Fork me on GitHub

The Java security engine to protect all your web applications and web services

Available for most frameworks/tools (implementations):
Spring Web MVC (Spring Boot)JEEShiroSpring Security (Spring Boot)Play 2.x
VertxSpark JavaJavalinRatpackPippoUndertow
CAS serverJAX-RSDropwizardLagomKnoxJooby

Supports most authentication mechanisms:
OAuth (Facebook, Twitter, Google...) - SAML - CAS - OpenID Connect - HTTP - OpenID - Google App Engine
LDAP - SQL - JWT - MongoDB - CouchDB - IP address - Kerberos (SPNEGO) - REST API

and authorization mechanisms:
Roles/permissions - Anonymous/remember-me/(fully) authenticated - CORS - CSRF - HTTP Security headers

Supported by:

The CAS and pac4j consulting company