<dependency> <groupId>org.pac4j</groupId> <artifactId>pac4j-core</artifactId> <version>2.3.0</version> </dependency> public class SecurityConfig extends Config { public SecurityConfig() { FormClient formClient = new FormClient("https://example.com/login", new SimpleTestUsernamePasswordAuthenticator()); JwtAuthenticator jwtAuthenticator = new JwtAuthenticator(); jwtAuthenticator.setSecret("top-secret-key"); Authorizer<CommonProfile> authorizer = new RequireAnyRoleAuthorizer<>("ROLE_USER"); Clients clients = new Clients("https://example.com/callback", formClient); setClients(clients); addAuthorizer("admin", authorizer); setDefaultClient(formClient); setDefaultAuthorizers("admin"); } } public class Application extends ResourceConfig { public Application() { SecurityFilter securityFilter = new SecurityFilter(); securityFilter.setConfig(new SecurityConfig()); securityFilter.setClients("FormClient,JwtAuthClient"); securityFilter.setAuthorizers("admin"); securityFilter.setMatchers("excludePath"); register(securityFilter); } }