Java Security Frameworks

A list of third party (i.e. not part of Java SE or EE) security frameworks.

Enterprise

 * ESAPI OWASP Enterprise Security API a new OWASP project to provide all essential security services under one roof.

Access Control (Authentication and Authorisation)

 * Acegi Security - Acegi Security is a powerful, flexible security solution for enterprise software, with a particular emphasis on applications that use Spring. Using Acegi Security provides your applications with comprehensive authentication, authorization, instance-based access control, channel security and human user detection capabilities.
 * jGuard - jGuard is written in Java. Its goal is to provide a security framework based on JAAS (Java Authentication and Authorization Security). The framework is written for web and standalone applications, to easily provide solutions for access control problems.

Encryption

 * Bouncycastle - Lightweight Java cryptography APIs
 * Jasypt - Jasypt is a java library which allows the developer to add basic encryption capabilities to his/her projects with minimum effort, and without the need of having deep knowledge on how cryptography works.