 PicketBox |
Announcement:PicketBox 3.0.0.Final Released
What is PicketBox?
|
PicketBox is a Java Security Framework that provides Java developers the following functionality:
Additionally, we provide an Oasis XACML v2.0 compliant engine. |
PicketBox Pre-requisites
|
PicketBox requires a Java Virtual Machine v1.5 and higher. |
PicketBox Documentation
|
Learn all about PicketBox from the following wiki article: |
Blog Posts
- Java Identity JSR: A positive step
- Dec 12, 2011 4:31 AM by Anil Saldhana
- The latest JSR on Java Identity is a very positive step in fostering security in Java applications. Since the JSR targets Java SE (as well as Java EE)…
- JavaOne11 Experiences :: JBoss AS7/PicketLink/SAML/OpenShift
- Oct 14, 2011 10:25 AM by Anil Saldhana
- I had the privilege of attending Java One in San Francisco this month. I had two talks this year. Talks: 1) Venue: JBoss Booth. Title: Trusted Secu…
- Deploy Java Applications In The Cloud
- Aug 30, 2011 11:42 AM by Anil Saldhana
- A couple of years ago, I had played with Google App Engine. I liked the ease of deployment via eclipse and the fact that I could code in Java and depl…
- View more blog posts
Frequently Asked Questions
|
Q. Why the name "PicketBox"? You are familiar with a Picket Fence that provides a sense of security. The individual pickets are used together to provide a secure set up. Since this project provides the pieces necessary to provide a secure system, it makes sense to be called "PicketBox" ( a box of pickets). Q. Why does the version start from v3 rather than v1? PicketBox is a project that has been derived out of JBoss Security which saw v1 and v2. Q. Does it provide Federated Identity Support? You will need to look at PicketLink for that. Q. Is there a requirement for JBoss Application Server? Not really. You should be able to get it to work in a regular JDK environment. Q. How does it compare to Acegi (Spring Security)? Acegi is a popular security framework that utilizes Spring extensively. The objectives of both Acegi and PicketBox are the same : make security easier for Java developers. But the philosophy behind is slightly different. Most of the Java applications run in either Servlet container such as Apache Tomcat or a Java EE Application server such as JBoss or Glassfish. All these containers have security in- built into them via the Java EE security specifications. What Acegi does is that it provides an uniform security framework utilizing spring that runs on these containers, but without the use of any of the container security features. Honestly, we should really be utilizing the BASIC, FORM, DIGEST and CLIENT-CERT form of authentication provided by the servlet containers for web applications. The container developers have spent years on security response, patches etc to fix vulnerabilities that a generic security framework cannot embrace. PicketBox tries to integrate with containers such as JBoss Application Server seamlessly such that applications using PicketBox can have seamless security into JavaEE components such as EJB3 or web applications running. Q. I am a web developer, why would I choose PicketBox? If you are a web developer, I strongly suggest looking at JBoss Seam for your web development. It makes web development easy. Seam 3 will utilize PicketBox as its security foundation. If you are not using Seam, then you should certainly look at the container security provided by the Servlet specification. If your requirements are beyond that, then you need to augment it via PicketBox. |
Security Jobs At Red Hat
|
The following are links to open positions at Red Hat Inc. |
Project PicketBox is very useful for Seam 3. Shane Bryzak, Seam Developer
|
