Java Security

Open-source Java projects categorized as Security | Edit details

Top 23 Java Security Projects

  • GitHub repo Keycloak

    Open Source Identity and Access Management For Modern Applications and Services

    Project mention: Keycloak Docker setup tutorial | | 2021-06-24

    Keycloak is an open-source identity and access management solution for modern applications and services. Keycloak provides both SAML and OpenID protocol solutions.

  • GitHub repo Zed

    The OWASP ZAP core project

    Project mention: An Incomplete List of Practical Security for Mortals | | 2021-07-06

    consider adding some security testing inside the pipeline

  • GitHub repo jjwt

    Java JWT: JSON Web Token for Java and Android

    Project mention: JWT authentication in Spring Security and Angular | | 2020-09-14

    There are many open-source JWT implementations available for all languages. In this blog post, we use Java jjwt library in this blog post.

  • GitHub repo Spring Security

    Spring Security

    Project mention: How to ignore Url from Once per request filter | | 2021-05-12

    You can extract (and validate) the JWT token into the Principal by implementing the getPreAuthenticatedPrincipal method, and map the claims to user details by providing through a custom implementation of AuthenticationUserDetailsService.

  • GitHub repo graylog

    Free and open source log management

    Project mention: Looking for suggestions on a MDR solution | | 2021-07-13

    Have worked on a similar integration project, But with Graylog SIEM and TheHive Project.

  • GitHub repo Cryptomator

    Multi-platform transparent client-side encryption of your files in the cloud

    Project mention: Hey, you. Yeah, YOU! Make sure all your seed phrases and passwords are backed up manually! | | 2021-07-25

    What about storing a text file via a client side encrypted volume with an app like that works with Dropbox or Google Drive? Btw, I have nothing to do with this company or project, I actually just like the app.

  • GitHub repo Apache Shiro

    Apache Shiro

    Project mention: Libraries, Frameworks and Technologies you would NOT recommend | | 2021-04-13

    Apache Shiro is another security framework. I haven't tried it out myself, but I was sorely tempted to when trying to set up Spring Security.

  • GitHub repo DependencyCheck

    OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

    Project mention: Does anybody know any good materials for java defensive coding please?. | | 2021-06-19

    DependencyCheck is an open source tool that checks for vulnerabilities in dependencies used within a project. While it is a reactive tool, it's an important one since the code a developer writes is not the only code an application uses.

  • GitHub repo SuperTokens Community

    Open source alternative to Auth0 / Firebase Auth / AWS Cognito

    Project mention: Stateless alternative to Keycloak? | | 2021-05-09

    Checkout You can deploy as many instances of the server as you'd like, and they all communicate with one database. There is no state maintained in any of those instances, so even if they restart, it won't matter much.

  • GitHub repo MifareClassicTool

    An Android NFC app for reading, writing, analyzing, etc. MIFARE Classic RFID tags.

    Project mention: Help With Mifare Classic Tags | | 2021-02-17

    Note that some phones that don't have a NFC chip made by NXP don't fully support Mifare Classic tags. See this list and this one.

  • GitHub repo Keywhiz

    A system for distributing and managing secrets

  • GitHub repo FairEmail

    Fully featured, open source, privacy friendly email app for Android

    Project mention: K-9 Mail is back | | 2021-07-24

    A few years ago I had trouble with K9 going into "poll only mode", for lack of a better term. Push notifications simply didn't work and I missed lots of emails as a result.

    Switched to FairEmail[0] and have been a happy user since.


  • GitHub repo pac4j

    Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

  • GitHub repo find-sec-bugs

    The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

    Project mention: Enforcing Coding Best Practices using CI | | 2021-05-30

    SpotBugs with Find sec bugs for Java

  • GitHub repo libsignal-protocol-java

    Signal Protocol library for Java/Android

    Project mention: Aprovado a 06/07/2021 o ChatControl permite a monitorização de todas as trocas de correspondecias digitais na UE, ordem judicial não é necessária e utilizadores "inspecionados" não são informados. | | 2021-07-09

    Parece que a lib de encriptação do WhatsApp é baseada na do Signal.

  • GitHub repo Bouncy Castle

    Bouncy Castle Java Distribution (Mirror)

    Project mention: Java - Bouncy castle - OpenPGP | | 2021-05-19
  • GitHub repo jCasbin

    An authorization library that supports access control models like ACL, RBAC, ABAC in Java

    Project mention: Casbin: An authorization library that supports access control models like ACL, RBAC, ABAC in Java | | 2021-04-08
  • GitHub repo Peergos

    A p2p, secure file storage, social network and application protocol

    Project mention: Is holochain is a place you could build a functional distributed / lambda-architecture db yet? | | 2021-06-25

    Peergos is really cool too. Again, heavy emphasis on agency esp via object capabilities. It's like what we expect Holo hosting will look like in beta; all program execution happens in the browser, and apps have to ask your browser for permission before they do anything. Just like Spritely, it uses IPFS as a backing store.

  • GitHub repo nzyme

    Nzyme is a free and open next-generation WiFi defense system. Go to for more information.

    Project mention: My Inlaws Wifi Is Being Spoofed By Their | | 2020-12-31
  • GitHub repo Hive2Hive

    Java library for secure, distributed, P2P-based file synchronization and sharing.

    Project mention: Libgdx, box2d local multiplayer? | | 2021-07-11
  • GitHub repo play-pac4j

    Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

  • GitHub repo AuthMeReloaded

    The best authentication plugin for the Bukkit/Spigot API!

    Project mention: Online mode = false // Any way to configure it to allow Premium skins? | | 2021-01-19

    AuthMe Reloaded has this option if I remember correctly. Link:

  • GitHub repo NMapGUI

    Advanced Graphical User Interface for NMap

    Project mention: Network Scan | | 2021-01-06

    With nmap scan results, it's up to you to convert the data to anything other than text. Zenmap is a GUI frontend for the scanner, and can do a bit of graphic mapping, but it's really showing its age. might be a better use of your time.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-07-25.


What are some of the best open-source Security projects in Java? This list will help you:

Project Stars
1 Keycloak 9,427
2 Zed 8,677
3 jjwt 7,630
4 Spring Security 6,088
5 graylog 5,783
6 Cryptomator 5,568
7 Apache Shiro 3,555
8 DependencyCheck 3,208
9 SuperTokens Community 2,482
10 MifareClassicTool 2,461
11 Keywhiz 2,407
12 FairEmail 2,207
13 pac4j 2,026
14 find-sec-bugs 1,656
15 libsignal-protocol-java 1,595
16 Bouncy Castle 1,470
17 jCasbin 1,427
18 Peergos 938
19 nzyme 808
20 Hive2Hive 487
21 play-pac4j 380
22 AuthMeReloaded 338
23 NMapGUI 325