Please use http://www.picketlink.org for your Java Application Security requirements.
PicketLink is Apache License v2 open source project for Java Application Security. It is a JBoss Community Project.
What is PicketBox?
PicketBox is a Java Security Framework that provides Java developers the following functionality:
Additionally, we provide an Oasis XACML v2.0 compliant engine.
PicketBox requires a Java Virtual Machine v1.5 and higher.
Learn all about PicketBox from the following wiki article:
- SAML vs OAuth: Which one to use?
- Nov 21, 2013 11:00 AM by Anil Saldhana
- Please follow my DZone article on this important topic: http://architects.dzone.com/articles/saml-versus-oauth-which-one
- PicketBox XACML v2.0.9.Final Released
- Jun 17, 2013 12:49 PM by Anil Saldhana
- PicketBox XACML v2.0.9.Final has been released.You can download it from http://www.jboss.org/picketbox/downloadsInformation available at https://commu…
- Authorization (Access Control) Best Practices
- May 17, 2013 1:35 AM by Anil Saldhana
- After the recent wrestling match in the blogosphere that included vendors and analysts on XACML, I want to provide some best practices for access cont…
- View more blog posts
Frequently Asked Questions
Q. Why the name "PicketBox"?
You are familiar with a Picket Fence that provides a sense of security. The individual pickets are used together to provide a secure set up. Since this project provides the pieces necessary to provide a secure system, it makes sense to be called "PicketBox" ( a box of pickets).
Q. Why does the version start from v3 rather than v1?
PicketBox is a project that has been derived out of JBoss Security which saw v1 and v2.
Q. Does it provide Federated Identity Support?
You will need to look at PicketLink for that.
Q. Is there a requirement for JBoss Application Server?
Not really. You should be able to get it to work in a regular JDK environment.
Q. How does it compare to Acegi (Spring Security)?
Please use PicketLink, a JBoss Community project for Java Application Security needs.
Q. I am a web developer, why would I choose PicketBox?
If you are a web developer, I strongly suggest looking at JBoss Seam for your web development. It makes web development easy. Seam 3 will utilize PicketBox as its security foundation.
If you are not using Seam, then you should certainly look at the container security provided by the Servlet specification. If your requirements are beyond that, then you need to augment it via PicketBox.
Project PicketBox is very useful for Seam 3.