Important Announcement

Please use for your Java Application Security requirements.

PicketLink is Apache License v2 open source project for Java Application Security. It is a JBoss Community Project.

What is PicketBox?

PicketBox is a Java Security Framework that provides Java developers the following functionality:


Additionally, we provide an Oasis XACML v2.0 compliant engine.

PicketBox Pre-requisites

PicketBox requires a Java Virtual Machine v1.5 and higher.

PicketBox Documentation

Learn all about PicketBox from the following wiki article:

PicketBox Overview

Blog Posts

Can Big Data solve our Security Challenges?
Oct 31, 2015 12:34 AM by Anil Saldanha
On a daily basis, you hear about some company getting hacked or losing customer records.This pattern has become so routine that the shock factor has g…
JBoss CommunityProjects (including WildFlyAs): OpenSSL HeartBleed Vulnerability
Apr 9, 2014 1:33 PM by Anil Saldanha
I want to take this post to summarize that "JBoss community projects including WildFly Application Server are not directly affected by the OpenSSL Hea…
SAML vs OAuth: Which one to use?
Nov 21, 2013 11:00 AM by Anil Saldanha
Please follow my DZone article on this important topic:
View more blog posts

Frequently Asked Questions

Q. Why the name "PicketBox"?

You are familiar with a Picket Fence that provides a sense of security. The individual pickets are used together to provide a secure set up.  Since this project provides the pieces necessary to provide a secure system, it makes sense to be called "PicketBox" ( a box of pickets).

Q. Why does the version start from v3 rather than v1?

PicketBox is a project that has been derived out of JBoss Security which saw v1 and v2.

Q. Does it provide Federated Identity Support?

You will need to look at PicketLink for that.

Q. Is there a requirement for JBoss Application Server?

Not really. You should be able to get it to work in a regular JDK environment.

Q. How does it compare to Acegi (Spring Security)?

Please use PicketLink, a JBoss Community project for Java Application Security needs.

Q. I am a web developer, why would I choose PicketBox?

If you are a web developer, I strongly suggest looking at JBoss Seam for your web development. It makes web development easy. Seam 3 will utilize PicketBox as its security foundation.

If you are not using Seam, then you should certainly look at the container security provided by the Servlet specification.  If your requirements are beyond that, then you need to augment it via PicketBox.


Project PicketBox is very useful for Seam 3.
Shane Bryzak, Seam Developer

Desktop wallpaper | Project Swag

Picket Box