Important Announcement

Please use for your Java Application Security requirements.

PicketLink is Apache License v2 open source project for Java Application Security. It is a JBoss Community Project.

What is PicketBox?

PicketBox is a Java Security Framework that provides Java developers the following functionality:


Additionally, we provide an Oasis XACML v2.0 compliant engine.

PicketBox Pre-requisites

PicketBox requires a Java Virtual Machine v1.5 and higher.

PicketBox Documentation

Learn all about PicketBox from the following wiki article:

PicketBox Overview

Blog Posts

JBoss CommunityProjects (including WildFlyAs): OpenSSL HeartBleed Vulnerability
Apr 9, 2014 1:33 PM by Anil Saldhana
I want to take this post to summarize that "JBoss community projects including WildFly Application Server are not directly affected by the OpenSSL Hea…
SAML vs OAuth: Which one to use?
Nov 21, 2013 11:00 AM by Anil Saldhana
Please follow my DZone article on this important topic:
PicketBox XACML v2.0.9.Final Released
Jun 17, 2013 12:49 PM by Anil Saldhana
PicketBox XACML v2.0.9.Final has been released.You can download it from available at https://commu…
View more blog posts

Frequently Asked Questions

Q. Why the name "PicketBox"?

You are familiar with a Picket Fence that provides a sense of security. The individual pickets are used together to provide a secure set up.  Since this project provides the pieces necessary to provide a secure system, it makes sense to be called "PicketBox" ( a box of pickets).

Q. Why does the version start from v3 rather than v1?

PicketBox is a project that has been derived out of JBoss Security which saw v1 and v2.

Q. Does it provide Federated Identity Support?

You will need to look at PicketLink for that.

Q. Is there a requirement for JBoss Application Server?

Not really. You should be able to get it to work in a regular JDK environment.

Q. How does it compare to Acegi (Spring Security)?

Please use PicketLink, a JBoss Community project for Java Application Security needs.

Q. I am a web developer, why would I choose PicketBox?

If you are a web developer, I strongly suggest looking at JBoss Seam for your web development. It makes web development easy. Seam 3 will utilize PicketBox as its security foundation.

If you are not using Seam, then you should certainly look at the container security provided by the Servlet specification.  If your requirements are beyond that, then you need to augment it via PicketBox.


Project PicketBox is very useful for Seam 3.
Shane Bryzak, Seam Developer

Desktop wallpaper | Project Swag

Picket Box