spring-security-pac4j

spring-security-pac4j copied to clipboard

The spring-security-pac4j project is a bridge from pac4j to Spring Security (reactive) to push the pac4j security context into the Spring Security security (reactive) context.
It's based on Java 11, Spring Security 5 and on the pac4j security engine v5. It's available under the Apache 2 license.

It must be used with a pac4j security library:

• the javaee-pac4j implementation (which has similar filters as spring-security-pac4j version <= 7.x)
• if you use Spring MVC, the spring-webmvc-pac4j implementation
• if you use Spring Webflux, the spring-webflux-pac4j implementation

While it is always better to directly use a pac4j security library alone, this bridge can be used to keep legacy software and avoid full migration.

Usage

1) Add the required dependencies

2) Install the bridge for a Spring webapp without Spring Boot

3) Install, configure and use the pac4j security library

You must refer to the documentation of the pac4j security library you use: javaee-pac4j or spring-webmvc-pac4j or spring-webflux-pac4j.

Demos

Spring security boot demo with pac4j JEE filters: spring-security-pac4j + javaee-pac4j: spring-security-jee-pac4j-boot-demo.

Spring Security boot demo with pac4j SpringMVC: spring-security-pac4j + spring-webmvc-pac4j: spring-security-webmvc-pac4j-boot-demo.

Spring Security reactive boot demo with pac4j Spring Webflux: spring-security-pac4j + spring-webflux-pac4j: spring-security-webflux-pac4j-boot-demo.

Versions

The latest released version is the , available in the Maven central repository. The next version is under development.

See the release notes. Learn more by browsing the pac4j documentation and the spring-security-pac4j Javadoc.

See the migration guide as well.

Need help?

You can use the mailing lists or the commercial support.