<dependency> <groupId>org.pac4j</groupId> <artifactId>pac4j-core</artifactId> <version>xxx</version> </dependency> import org.pac4j.core.authorization.generator.AuthorizationGenerator; import org.pac4j.core.config.Config; import org.pac4j.core.credentials.UsernamePasswordCredentials; import org.pac4j.core.profile.CommonProfile; import org.pac4j.core.util.CommonHelper; import org.pac4j.http.client.direct.DirectBasicAuthClient; public class Pac4jConfig { private static final String USERNAME = "admin"; private static final String PASSWORD = "password"; public static Config createConfig() { DirectBasicAuthClient basicAuthClient = new DirectBasicAuthClient(new AuthorizationGenerator<UsernamePasswordCredentials>() { @Override public void generate(UsernamePasswordCredentials credentials, CommonProfile profile) { if (USERNAME.equals(credentials.getUsername()) && PASSWORD.equals(credentials.getPassword())) { profile.setId(USERNAME); profile.addRole("ROLE_ADMIN"); } } }); Config config = new Config(basicAuthClient); return config; } } import org.pac4j.core.config.Config; import org.pac4j.core.context.J2EContext; import org.pac4j.core.exception.HttpAction; import org.pac4j.j2e.filter.RequiresAuthenticationFilter; import org.pac4j.j2e.util.HttpContextHelper; public class Main { public static void main(String[] args) { Config config = Pac4jConfig.createConfig(); J2EContext context = new J2EContext(HttpContextHelper.getRequest(), HttpContextHelper.getResponse()); RequiresAuthenticationFilter filter = new RequiresAuthenticationFilter(config, "SimpleDirectBasicAuthSecurityFilter"); try { filter.internalFilter(context); } catch (HttpAction e) { } } }