PicketBox Overview

What is PicketBox?

PicketBox (formerly JBoss Security) is a security framework for Java Applications.


The features available are:

  1. Authentication
  2. Authorization/Access Control
  3. Auditing
  4. Mapping (Principal/Roles/Attribute)


The advantage is a simple framework with a single configuration file to handle.


Project Page is http://jboss.org/picketbox.

Environment Needed

PicketBox should run in a regular J2SE (Java JRE) environment. Of course, some dependencies are needed.

Download Releases

  • 3.0.0.Beta6 is released on May 13, 2010.



  1. Pick the zip from PicketBox Downloads
  2. If you are in a non-JBoss Application Server environment, you need the jboss-logging-spi.jar. Download it from here.


  • PicketBox is the foundational security framework that provides the authentication, authorization, audit and mapping capabilities to Java applications.
  • PicketLink (formerly, JBoss Identity) builds on PicketBox foundation and provides an identity model, federated identity support (SAML, WS-Trust, OpenID), Authz(access control developer api), Negotiation (SPNego/Kerberos based desktop SSO).

Advanced Information ( PicketBox FAQ)

  1. JSR-196 Callback Handler for JCA 1.6 Integration
  2. PicketBox in JBoss Application Server 5.1




Latest Information