Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time
February 10, 2021 19:39
January 23, 2023 12:09
January 21, 2022 19:51
February 1, 2012 18:33
February 24, 2016 14:21
December 1, 2022 09:53
February 24, 2023 09:31

pac4j is an easy and powerful security framework for Java to authenticate users, get their profiles and manage authorizations in order to secure web applications and web services.

It provides a comprehensive set of concepts and components. It is available for most frameworks/tools and supports most authentication/authorization mechanisms. It is licensed under the Apache 2 license.

JDK pac4j Usage of Lombok
17 v6.x Yes
11 v5.x No
8 v4.x No

Available implementations (Get started by clicking on your framework):

JEESpring Web MVC (Spring Boot)Spring Webflux (Spring Boot)Apache ShiroSpring Security (Spring Boot)

CAS serverSyncopeApache Knox

Play 2.xVertxSpark JavaRatpackJAX-RSDropwizard

JavalinPippoUndertowLagomAkka HTTPJooby

Authentication mechanisms:

OAuth (Facebook, Twitter, Google...) - SAML - CAS - OpenID Connect - HTTP - Google App Engine - Kerberos (SPNEGO/Negotiate)

LDAP - SQL - JWT - MongoDB - CouchDB - IP address - REST API

Authorization mechanisms:

Roles - Anonymous/remember-me/(fully) authenticated - Profile type, attribute

CORS - CSRF - Security headers - IP address, HTTP method


The latest released version is the Maven Central, available in the Maven central repository. The next version is under development.

Read the documentation for more information.

Need help?

You can use the mailing lists or the commercial support.

Supported by

CAS in the cloud The CAS and pac4j consulting company