Java Security Frameworks

A list of third party (i.e. not part of Java SE or EE) security frameworks.

Enterprise

 * OWASP Enterprise Security API a new OWASP project to provide all essential security services under one roof.
 * HDIV A web application security framework that provides a number of functions.

Access Control (Authentication and Authorisation)

 * jGuard - jGuard is written in Java. Its goal is to provide a security framework based on JAAS (Java Authentication and Authorization Security). The framework is written for web and standalone applications, to easily provide solutions for access control problems.

Encryption

 * Bouncycastle - Lightweight Java cryptography APIs
 * Jasypt - Jasypt is a java library which allows the developer to add basic encryption capabilities to his/her projects with minimum effort, and without the need of having deep knowledge on how cryptography works.

What is this page for?
This page contains a table of Java security libraries and indicates which security features each library supports.

The plan is to use this information to work backwards to create a 'decision tree' which will allow Java developers to decide which security libraries would be the most suitable for their requirements.

It is at a very early stage, and will almost certainly contain many mistakes and omissions. Please feel free to correct these yourself, or contact Psiinon to correct them on your behalf.

Security Features Key

 * AU Authentication
 * AC Authorization / Access Control
 * CF Anti CSRF
 * CR Cryptography
 * IV Input Validation
 * OE Output encoding
 * SM Session management
 * XM XML security
 * XS XSS protection