CAS Client Spring Security vs. Shiro vs. Pac4j

CAS - CAS Clients
https://apereo.github.io/cas/5.2.x/integration/CAS-Clients.html

CAS - CAS Clients
https://apereo.github.io/cas/4.2.x/integration/CAS-Clients.html

apereo/java-cas-client: Apereo Java CAS Client
https://github.com/apereo/java-cas-client

Spring Security
https://spring.io/projects/spring-security

Springboot security cas整合方案-原理篇 - 南柯问天 - 博客园
https://www.cnblogs.com/question-sky/p/7061522.html

使用Spring Security 集成 CAS 完成单点登录 - 简书
https://www.jianshu.com/p/2ba25bd3a5cb

Spring Security实践（三）：通过CAS实现SSO - 简书
https://www.jianshu.com/p/daca18a8f84c

Apache Shiro | Simple. Java. Security.
http://shiro.apache.org/cas.html

 

pac4j/pac4j: Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
https://github.com/pac4j/pac4j

 

pac4j is an easy and powerful security engine for Java to authenticate users, get their profiles and manage authorizations in order to secure web applications and web services.

It provides a comprehensive set of concepts and components. It is based on Java 8 and available under the Apache 2 license. It is available for most frameworks/tools and supports most authentication/authorization mechanisms.

Available implementations (Get started by clicking on your framework):

Spring Web MVC (Spring Boot) • JEE • Apache Shiro • Spring Security (Spring Boot) • Play 2.x • Vertx

Spark Java • Javalin • Ratpack • Pippo • Undertow • Jooby

CAS server • JAX-RS • Dropwizard • Lagom • Akka HTTP • Apache Knox

Authentication mechanisms:

OAuth (Facebook, Twitter, Google...) - SAML - CAS - OpenID Connect - HTTP - OpenID - Google App Engine - Kerberos (SPNEGO/Negotiate)

LDAP - SQL - JWT - MongoDB - CouchDB - IP address - REST API

Authorization mechanisms:

Roles/permissions - Anonymous/remember-me/(fully) authenticated - Profile type, attribute

CORS - CSRF - Security headers - IP address, HTTP method