Fork me on GitHub

The Java security engine to protect all your web applications

Available for most frameworks/tools (implementations):
J2ESpring Web MVC (Spring Boot)Spring Security (Spring Boot)Shiro
Play 2.xVertxSpark JavaRatpackPippoUndertow
CAS serverJAX-RSDropwizardKnoxJooby

Supports most authentication mechanisms:
OAuth (Facebook, Twitter, Google...) - SAML - CAS - OpenID Connect - HTTP - OpenID - Google App Engine
LDAP - SQL - JWT - MongoDB - CouchDB - IP address - Kerberos (SPNEGO) - REST API

and authorization mechanisms:
Roles/permissions - Anonymous/remember-me/(fully) authenticated - CORS - CSRF - HTTP Security headers