Skip to main content

Jakarta Security 3.0 (under development)

Jakarta Security defines a standard for creating secure Jakarta EE applications in modern application paradigms.

The goal of this release is to continue adding features and evolving the API. A number of those had been discussed and even had prototype implementations during the development of the previous version, but didn’t make it in.

More specifically:

Additional authentication mechanisms:

Extended authentication mechanisms:

  • Authentication mechanism per URL SECURIY #86
  • User choice of authentication mechanism (login with provider X, login with provider Y, etc)
  • Multiple authentication mechanisms (try JWT, fallback to BASIC, etc)


  • @RolesAllowed alternative
  • Easily adding an interceptor to a build-in CDI bean blog


  • Authorization modules blog

The JDK version required will be aligned with Jakarta EE 10.


Plan Review

The Specification Committee Ballot concluded successfully on 2021-05-27 with the following results.

Representative Representative for: Vote
Kenji Kazumura Fujitsu +1
Dan Bandera, Kevin Sutter IBM no vote
Ed Bratt, Dmitry Kornilov Oracle +1
Andrew Pielage, Matt Gill Payara +1
Scott Stark, Mark Little Red Hat +1
David Blevins, Jean-Louis Monteiro Tomitribe +1
Ivar Grimstad EE4J PMC +1
Marcelo Ancelmo, Martijn Verburg Participant Members +1
Werner Keil Committer Members +1
Scott (Congquan) Wang Enterprise Members +1
Total 9

The ballot was run in the mailing list

Back to the top