Version 18

    What is PicketBox?

    PicketBox (formerly JBoss Security) is a security framework for Java Applications.


    The features available are:

    1. Authentication
    2. Authorization/Access Control
    3. Auditing
    4. Mapping (Principal/Roles/Attribute)


    The advantage is a simple framework with a single configuration file to handle.


    Project Page is

    Environment Needed

    PicketBox should run in a regular J2SE (Java JRE) environment. Of course, some dependencies are needed.

    Download Releases

    • 3.0.0.Beta6 is released on May 13, 2010.



    1. Pick the zip from PicketBox Downloads
    2. If you are in a non-JBoss Application Server environment, you need the jboss-logging-spi.jar. Download it from here.


    • PicketBox is the foundational security framework that provides the authentication, authorization, audit and mapping capabilities to Java applications.
    • PicketLink (formerly, JBoss Identity) builds on PicketBox foundation and provides an identity model, federated identity support (SAML, WS-Trust, OpenID), Authz(access control developer api), Negotiation (SPNego/Kerberos based desktop SSO).

    Advanced Information ( PicketBox FAQ)

    1. JSR-196 Callback Handler for JCA 1.6 Integration
    2. PicketBox in JBoss Application Server 5.1




    Latest Information