OACC - pronounced [oak] - is a fully featured API to both enforce and manage your application's authentication and authorization needs.
Learn more about all of OACC's authorization and authentication features on the Features page.
OACC is compatible with Java™ SE 7 (Java™ version 1.7.0), or higher.
OACC persists all security relationships in database tables and currently supports the following databases:
Oct 11, 2018
New API method to support token-based authentication. All pre-release deprecated methods removed.
Jun 7, 2017
Configurable password encryptors, including BCrypt.
Apr 25, 2017
The SecureTodo example and writeup is out now.
May 17, 2016
New OACC website is now usable on any device.
Feb 15, 2016
Permission factories now cache all permissions.
Feb 7, 2016
OACC is now available from the Maven Central Repository.
Jan 11, 2016
Improved serialization support.
Nov 17, 2015
Supports client-specified alternate resource identifier so clients can avoid storing the generated resourceId.
Sep 29, 2015
Expanded database support: now includes profiles for HSQLDB, MySQL and SQLite.
Jul 14, 2015
New API methods to grant/revoke permissions and delete resources and domains; now enforces query authorization; culled overloaded methods.
Mar 23, 2015
New API methods to check permissions; vararg support; only uses unchecked exceptions.
Jan 9, 2015
New API methods to get direct permissions.
Nov 18, 2014
Comprehensive pluggable authentication module support.
Oct 7, 2014
OACC open-sourced under the Apache License, Version 2.0. Project website launched.