Jakarta Security 4.0 (under development)

Release for Jakarta EE 11

Jakarta Security defines a standard for creating secure Jakarta EE applications in modern application paradigms.

The release splits focuses on evolving the API in various ways, and specifically providing APIs for the authorization theme (including interceptors and an abstraction for the permission store)

New features, enhancements or additions

Client-cert and Digest SECURITY #120
Authentication mechanism per URL SECURIY #86
User choice of authentication mechanism (login with provider X, login with provider Y, etc)
Multiple authentication mechanisms (try JWT, fallback to BASIC, etc)
@RolesAllowed alternative
Easily adding an interceptor to a build-in CDI bean
Authorization modules

Removals, deprecations or backwards incompatible changes

Remove references to the SecurityManager (as listed here: https://github.com/search?q=repo%3Ajakartaee%2Fsecurity%20SecurityManager&type=code)

Minimum Java SE Version

Java SE 17 or higher

Details

Jakarta Security 4.0 Release Record

Compatible Implementations

Soteria (TBC)

Ballots

Plan Review

The Specification Committee Ballot concluded successfully on 2023-07-25 with the following results.

Representative	Representative for:	Vote
Kenji Kazumura	Fujitsu	+1
Emily Jiang, Tom Watson	IBM	+1
Ed Bratt, Dmitry Kornilov	Oracle	+1
Andrew Pielage, Petr Aubrecht	Payara	+1
David Blevins, Jean-Louis Monteiro	Tomitribe	+1
Ivar Grimstad	EE4J PMC	+1
Marcelo Ancelmo, Abraham Marin-Perez	Participant Members	+1
Werner Keil	Committer Members	+1
Zhai Luchao	Enterprise Members	+1
Scott Stark, Scott Marlow	Enterprise Members	No vote
	Total	9

The ballot was run on the jakarta.ee-spec mailing list

Release Review

View a Specification

Adopt a Spec

Learn more