Fork me on GitHub

The Java security engine to protect all your web applications

Available for most frameworks/tools:
J2ESpring Web MVC (Spring Boot)Spring Security (Spring Boot)Shiro
Play 2.xVertxSpark JavaRatpackUndertow
CAS serverDropwizardKnoxJooby

Supports most authentication mechanisms:
OAuth (Facebook, Twitter, Google...) - SAML - CAS - OpenID Connect - HTTP - OpenID - Google App Engine
LDAP - SQL - JWT - MongoDB - Stormpath - IP address


and authorization mechanisms:
Roles / permissions - Anonymous / remember-me / (fully) authenticated - CORS - CSRF - HTTP Security headers ...