Fork me on GitHub

Deadbolt helps secure your apps

Fine-grained authorization for
controllers & templates

Deadbolt has APIs for Java and Scala, giving you idiomatic tools
to control who can do what in your application.

Key features

Deadbolt evolved to solve real-world problems, and its features reflect that.

Java API

Deadbolt's Java API allows you to secure both controllers and templates. Constraints can be applied at both the controller or action level.

If you prefer not to have security concerns defined in controllers, you can also apply them at the route level, centralising your authorization rules; this approach also makes unit and functional testing of controllers easier because the security layer is bypassed. This feature can also be used to protect your static assets.



The documentation and developer hub for Deadbolt's Java API can be found here.

Scala API

Deadbolt's Scala API allows you to secure both controllers and templates. Constraints applied to controller functions can be achieved through action composition or using a constraint builder. If you prefer not to have security concerns defined in controllers, you can also apply them at the route level, centralising your authorization rules; this approach also makes unit and functional testing of controllers easier because the security layer is bypassed. This feature can also be used to protect your static assets.



There's a module that provides bindings for runtime dependency injection, and a trait you can mix into your custom application loader if you're using compile-time dependency injection.



The documentation and developer hub for Deadbolt's Scala API can be found here.

The Play Way

Deadbolt embraces the Play concepts of asynchronicty, non-blocking IO and statelessness.

Controllers

Deadbolt constraints applied to controller actions intercept requests and ensure the current subject is allowed to access them. When access fails, the resulting behaviour can be customised to provide a meaningful response.

Templates

Adding Deadbolt constraints in templates means you can customize views on the server-side based on what a subject is allowed to see. This is not a DOM manipulation that can still be accessed on the client side - anything wrapped in a constraint that is not satisfied is excluded from the response body.


All template constraints have an OR variant, allowing you to define fallback content

Authentication agnostic

Deadbolt doesn't care which authentication mechanism you use, so you're free to use your favourite authentication library or write your own. Authorization is kept isolated from authentication, so it's possible to change your authentication system without affecting your authorization constraints.


It's even possible to have multiple authentication mechanisms within a single application, triggered purely by your Deadbolt authorization configuration.

Deadbolt's Scala API

Semantically versioned documentation and support for the Scala API.

Developer Hub

Deadbolt's Java API

Semantically versioned documentation and support for the Java API.

Developer Hub

What people say about Deadbolt

"With Deadbolt, we got authorisation working in less time than it would have taken us just to figure out what our controllers should look like. " - Peter HiltonSoftware developer, speaker, writer, co-author of ‘Play for Scala

"When starting a project you want to start doing things rather than having to think too much about how to do them. That's why we chose to use Deadbolt, and I never regretted it!"- Francis De BrabandereCo-founder of Carambla, VP Engineering at waylay.io

"Deadbolt is the de facto standard authorisation library for Play Framework projects."- Manuel BernhardtSoftware engineer, trainer, conference speaker, writer, author of ‘Reactive Web Applications


If you would like to add a testimonial, please get in touch at deadbolt@objectify.be.

Get the book!

The definitive guide to Deadbolt.

Full of examples, this book provides a complete guide
to working with Deadbolt in both Java and Scala.

LEARN MORE
img

Sponsors



Jetbrains contributed an open-source license for its awesome IDE, IntelliJ IDEA.


IntelliJ IDEA, the award-winning Java IDE, is designed to improve developer productivity. Its intelligent editor, code analyzer, and powerful set of refactorings support a wide range of programming languages, frameworks and technologies, and are ready to use right out of the box.



Deadbolt uses Travis CI for build testing and deployment of snapshots.


Travis CI is a hosted continuous integration and deployment system. There are two versions of it, travis-ci.com for private repositories, and travis-ci.org for public repositories.Travis CI provides continuous integration for Deadbolt.



YourKit kindly contributed an open-source license for its superb profiler, and Deadbolt uses it to analyse runtime behaviour.


YourKit supports open source projects with its full-featured Java Profiler. YourKit, LLC is the creator of YourKit Java Profiler and YourKit .NET Profiler, innovative and intelligent tools for profiling Java and .NET applications.