pac4j is an easy and powerful security engine for Java to authenticate users, get their profiles and manage authorizations in order to secure web applications and web services.
It provides a comprehensive set of concepts and components. It is based on Java 8 and available under the Apache 2 license. It is available for most frameworks/tools and supports most authentication/authorization mechanisms.
Get started by clicking on your framework):
Available implementations (
Spring Web MVC (Spring Boot)
• Apache Shiro
• Spring Security (Spring Boot)
• Play 2.x
• Akka HTTP
• Apache Knox
OAuth (Facebook, Twitter, Google...) - SAML - CAS - OpenID Connect - HTTP - Google App Engine - Kerberos (SPNEGO/Negotiate)
LDAP - SQL - JWT - MongoDB - CouchDB - IP address - REST API
Roles/permissions - Anonymous/remember-me/(fully) authenticated - Profile type, attribute
CORS - CSRF - Security headers - IP address, HTTP method
The latest released version is the , available in the Maven central repository.
The next version is under development.
Read the documentation for more information.
You can use the mailing lists or the commercial support.
The CAS and pac4j consulting company