<dependency> <groupId>org.pac4j</groupId> <artifactId>pac4j-core</artifactId> <version>5.0.0</version> </dependency> import org.pac4j.core.config.Config; import org.pac4j.core.credentials.authenticator.UsernamePasswordAuthenticator; import org.pac4j.core.profile.CommonProfile; import org.pac4j.http.client.direct.DirectBasicAuthClient; import org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator; public class Pac4jConfiguration { private String username; private String password; public Pac4jConfiguration(String username, String password) { this.username = username; this.password = password; } public Config getConfig() { UsernamePasswordAuthenticator authenticator = new SimpleTestUsernamePasswordAuthenticator(username, password); DirectBasicAuthClient basicAuthClient = new DirectBasicAuthClient(authenticator); Config config = new Config(basicAuthClient); config.setHttpActionAdapter(new MyHttpActionAdapter()); return config; } public class MyHttpActionAdapter extends DefaultHttpActionAdapter { } } import org.pac4j.springframework.web.SecurityInterceptor; @RestController @RequestMapping("/api") public class ApiController { @Autowired private Pac4jConfiguration pac4jConfiguration; @RequestMapping("/protected") @SecurityInterceptor(name = "DirectBasicAuthClient", configName = "getConfig", authorizers = {}) public String protectedEndpoint() { } }