pac4j is an easy and powerful security engine for Java to authenticate users, get their profiles and manage authorizations in order to secure web applications.
It provides a comprehensive set of concepts and components. It is based on Java 8 and available under the Apache 2 license. It is available for most frameworks/tools and supports most authentication/authorization mechanisms.
J2E • Spring Web MVC (Spring Boot) • Spring Security (Spring Boot) • Apache Shiro
Play 2.x • Vertx • Spark Java • Ratpack • Pippo • Undertow
CAS server • JAX-RS • Dropwizard • Apache Knox • Jooby
OAuth (Facebook, Twitter, Google...) - SAML - CAS - OpenID Connect - HTTP - OpenID - Google App Engine - Kerberos (SPNEGO/Negotiate)
LDAP - SQL - JWT - MongoDB - CouchDB - IP address - REST API
Roles/permissions - Anonymous/remember-me/(fully) authenticated - Profile type, attribute
CORS - CSRF - Security headers - IP address, HTTP method
The version 3.1.0-SNAPSHOT is under development. Maven artifacts are built via Travis: 
The source code can be cloned and locally built via Maven:
git clone git@github.com:pac4j/pac4j.git
cd pac4j
mvn clean installThe latest released version is the 
Read the documentation for more information.
There exist extensions to pac4j developed by third parties. The extensions provide features not available in the core pac4j distribution. At the moment, the following extension are known:
- IDC Extensions to PAC4J, developed internally by IDC and published as open source.
If you need commercial support (premium support or new/specific features), contact us at info@pac4j.org.
If you have any question, please use the pac4j mailing lists:
