import org.pac4j.core.authorization.authorizer.RequireAnyRoleAuthorizer; import org.pac4j.core.config.Config; import org.pac4j.core.context.WebContext; import org.pac4j.core.exception.HttpAction; import org.pac4j.core.profile.CommonProfile; import org.pac4j.core.profile.ProfileManager; import org.pac4j.core.util.Pac4jConstants; public class SecurePage { @SuppressWarnings({"rawtypes", "unchecked"}) public void restrictedPage(WebContext context) throws HttpAction { RequireAnyRoleAuthorizer authorizer = new RequireAnyRoleAuthorizer("ROLE_ADMIN", "ROLE_MANAGER"); Config config = new Config(authorizer); ProfileManager manager = new ProfileManager(context); CommonProfile profile = manager.get(true); if (profile != null) { if (authorizer.isAuthorized(context, profile.getRoles())) { } else { } } else { context.setResponseStatus(401); //... } } }