GlassFish Project - Security home page

New to GlassFish | Community Guidelines | Downloads | FAQ | How-Tos

Welcome to the Security home page.  This page is dedicated to the Security technologies in GlassFish.

Please send questions or comments to  (Click here for information on joining the alias).

Security News

We have implemented the Java™ Authentication Service Provider Interface for Containers (JSR 196), Java™ Authorization Contract for Containers Maintenance Draft (JSR 115), security annotations in Common Annotations for the Java™ Platform JSR 250, custom principal, JDBCRealm, assign-groups.

Page Contents

Security Technologies

The majority of the GlassFish code is available under the Common Development and Distribution License (CDDL) v1.0  The following page contains details about the components in GlassFish and the licenses under which they are covered.

The Security module within GlassFish covers the following major areas :

The source code is located in the following cvs modules:

Unit/Acceptance Tests

Running the security development tests is required for any changes to the security module.  The Quicklook tests must also pass.   

Supporting Documentation

This section contains pointers to useful documents and information.

F.A.Q. about using Security in GlassFish


General information:

Lots of good general information on developing secure applications can be found in Chapter 29 to 32 of the Java EE 5 Tutorial and in the Securing Applications of the Developer's Guide. More information can be found in Java EE Security.

ToDo List

We will be using the security subcategory of Issue Tracker to manage to-do items, enhancement requests, and new features.