<dependency> <groupId>org.pac4j</groupId> <artifactId>pac4j-core</artifactId> <version>3.9.0</version> </dependency> Config config = new Config(new FormClient("/login", new SimpleTestUsernamePasswordAuthenticator())); config.addAuthorizer("admin", new RequireAnyRoleAuthorizer("ROLE_ADMIN")); Pac4jConfigFilter pac4jConfigFilter = new Pac4jConfigFilter(config); FilterHolder pac4jFilterHolder = new FilterHolder(pac4jConfigFilter); pac4jFilterHolder.setAsyncSupported(true); ServletContextHandler context = new ServletContextHandler(); context.addFilter(pac4jFilterHolder, "/*", EnumSet.of(DispatcherType.REQUEST)); Constraint constraint = new Constraint(); constraint.setName("auth"); constraint.setAuthenticate(true); constraint.setRoles(new String[]{"admin"}); ConstraintMapping mapping = new ConstraintMapping(); mapping.setPathSpec("/*"); mapping.setConstraint(constraint); context.getSecurityHandler().setConstraintMappings(Collections.singletonList(mapping)); OAuth20Client client = new OAuth20Client(); client.setKey("clientId"); client.setSecret("clientSecret"); client.setCallbackUrl("/callback"); Config config = new Config(client); config.addAuthorizer("admin", new RequireAnyRoleAuthorizer("ROLE_ADMIN")); Pac4jConfigFilter pac4jConfigFilter = new Pac4jConfigFilter(config); FilterHolder pac4jFilterHolder = new FilterHolder(pac4jConfigFilter); pac4jFilterHolder.setAsyncSupported(true); ServletContextHandler context = new ServletContextHandler(); context.addFilter(pac4jFilterHolder, "/*", EnumSet.of(DispatcherType.REQUEST));