How the Easy-ABAC Framework by Exadel Helps Secure REST APIs

Share article


Exadel has been creating its own open-source solutions to solve technical problems facing businesses and individuals for years. The Easy-ABAC Framework is our newest solution. It helps secure REST APIs by providing a skeleton for an authorization management system with flexible access rights.

In this article, you will learn about the core security features that our solution provides for developers and businesses.

Start Building Your Authorization Architecture with the Easy-ABAC Framework

Developer teams spend much of their time creating and supporting complex access-control solutions, which almost never fully match security expectations. As a result, REST APIs are left unprotected and available for unauthorized users to access. This is mainly because it’s difficult to track unprotected resources during application development and even harder to fix them manually.

To help developers improve REST API security, the Exadel team has developed the Easy-ABAC Framework, which can be a starting point for authorization architecture. It provides a skeleton for an authorization management system in which developers can configure access rights to REST resources and prevent API security issues. Let’s take a look at the specific features that make the EASY-ABAC system one of our most helpful solutions yet.

Core Features of the EASY-ABAC Framework

  • Compile-time check of proper configuration and missing authorization. With Easy-ABAC’s compilation, developers can detect unprotected REST resources, even during app development. If any resources remain unprotected, then the application will raise a compilation error, which makes it easy to detect the exact REST resource that needs work.
  • Centralized and externalized authorization management system. Easy-ABAC has a flexible access rights configuration, allowing admins to restrict rest API access.
  • Lightweight library and easy-to-learn API. The library’s simple structure allows developers to avoid technical complications during set up.
  • Declarative authorization. Instead of dozens of lines of code, developers can specify exactly what the framework should do in a declarative manner.

What Else Do You Need to Know About the Easy-ABAC Framework?

Exadel has used the framework internally for three years and has tested it on real access issues. The team continues to develop the solution and add new functionality. The framework is available on GitHub, and any user can try the solution or become a contributor.

We’re confident that Easy-ABAC will help you because:

  • It can be adapted for many types of projects; there is no need to use dozens of different frameworks for a single project
  • It can be used for Java spring-based web applications, multi-tenant applications, applications with dynamic access rights, and applications with fine-grained access rights
  • It saves developers and QAs time; thanks to the compile check, there is no need to manually seek and fix access problems
  • It has an open license; businesses and individuals alike can take advantage of the framework for free

If you want to know more about our solution, feel free to discuss it with the team. To learn more about Exadel’s experience in software engineering, find additional details on our software engineering page.