pac4j
is an easy and powerful security engine for Java to authenticate users, get their profiles and manage authorizations in order to secure web applications and web services.
It provides a comprehensive set of concepts and components. It is based on Java 8 and available under the Apache 2 license. It is available for most frameworks/tools and supports most authentication/authorization mechanisms.
Spring Web MVC (Spring Boot) • JEE • Apache Shiro • Spring Security (Spring Boot) • Play 2.x
Vertx • Spark Java • Javalin • Ratpack • Pippo • Undertow
CAS server • JAX-RS • Dropwizard • Apache Knox • Jooby
OAuth (Facebook, Twitter, Google...) - SAML - CAS - OpenID Connect - HTTP - OpenID - Google App Engine - Kerberos (SPNEGO/Negotiate)
LDAP - SQL - JWT - MongoDB - CouchDB - IP address - REST API
Roles/permissions - Anonymous/remember-me/(fully) authenticated - Profile type, attribute
CORS - CSRF - Security headers - IP address, HTTP method
The latest released version is the , available in the Maven central repository. The next version is under development.
Read the documentation for more information.
If you need commercial support (premium support or new/specific features), contact us at [email protected].
If you have any questions, want to contribute or be notified about the new releases and security fixes, please subscribe to the following mailing lists:
The CAS and pac4j consulting company
There exist extensions to pac4j developed by third parties. The extensions provide features not available in the core pac4j distribution. At the moment, the following extension are known:
- IDC Extensions to PAC4J, developed internally by IDC and published as open source.