Fork me on GitHub

The Java security engine to protect all your web applications and web services

Available for most frameworks/tools (implementations):
Spring Web MVCJEESpring BootShiroSpring Security (Spring Boot)Play 2.xVertx
Spark JavaJavalinRatpackPippoUndertowJooby
CAS serverJAX-RSDropwizardLagomAkka HTTPKnox

Supports most authentication mechanisms:
OAuth (Facebook, Twitter, Google...) - SAML - CAS - OpenID Connect - HTTP - Google App Engine
LDAP - SQL - JWT - MongoDB - CouchDB - IP address - Kerberos (SPNEGO) - REST API

and authorization mechanisms:
Roles/permissions - Anonymous/remember-me/(fully) authenticated - CORS - CSRF - HTTP Security headers

Supported by:

The CAS and pac4j consulting company