The spring-security-pac4j project is a bridge from pac4j to Spring Security (reactive) to push the pac4j security context into the Spring Security security (reactive) context.
It's based on the pac4j security engine. It's available under the Apache 2 license.

Since version 8 (working as a bridge only), it must be used with a pac4j security library:

• the jakartaee-pac4j (Spring 6) or javaee-pac4j (Spring 5) implementation (which has similar filters as spring-security-pac4j version <= 7.x)
• if you use Spring MVC, the spring-webmvc-pac4j implementation version >= 7 (Spring 6) or version < 7 (Spring 5)
• if you use Spring Webflux, the spring-webflux-pac4j implementation version >= 2 (Spring 6) or version < 2 (Spring 5)

While it is always better to directly use a pac4j security library alone, this bridge can be used to keep legacy software and avoid full migration.

You must refer to the documentation of the pac4j security library you use: jakartaee-pac4j or spring-webmvc-pac4j or spring-webflux-pac4j.

Spring security boot demo with pac4j JEE filters: spring-security-pac4j + jakartaee-pac4j: spring-security-jee-pac4j-boot-demo.

Spring Security boot demo with pac4j SpringMVC: spring-security-pac4j + spring-webmvc-pac4j: spring-security-webmvc-pac4j-boot-demo.

Spring Security reactive boot demo with pac4j Spring Webflux: spring-security-pac4j + spring-webflux-pac4j: spring-security-webflux-pac4j-boot-demo.

The latest released version is the , available in the Maven central repository. The next version is under development.

See the release notes. Learn more by browsing the pac4j documentation and the spring-security-pac4j Javadoc.

See the migration guide as well.

You can use the mailing lists or the commercial support.