The security engine to protect all your Java web applications

Available for most frameworks/tools: J2E, Spring Web MVC / Spring Boot, Play 2.x, Vertx, Spark Java, Ratpack, Undertow, Jooby, Apache Shiro, Spring Security, CAS server and Knox (Hadoop)

Supports most authentication mechanisms: OAuth (Facebook, Twitter, Google, Yahoo...), CAS, HTTP (form, basic auth...), OpenID, SAML, Google App Engine, OpenID Connect, JWT, LDAP, RDBMS, MongoDB and Stormpath
and authorization checks: roles / permissions, CSRF, security headers...