The Inverno framework HTTP security module provides support for securing access to HTTP endpoints.

This module extends the security module and provides components to secure services and resources accessed by HTTP. It provides:

  • basic HTTP authentication (RFC 7617)
  • digest HTTP authentication (RFC 7616)
  • token based authetication
  • Cross-origin resource sharing (CORS) as defined by HTTP CORS protocol
  • Cross-site request forgery attack protection

HTTP endpoints are protected using combinations of security interceptors. More specifically, the SecurityInterceptor shall always be used on protected services or resources, just like the SecurityManager, its role is to authenticate the credentials provided in the request and creates the security context in the exchange context. An AccessControlInterceptor can then be used to control the access to the protected services or resources using the security context. An AuthenticationErrorInterceptor can be used to intercept UNAUTHORIZED(401) errors and request for authentication. For instance, such interceptor can send HTTP basic or digest challenges in the response or it can redirect the client to a login form.

Jeremy Kuhn