pac4j
is an easy and powerful security engine for Java to authenticate users, get their profiles and manage authorizations in order to secure web applications.
It provides a comprehensive set of concepts and components. It is based on Java 8 and available under the Apache 2 license. It is available for most frameworks/tools and supports most authentication/authorization mechanisms.
Available implementations (Get started by clicking on your framework):
J2E • Spring Web MVC (Spring Boot) • Spring Security (Spring Boot) • Apache Shiro
Play 2.x • Vertx • Spark Java • Ratpack • Undertow
CAS server • JAX-RS • Dropwizard • Apache Knox • Jooby
Authentication mechanisms:
OAuth (Facebook, Twitter, Google...) - SAML - CAS - OpenID Connect - HTTP - OpenID - Google App Engine - Kerberos (SPNEGO/Negotiate)
LDAP - SQL - JWT - MongoDB - CouchDB - IP address - REST API
Authorization mechanisms:
Roles/permissions - Anonymous/remember-me/(fully) authenticated - Profile type, attribute
CORS - CSRF - Security headers - IP address, HTTP method
Versions
The version 3.0.0-SNAPSHOT is under development. Maven artifacts are built via Travis: and available in the Sonatype snapshots repository.
The source code can be cloned and locally built via Maven:
git clone git@github.com:pac4j/pac4j.git
cd pac4j
mvn clean install
The latest released version is the , available in the Maven central repository. See the release notes.
Read the documentation for more information.
Third-party extensions
There exist extensions to pac4j developed by third parties. The extensions provide features not available in the core pac4j distribution. At the moment, the following extension are known:
- IDC Extensions to PAC4J, developed internally by IDC and published as open source.
Need help?
If you need commercial support (premium support or new/specific features), contact us at info@pac4j.org.
If you have any question, please use the pac4j mailing lists: