<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"/>
<title>AJ Security/Home</title>
<meta name="description" content="A Practical Java Web Security Library. AJ Security Introduction"/>
<meta name="keywords" content="security, xss, csrf, captcha, AJ Security Introduction"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<link rel="stylesheet" href="https://framework.ajaxjs.com/static/font/font.css" />
<link rel="stylesheet" href="/asset/main.css"/>
<link rel="icon" type="image/x-icon" href="https://framework.ajaxjs.com/aj-logo/logo.ico"/>
<script src="https://framework.ajaxjs.com/static/aj-docs/common.js"></script>
<script>
var userLang = navigator.language || navigator.userLanguage;
if (userLang.startsWith('zh') && location.pathname.indexOf('cn') == -1) {
confirm('欢迎!您可以改为访问中文内容。是否继续?') && location.assign('/cn');
}
var _hmt = _hmt || [];
(function() {
var hm = document.createElement("script");
hm.src = "https://hm.baidu.com/hm.js?950ba5ba1f1fe4906c3b4cf836080f03";
var s = document.getElementsByTagName("script")[0];
s.parentNode.insertBefore(hm, s);
})();
</script>
</head>
<body>
<nav>
<div>
<div class="links">
<a href="/">🏠 Home</a>
| ⚙️ Source:
<a target="_blank" href="https://github.com/lightweight-component/aj-security">Github</a>/<a target="_blank" href="https://gitcode.com/lightweight-component/aj-security">Gitcode</a>
|
<a href="/cn">Chinese Version</a>
</div>
<h1><img src="https://framework.ajaxjs.com/aj-logo/logo.png" style="vertical-align: middle;height: 45px;margin-bottom: 6px;" /> AJ Security</h1>
<h3>User Manual</h3>
</div>
</nav>
<div>
<menu>
<ul>
<li class="selected">
<a href="/">Home</a>
</li>
<li>
<a href="/install">Installation & Configuration</a>
</li>
</ul>
<h3>HTTP Web Security</h3>
<ul>
<li>
<a href="/http/http-referer">HTTP Referer Validation</a>
</li>
<li>
<a href="/http/timestamp">Timestamp Encrypted Token Validation</a>
</li>
<li>
<a href="/http/paramssign">Parameter Signature</a>
</li>
<li>
<a href="/http/ip-list">IP Whitelist/Blacklist</a>
</li>
<li>
<a href="/http/nonrepeatsubmit">Prevent Duplicate Submission</a>
</li>
</ul>
<h3>General Web Validation</h3>
<ul>
<li>
<a href="/classic/xss">Prevent XSS Attacks</a>
</li>
<li>
<a href="/classic/crlf">Prevent CRLF Attacks</a>
</li>
</ul>
<h3>Captcha Mechanism</h3>
<ul>
<li><a href="/captcha/img-captcha">Image Captcha</a></li>
<li><a href="/captcha/google">Google-based Captcha</a></li>
<li><a href="/captcha/cf">CloudFlare-based Captcha</a></li>
</ul>
<h3>HTTP Standard Authentication</h3>
<ul>
<li><a href="/auth/http-basic-auth">HTTP Basic Auth</a></li>
<li><a href="/auth/http-digest-auth">HTTP Digest Auth</a></li>
</ul>
<h3>API Features</h3>
<ul>
<li><a href="/api/limit">Rate Limiting</a></li>
</ul>
<h3>Other Practical Features</h3>
<ul>
<li><a href="/misc/desensitize">Field Desensitization</a></li>
<li><a href="/misc/encryption-api">API Encryption</a></li>
<li><a href="/misc/trace-id">Trace Tracking</a></li>
</ul>
</menu>
<article>
<h1>AJ Security: A Practical Java Web Security Library</h1>
<p>Based on the Spring/HandlerInterceptor mechanism, this library abstracts a set of filtering/validation mechanisms,
forming a unified invocation chain that is flexibly configurable and extensible. The architecture of this security
framework is simple, the code is concise, and it has no additional dependencies, making it suitable for any Spring-based
project. Spring Boot applications can use it out of the box by simply importing the jar package.</p>
<p>The features of this framework include:</p>
<style>
table, table td {
border: 0!important;
}
table td {
text-align: left;
vertical-align: top;
}
</style>
<table><tr><td>
<ul>
<li>HTTP Web Security
<ul>
<li>HTTP Referer validation</li>
<li>Timestamp encrypted token validation</li>
<li>IP whitelist/blacklist</li>
<li>Prevention of duplicate submissions</li>
<li>IP region-based restrictions (TODO)</li>
</ul>
</li>
<li>General Web Validation
<ul>
<li>XSS attack prevention</li>
<li>CRLF attack prevention</li>
<li>Cookie size check</li>
</ul>
</li>
<li>HTTP Standard Authentication
<ul>
<li>HTTP Basic Auth authentication</li>
<li>HTTP Digest Auth authentication</li>
</ul>
</li>
</ul>
</td>
<td>
<ul>
<li>
<p>Captcha Mechanisms</p>
<ul>
<li>Simple Java image captcha</li>
<li>Image captcha based on kaptcha</li>
<li>Captcha based on Google Recaptcha</li>
<li>Captcha based on CloudFlare Turnstile</li>
</ul>
</li>
<li>
<p>API Interface Features</p>
<ul>
<li>Rate limiting and quota (TODO)</li>
</ul>
</li>
<li>
<p>Other Practical Features</p>
<ul>
<li>Entity field desensitization</li>
<li>API interface encryption/decryption</li>
</ul>
</li>
</ul>
</td></tr></table>
<p>The code of AJ Security is small(A JAR of approximately 100 KB), straightforward and well commented. There are not much third-party dependencies, just
Java 8 requires.</p>
<h2>Source Code</h2>
<p>Under Apache License v3.0.</p>
<ul>
<li>Github: <a href="https://github.com/lightweight-component/aj-security">https://github.com/lightweight-component/aj-security</a></li>
<li>Gitcode: <a href="https://gitcode.com/lightweight-component/aj-security">https://gitcode.com/lightweight-component/aj-security</a>,
for Chinese users faster access.</li>
</ul>
<h2>Links</h2>
<p><a href="https://security.ajaxjs.com">User Manual</a> | <a href="https://javadoc.io/doc/com.ajaxjs/aj-security">JavaDoc</a> | <a href="https://deepwiki.com/lightweight-component/aj-security">DeepWiki</a></p>
</article>
</div>
<footer>
AJ Security, a part of
<a href="https://framework.ajaxjs.com" target="_blank">AJ-Framework</a>
open source. Mail:frank@ajaxjs.com, visit
<a href="https://blog.csdn.net/zhangxin09" target="_blank">my blog(In Chinese)</a>. <br/> <br/> Copyright © 2025 Frank Cheung. All rights reserved.
</footer>
</body>
</html>
