pac4j：一个简单而强大的Java安全引擎

pac4j is an easy and powerful security engine for Java to authenticate users, get their profiles and manage authorizations in order to secure web applications and web services.

It provides a comprehensive set of concepts and components. It is based on Java 8 and available under the Apache 2 license. It is available for most frameworks/tools and supports most authentication/authorization mechanisms.

Available implementations (Get started by clicking on your framework):

Spring Web MVC (Spring Boot) • JEE • Apache Shiro • Spring Security (Spring Boot) • Play 2.x • Vertx

Spark Java • Javalin • Ratpack • Pippo • Undertow • Jooby

CAS server • JAX-RS • Dropwizard • Lagom • Akka HTTP • Apache Knox

Authentication mechanisms:

OAuth (Facebook, Twitter, Google...) - SAML - CAS - OpenID Connect - HTTP - OpenID - Google App Engine - Kerberos (SPNEGO/Negotiate)

LDAP - SQL - JWT - MongoDB - CouchDB - IP address - REST API

Authorization mechanisms:

Roles/permissions - Anonymous/remember-me/(fully) authenticated - Profile type, attribute

CORS - CSRF - Security headers - IP address, HTTP method

Versions

The latest released version is the , available in the Maven central repository. The next version is under development.

Read the documentation for more information.

Need help?

If you need commercial support (premium support or new/specific features), contact us at info@pac4j.org.

If you have any questions, want to contribute or be notified about the new releases and security fixes, please subscribe to the following mailing lists:

• pac4j-users
• pac4j-developers
• pac4j-announce
• pac4j-security

Supported by

The CAS and pac4j consulting company

Third-party extensions

There exist extensions to pac4j developed by third parties. The extensions provide features not available in the core pac4j distribution. At the moment, the following extension are known:

• IDC Extensions to PAC4J, developed internally by IDC and published as open source.