public class AttributeAuthenticator implements Authenticator<UsernamePasswordCredentials> { @Override public void validate(UsernamePasswordCredentials credentials) { String username = credentials.getUsername(); String password = credentials.getPassword(); if (username.equals("admin") && password.equals("123456")) { CommonProfile profile = new CommonProfile(); profile.setId("admin"); profile.addAttribute("role", "admin"); credentials.setUserProfile(profile); } else { throw new AuthenticationException("Invalid username or password"); } } } public class AttributeAuthorizer implements Authorizer<CommonProfile> { @Override public boolean isAuthorized(WebContext context, List<CommonProfile> profiles) { CommonProfile profile = profiles.get(0); return profile.getAttribute("role").equals("admin"); } } public class Pac4jClientConfig { public Config buildConfig() { Authenticator<UsernamePasswordCredentials> authenticator = new AttributeAuthenticator(); Authorizer<CommonProfile> authorizer = new AttributeAuthorizer(); Config config = new Config(authenticator); config.addAuthorizer(authorizer); config.setHttpActionAdapter(new DefaultHttpActionAdapter()); config.setDefaultAuthenticator(authenticator.getKey()); config.addMatcher("excludedPath", new PathMatcher().excludeRegex("/public/.*")); return config; } }