HTTP Web Security

General Web Validation

Captcha Mechanism

HTTP Standard Authentication

API Features

Other Practical Features

AJ Security: A Practical Java Web Security Library

Based on the Spring/HandlerInterceptor mechanism, this library abstracts a set of filtering/validation mechanisms, forming a unified invocation chain that is flexibly configurable and extensible. The architecture of this security framework is simple, the code is concise, and it has no additional dependencies, making it suitable for any Spring-based project. Spring Boot applications can use it out of the box by simply importing the jar package.

The features of this framework include:

  • HTTP Web Security
    • HTTP Referer validation
    • Timestamp encrypted token validation
    • IP whitelist/blacklist
    • Prevention of duplicate submissions
    • IP region-based restrictions (TODO)
  • General Web Validation
    • XSS attack prevention
    • CRLF attack prevention
    • Cookie size check
  • HTTP Standard Authentication
    • HTTP Basic Auth authentication
    • HTTP Digest Auth authentication

  • Captcha Mechanisms

    • Simple Java image captcha
    • Image captcha based on kaptcha
    • Captcha based on Google Recaptcha
    • Captcha based on CloudFlare Turnstile

  • API Interface Features

    • Rate limiting and quota (TODO)

  • Other Practical Features

    • Entity field desensitization
    • API interface encryption/decryption

The code of AJ Security is small, straightforward and well commented. There are not much third-party dependencies, just Java 8 requires.

Source Code

Under Apache License v3.0.

Links

User Manual | JavaDoc | DeepWiki