", "name@gmail.com", "+1234567890")
.context(context)
.properties(Maps.builder()
.put("prop1", "CUSTOM_PARAM_VALUE")
.put("prop2", true)
.put("prop3", 3)
.build())
.timestamp(new Date())
.build();
} catch (SecureNativeInvalidOptionsException e) {
e.printStackTrace();
}
try {
securenative.track(eventOptions);
} catch (SecureNativeInvalidOptionsException e) {
e.printStackTrace();
}
}
You can also create request context from HttpServletRequest:
@RequestMapping("/track")
public void track(HttpServletRequest request, HttpServletResponse response) {
SecureNative securenative = null;
try {
securenative = SecureNative.getInstance();
} catch (SecureNativeSDKIllegalStateException e) {
System.err.printf("Could not get SecureNative instance; %s%n", e);
}
SecureNativeContext context = securenative.fromHttpServletRequest(request).build();
EventOptions eventOptions = null;
try {
eventOptions = EventOptionsBuilder.builder(EventTypes.LOG_IN)
.userId("1234")
.userTraits("Your Name", "name@gmail.com", "+1234567890")
.context(context)
.properties(Maps.builder()
.put("prop1", "CUSTOM_PARAM_VALUE")
.put("prop2", true)
.put("prop3", 3)
.build())
.timestamp(new Date())
.build();
} catch (SecureNativeInvalidOptionsException e) {
e.printStackTrace();
}
try {
securenative.track(eventOptions);
} catch (SecureNativeInvalidOptionsException e) {
e.printStackTrace();
}
}
Example
@RequestMapping("/verify")
public void verify(HttpServletRequest request, HttpServletResponse response) {
SecureNative securenative = null;
try {
securenative = SecureNative.getInstance();
} catch (SecureNativeSDKIllegalStateException e) {
System.err.printf("Could not get SecureNative instance; %s%n", e);
}
SecureNativeContext context = securenative.fromHttpServletRequest(request).build();
EventOptions eventOptions = null;
try {
eventOptions = EventOptionsBuilder.builder(EventTypes.LOG_IN)
.userId("1234")
.userTraits("Your Name", "name@gmail.com", "+1234567890")
.context(context)
.properties(Maps.builder()
.put("prop1", "CUSTOM_PARAM_VALUE")
.put("prop2", true)
.put("prop3", 3)
.build())
.timestamp(new Date())
.build();
} catch (SecureNativeInvalidOptionsException e) {
e.printStackTrace();
}
VerifyResult verifyResult = null;
try {
verifyResult = securenative.verify(eventOptions);
} catch (SecureNativeInvalidOptionsException e) {
e.printStackTrace();
}
verifyResult.getRiskLevel(); // Low, Medium, High
verifyResult.getScore(); // Risk score: 0 -1 (0 - Very Low, 1 - Very High)
verifyResult.getTriggers(); // ["TOR", "New IP", "New City"]
}
Apply our filter to verify the request is from us, example in spring:
@RequestMapping("/webhook")
public void webhookEndpoint(HttpServletRequest request, HttpServletResponse response) {
SecureNative securenative = null;
try {
securenative = SecureNative.getInstance();
} catch (SecureNativeSDKIllegalStateException e) {
System.err.printf("Could not get SecureNative instance; %s%n", e);
}
// Checks if request is verified
Boolean isVerified = securenative.verifyRequestPayload(request);
}
You can specify custom header keys to allow extraction of client ip from different providers. This example demonstrates the usage of proxy headers for ip extraction from Cloudflare.
SECURENATIVE_API_KEY="YOUR_API_KEY"
SECURENATIVE_PROXY_HEADERS=["CF-Connecting-IP"]
Initialize sdk as shown above.
try {
securenative = SecureNative.init(SecureNative.configBuilder()
.withApiKey("API_KEY")
.WithProxyHeaders(new ["CF-Connecting-IP"])
.build());
} catch (SecureNativeSDKException e) {
e.printStackTrace();
}
By default, SecureNative SDK remove any known pii headers from the received request. We also support using custom pii headers and regex matching via configuration, for example:
SECURENATIVE_API_KEY="YOUR_API_KEY"
SECURENATIVE_PII_HEADERS=["apiKey"]
Initialize sdk as shown above.
try {
securenative = SecureNative.init(SecureNative.configBuilder()
.withApiKey("API_KEY")
.WithPiiRegexPattern("((?i)(http_auth_)(\\w+)?)")
.build());
} catch (SecureNativeSDKException e) {
e.printStackTrace();
}