Repository files navigation

Thejee-pac4j project is aneasy and powerful security library for JEE web applications and web services which supports authentication and authorization, but also logout and advanced features like session fixation and CSRF protection.It's based on thepac4j security engine. It's available under the Apache 2 license.

Main concepts and components:

1. Aclient represents an authentication mechanism. It performs the login process and returns a user profile. An indirect client is for web applications authentication while a direct client is for web services authentication:

▸ OAuth - SAML - CAS - OpenID Connect - HTTP - Google App Engine - Kerberos - LDAP - SQL - JWT - MongoDB - CouchDB - IP address - REST API

2. Anauthorizer is meant to check authorizations on the authenticated user profile(s) or on the current web context:

▸ Roles - Anonymous / remember-me / (fully) authenticated - Profile type, attribute - CORS - CSRF - Security headers - IP address, HTTP method

3. Amatcher defines whether theSecurityFilter must be applied and can be used for additional web processing

4. TheSecurityFilter protects an url by checking that the user is authenticated and that the authorizations are valid, according to the clients and authorizers configuration. If the user is not authenticated, it performs authentication for direct clients or starts the login process for indirect clients

5. TheCallbackFilter finishes the login process for an indirect client

6. TheLogoutFilter logs out the user from the application and triggers the logout at the identity provider level

7. TheJEEContext and theProfileManager components can be injected

8. TheFilterHelper handles the filters and their related mappings.

Two demo webapps:jee-pac4j-demo (a simple JSP/servlets demo) andjee-pac4j-cdi-demo (a more advanced demo using JSF and CDI) are available for tests and implements many authentication mechanisms: Facebook, Twitter, form, basic auth, CAS, SAML, OpenID Connect, JWT...

The latest released version is the, available in theMaven central repository.Thenext version is under development.

See therelease notes. Learn more by browsing thepac4j documentation and thejee-pac4j Javadoc.

See themigration guide as well.

You can use themailing lists or thecommercial support.