The Java security framework to protect all your web applications and web services

Available for most frameworks/tools (implementations):
JEE • Spring Web MVC (Spring Boot) • Spring Webflux (Spring Boot) • Shiro • Spring Security (Spring Boot)
CAS server • Syncope • Knox
Play 2.x • Vertx • Spark Java • Ratpack • JAX-RS • Dropwizard
Javalin • Pippo • Undertow • Lagom • Akka HTTP • Jooby

Supports most authentication mechanisms:
OAuth (Facebook, Twitter, Google...) - SAML - CAS - OpenID Connect - HTTP - Google App Engine
LDAP - SQL - JWT - MongoDB - CouchDB - IP address - Kerberos (SPNEGO) - REST API

and authorization mechanisms:
Roles/permissions - Anonymous/remember-me/(fully) authenticated - CORS - CSRF - HTTP Security headers

Supported by:

The CAS and pac4j consulting company