pac4j is an easy and powerful security engine for Java to authenticate users, get their profiles and manage authorizations in order to secure web applications.

It provides a comprehensive set of concepts and components. It is based on Java 8 and available under the Apache 2 license. It is available for most frameworks / tools and supports most authentication / authorization mechanisms.

Available implementations (Get started by clicking on your framework):

J2E • Spring Web MVC (Spring Boot) • Spring Security (Spring Boot) • Apache Shiro

Play 2.x • Vertx • Spark Java • Ratpack • Undertow

CAS server • JAX-RS • Dropwizard • Apache Knox • Jooby

Authentication mechanims:

OAuth (Facebook, Twitter, Google...) - SAML - CAS - OpenID Connect - HTTP - OpenID - Google App Engine

LDAP - SQL - JWT - MongoDB - Stormpath - IP address

Authorization mechanisms:

Roles / permissions - Anonymous / remember-me / (fully) authenticated - Profile type, attribute

CORS - CSRF - Security headers - IP address, HTTP method

---

Versions

The version 2.0.0-SNAPSHOT is under development. Maven artifacts are built via Travis: and available in the Sonatype snapshots repository.

The source code can be cloned and locally built via Maven:

git clone git@github.com:pac4j/pac4j.git
cd pac4j
mvn clean install

The latest released version is the , available in the Maven central repository. See the release notes.

Read the documentation for more information.

Need help?

If you have any question, please use the following mailing lists:

• pac4j users
• pac4j developers