JBoss Projects: Security

Security projects provide authentication and authorization capabilities to JBoss projects, most notably JBoss Application Server. In addition to standard J2EE security they also provide identity management functionality and single sign-on behaviour across multiple applications.

PicketBox(JBoss Security and Identity Management) provides authentication, authorization, mapping and audit capabilities for Java applications.

PicketLink provides Identity Management and Federated Identity support. The project provides SAMLv2, WS-Trust, OpenID and Kerberos/SPNego support along with a Identity Model.

For JBoss vulnerabilities infomation made public, please refer to: Security Vulnerabilities Notification To The JBoss Community




Found a security issue with a project or product? Report it now!
Please see below:

Found a Security Vulnerability in a JBoss Project or Product?

Please email either (security AT jboss DOT com) or (security AT jboss DOT org). We will treat your report with the utmost confidentiality and respect. We will not disclose your private information.

You can also visit the Red Hat Security Report PageRed Hat Security Team Page to report the vulnerability.

Want to know about JBoss community projects vulnerabilities?
Please visit:Security Vulnerabilities Notification To The JBoss Community