Skip to main content
  • Edit my account
  • Manage Cookies

Jakarta Security 3.0 (under development)

Jakarta Security defines a standard for creating secure Jakarta EE applications in modern application paradigms.

The goal of this release is to continue adding features and evolving the API. A number of those had been discussed and even had prototype implementations during the development of the previous version, but didn’t make it in.

More specifically:

Additional authentication mechanisms:

Extended authentication mechanisms:

  • Authentication mechanism per URL SECURIY #86
  • User choice of authentication mechanism (login with provider X, login with provider Y, etc)
  • Multiple authentication mechanisms (try JWT, fallback to BASIC, etc)


  • @RolesAllowed alternative
  • Easily adding an interceptor to a build-in CDI bean blog


  • Authorization modules blog

The JDK version required will be aligned with Jakarta EE 10.


Plan Review

The Specification Committee Ballot concluded successfully on 2021-05-27 with the following results.

Representative Representative for: Vote
Kenji Kazumura Fujitsu +1
Dan Bandera, Kevin Sutter IBM no vote
Ed Bratt, Dmitry Kornilov Oracle +1
Andrew Pielage, Matt Gill Payara +1
Scott Stark, Mark Little Red Hat +1
David Blevins, Jean-Louis Monteiro Tomitribe +1
Ivar Grimstad EE4J PMC +1
Marcelo Ancelmo, Martijn Verburg Participant Members +1
Werner Keil Committer Members +1
Scott (Congquan) Wang Enterprise Members +1
Total 9

The ballot was run in the mailing list

Click on the specifications below to access the specification document, Javadoc, Technology Compatibility Kit (TCK), and compatible implementation for each release of the specification.

Platform and Profile Specifications

The Jakarta EE Platform and Profile specifications are the umbrella specifications for the individual specifications. The Jakarta EE Platform includes most of the individual specifications, while the Profile specifications include the individual specifications for developing web platforms and microservices architectures.

Individual Specifications

Each individual specification describes a standardized way of implementing a particular aspect of an enterprise Java application.

Back to the top