pac4j is an easy and powerful security framework for Java to authenticate users, get their profiles and manage authorizations in order to secure web applications and web services.
It provides a comprehensive set of concepts and components. It is available for most frameworks/tools and supports most authentication/authorization mechanisms. It is licensed under the Apache 2 license.
| JDK | pac4j | Usage of Lombok |
|---|---|---|
| 17 | v6.x | Yes |
| 11 | v5.x | No |
| 8 | v4.x | No |
Available implementations (Get started by clicking on your framework):
JEE • Spring Web MVC (Spring Boot) • Spring Webflux (Spring Boot) • Apache Shiro • Spring Security (Spring Boot)
CAS server • Syncope • Apache Knox
Play 2.x • Vertx • Spark Java • Ratpack • JAX-RS • Dropwizard
Javalin • Pippo • Undertow • Lagom • Akka HTTP • Jooby
Authentication mechanisms:
OAuth (Facebook, Twitter, Google...) - SAML - CAS - OpenID Connect - HTTP - Google App Engine - Kerberos (SPNEGO/Negotiate)
LDAP - SQL - JWT - MongoDB - CouchDB - IP address - REST API
Authorization mechanisms:
Roles - Anonymous/remember-me/(fully) authenticated - Profile type, attribute
CORS - CSRF - Security headers - IP address, HTTP method
Versions
The latest released version is the 
Read the documentation for more information.
Need help?
You can use the mailing lists or the commercial support.
Supported by
