## Entitlements quickstart
Use Frontegg's Entitlements Engine from JVM applications with a gRPC client. Run feature checks, permission checks, and fine-grained authorization (FGA) from services built with Java or other JVM languages.
br
Check out the repo on GitHub
br
Prerequisites
The Entitlements client is the only supported Frontegg SDK for Java today. You need a reachable entitlements engine endpoint, an engine token (for example `ENTITLEMENTS_ENGINE_TOKEN`), and a project using Maven or Gradle.
### Modules and artifacts
Artifacts are published to Maven Central under the group ID `com.frontegg.sdk`.
| Module | Artifact ID | Description |
| --- | --- | --- |
| Core | `entitlements-client` | gRPC client, check API, fallback, and caching |
| BOM | `entitlements-client-bom` | Bill of Materials for aligned dependency versions |
| Spring Boot starter | `entitlements-client-spring-boot-starter` | Auto-configuration from `application.properties` |
| Test utilities | `entitlements-client-test` | `MockEntitlementsClient` and `RecordingEntitlementsClient` |
### Install with Maven (using BOM)
Add BOM import and the core dependency. Replace `x.y.z` with the [current release on Maven Central](https://central.sonatype.com/search?q=g:com.frontegg.sdk+entitlements-client-bom).
```xml
com.frontegg.sdk
entitlements-client-bom
x.y.z
pom
import
com.frontegg.sdk
entitlements-client
```
### Install with Gradle (using BOM)
```kotlin
implementation(platform("com.frontegg.sdk:entitlements-client-bom:x.y.z"))
implementation("com.frontegg.sdk:entitlements-client")
```
### Configure and run checks
Build `ClientConfiguration` with your engine host and token, create an `EntitlementsClient`, then call `isEntitledTo` with a user context and either a feature or permission context.
br
```java
import com.frontegg.sdk.entitlements.EntitlementsClient;
import com.frontegg.sdk.entitlements.EntitlementsClientFactory;
import com.frontegg.sdk.entitlements.config.ClientConfiguration;
import com.frontegg.sdk.entitlements.model.EntitlementsResult;
import com.frontegg.sdk.entitlements.model.FeatureRequestContext;
import com.frontegg.sdk.entitlements.model.PermissionRequestContext;
import com.frontegg.sdk.entitlements.model.UserSubjectContext;
ClientConfiguration config = ClientConfiguration.builder()
.engineEndpoint("grpc.authz.example.com:443")
.engineToken(System.getenv("ENTITLEMENTS_ENGINE_TOKEN"))
.build();
try (EntitlementsClient client = EntitlementsClientFactory.create(config)) {
EntitlementsResult featureResult = client.isEntitledTo(
new UserSubjectContext("user-123", "tenant-456"),
new FeatureRequestContext("advanced-reporting")
);
System.out.println(featureResult.result() ? "Access granted" : "Access denied");
EntitlementsResult permissionResult = client.isEntitledTo(
new UserSubjectContext("user-123", "tenant-456"),
new PermissionRequestContext("reports:export")
);
if (!permissionResult.result()) {
throw new AccessDeniedException("Insufficient permissions");
}
}
```
br
Long-running applications
In Spring Boot, Quarkus, Micronaut, or other long-lived processes, register the client as a singleton bean instead of creating it for each request or using try-with-resources per call.
### Spring Boot starter
For Spring Boot, add the `entitlements-client-spring-boot-starter` artifact (via the same BOM) and configure properties in `application.properties` or `application.yml` so the client is created automatically. See the repository README for property names and examples.
### Resources
- [Full documentation and API reference](https://github.com/frontegg/entitlements-client-java) in the GitHub repository
- [Entitlements engine setup](/ciam/guides/authorization/entitlements/agent/setup) — deploy SpiceDB and the sync job (language-agnostic)
- [Node.js Entitlements](/ciam/sdks/backend/node/entitlements) — same engine from Node.js with `@frontegg/e10s-client`
- [Issues](https://github.com/frontegg/entitlements-client-java/issues)