Awesome Open Source
Awesome Open Source

pac4j is an easy and powerful security engine for Java to authenticate users, get their profiles and manage authorizations in order to secure web applications and web services.

It provides a comprehensive set of concepts and components. It is based on Java 8 and available under the Apache 2 license. It is available for most frameworks/tools and supports most authentication/authorization mechanisms.

Available implementations (Get started by clicking on your framework):

Spring Web MVC (Spring Boot)JEEApache ShiroSpring Security (Spring Boot)Play 2.xVertx

Spark JavaJavalinRatpackPippoUndertowJooby

CAS serverJAX-RSDropwizardLagomAkka HTTPApache Knox

Authentication mechanisms:

OAuth (Facebook, Twitter, Google...) - SAML - CAS - OpenID Connect - HTTP - Google App Engine - Kerberos (SPNEGO/Negotiate)

LDAP - SQL - JWT - MongoDB - CouchDB - IP address - REST API

Authorization mechanisms:

Roles/permissions - Anonymous/remember-me/(fully) authenticated - Profile type, attribute

CORS - CSRF - Security headers - IP address, HTTP method


The latest released version is the Maven Central, available in the Maven central repository. The next version is under development.

Read the documentation for more information.

Need help?

You can use the mailing lists or the commercial support.

Supported by

CAS in the cloud The CAS and pac4j consulting company

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
java (31,213
security (1,874
authentication (473
jwt (399
authorization (214
oauth (169
spring-security (135
spring-mvc (120
shiro (90
ldap (78
openid-connect (68
vertx (55
cas (39
play-framework (37
saml (36
jax-rs (20
dropwizard (19