PicketBox Overview

What is PicketBox?

PicketBox (formerly JBoss Security) is a security framework for Java Applications.


The features available are:

  1. Authentication
  2. Authorization/Access Control
  3. Auditing
  4. Mapping (Principal/Roles/Attribute)


The advantage is a simple framework with a single configuration file to handle.


Project Page is http://jboss.org/picketbox.


Environment Needed

PicketBox should run in a regular J2SE (Java JRE) environment. Of course, some dependencies are needed.


Download Releases

  • 3.0.0.Beta3 is released on March 7, 2010.



  1. Pick the zip from PicketBox Downloads
  2. If you are in a non-JBoss Application Server environment, you need the jboss-logging-spi.jar. Download it from here.


Relationship between PicketBox and PicketLink

  • PicketBox is the foundational security framework that provides the authentication, authorization, audit and mapping capabilities to Java applications.
  • PicketLink (formerly, JBoss Identity) builds on PicketBox foundation and provides an identity model, federated identity support (SAML, WS-Trust, OpenID), Authz(access control developer api), Negotiation (SPNego/Kerberos based desktop SSO).


Latest Information