Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/pac4j/pac4j

Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
https://github.com/pac4j/pac4j

authentication authorization cas dropwizard j2e java jax-rs jwt ldap oauth openid-connect play-framework ratpack saml security shiro sparkjava spring-mvc spring-security vertx

Last synced: 3 days ago
JSON representation

Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

Awesome Lists containing this project

README

        



### `pac4j` is an easy and powerful security framework for Java to authenticate users, get their profiles and manage authorizations in order to secure web applications and web services.

It provides a comprehensive set of [**concepts and components**](https://www.pac4j.org/docs/main-concepts-and-components.html).
It is **available for most frameworks/tools** and **supports most authentication/authorization mechanisms**.
It is licensed under the Apache 2 license.

| JDK | pac4j | Usage of Lombok |
|-----|-------|-----------------|
| 17 | v6.x | Yes |
| 11 | v5.x | No |
| 8 | v4.x | No |

## Available implementations (*Get started by clicking on your framework*):

[JEE](https://github.com/pac4j/j2e-pac4j)
• [Spring Web MVC (Spring Boot)](https://github.com/pac4j/spring-webmvc-pac4j)
• [Spring Webflux (Spring Boot)](https://github.com/pac4j/spring-webflux-pac4j)
• [Apache Shiro](https://github.com/bujiio/buji-pac4j)
• [Spring Security (Spring Boot)](https://github.com/pac4j/spring-security-pac4j)

[CAS server](https://apereo.github.io/cas/6.6.x/integration/Delegate-Authentication.html)
• [Syncope](https://syncope.apache.org)
• [Apache Knox](http://knox.apache.org/books/knox-1-6-0/user-guide.html#Pac4j+Provider+-+CAS+/+OAuth+/+SAML+/+OpenID+Connect)

[Play 2.x](https://github.com/pac4j/play-pac4j)
• [Vertx](https://github.com/pac4j/vertx-pac4j)
• [Spark Java](https://github.com/pac4j/spark-pac4j)
• [Ratpack](http://ratpack.io/manual/current/pac4j.html#pac4j)
• [JAX-RS](https://github.com/pac4j/jax-rs-pac4j)
• [Dropwizard](https://github.com/pac4j/dropwizard-pac4j)

[Javalin](https://github.com/pac4j/javalin-pac4j)
• [Pippo](http://www.pippo.ro/doc/security.html#pac4j-integration)
• [Undertow](https://github.com/pac4j/undertow-pac4j)
• [Lagom](https://github.com/pac4j/lagom-pac4j)
• [Akka HTTP](https://github.com/StackVista/akka-http-pac4j)
• [Jooby](https://jooby.io/modules/pac4j)

## Authentication mechanisms:

[OAuth (Facebook, Twitter, Google...)](https://www.pac4j.org/docs/clients/oauth.html) - [SAML](https://www.pac4j.org/docs/clients/saml.html) - [CAS](https://www.pac4j.org/docs/clients/cas.html) - [OpenID Connect](https://www.pac4j.org/docs/clients/openid-connect.html) - [HTTP](https://www.pac4j.org/docs/clients/http.html) - [Google App Engine](https://www.pac4j.org/docs/clients/google-app-engine.html) - [Kerberos (SPNEGO/Negotiate)](https://www.pac4j.org/docs/clients/kerberos.html)

[LDAP](https://www.pac4j.org/docs/authenticators/ldap.html) - [SQL](https://www.pac4j.org/docs/authenticators/sql.html) - [JWT](https://www.pac4j.org/docs/authenticators/jwt.html) - [MongoDB](https://www.pac4j.org/docs/authenticators/mongodb.html) - [CouchDB](https://www.pac4j.org/docs/authenticators/couchdb.html) - [IP address](https://www.pac4j.org/docs/authenticators/ip.html) - [REST API](https://www.pac4j.org/docs/authenticators/rest.html)

## Authorization mechanisms:

[Roles](https://www.pac4j.org/docs/authorizers/profile-authorizers.html#roles) - [Anonymous/remember-me/(fully) authenticated](https://www.pac4j.org/docs/authorizers/profile-authorizers.html#authentication-levels) - [Profile type, attribute](https://www.pac4j.org/docs/authorizers/profile-authorizers.html#others)

[CORS](https://www.pac4j.org/docs/authorizers/web-authorizers.html#cors) - [CSRF](https://www.pac4j.org/docs/authorizers/web-authorizers.html#csrf) - [Security headers](https://www.pac4j.org/docs/authorizers/web-authorizers.html#security-headers) - [IP address, HTTP method](https://www.pac4j.org/docs/authorizers/web-authorizers.html#others)

---

## Versions

The latest released version is the [![Maven Central](https://maven-badges.herokuapp.com/maven-central/org.pac4j/pac4j-core/badge.svg?style=flat)](https://maven-badges.herokuapp.com/maven-central/org.pac4j/pac4j-core), available in the Maven central repository.
The [next version](https://www.pac4j.org/docs/next-version.html) is under development.

Read the [documentation](https://www.pac4j.org/docs/index.html) for more information.

## Need help?

You can use the [mailing lists](https://www.pac4j.org/mailing-lists.html) or the [commercial support](https://www.pac4j.org/commercial-support.html).

## Supported by

[![CAS in the cloud](https://www.pac4j.org/img/logo-casinthecloud.png)](https://www.casinthecloud.com) *The CAS and pac4j consulting company*