Fork me on GitHub

The Java security framework to protect all your web applications and web services

Available for most frameworks/tools (implementations):
JEESpring Web MVC (Spring Boot)Spring Webflux (Spring Boot)ShiroSpring Security (Spring Boot)
CAS serverSyncopeKnox
Play 2.xVertxSpark JavaRatpackJAX-RSDropwizard
JavalinPippoUndertowLagomAkka HTTPJooby

Supports most authentication mechanisms:
OAuth (Facebook, Twitter, Google...) - SAML - CAS - OpenID Connect - HTTP - Google App Engine
LDAP - SQL - JWT - MongoDB - CouchDB - IP address - Kerberos (SPNEGO) - REST API

and authorization mechanisms:
Roles/permissions - Anonymous/remember-me/(fully) authenticated - CORS - CSRF - HTTP Security headers

Supported by:

The CAS and pac4j consulting company