jboss.org: community driven

Did you find a Security Vulnerability in any of the JBoss Products? If yes, then you can either email (security AT jboss DOT com) or (security AT jboss DOT org). You can also use the following Red Hat Security Team page to report: JBoss/Red Hat Security Vulnerability Reporting (Your information will be Confidential)

JBoss Security is an integration layer that provides J2EE as well as custom security to the various JEMS projects including the JBoss Application Server. This project also includes all the initiatives for Identity Management.

HISTORY OF JBOSS SECURITY

JBossSX was originaly started under the leadership of Dan O'Connor, and Oleg Nitz. Since then, JBossSX has added additional JAAS support under the leadership of Scott Stark with continued help from Oleg Nitz. Scott has really turned this into a world class project on its own and you will find in our product security features that you won't find anywhere else no matter how much you are willing to pay.

With the increasing needs for Identity Management in the enterprise as well as in the various JEMS projects such as JBoss Portal etc, it was decided to extend JBoss Security to provide IDM functionality. Currently, JBoss Security and Identity Management is under the watchful eyes of Anil Saldhana.
A notable sub-project of JBoss Security is:

JBoss Federated SSO

FEATURES

Secure authentication of users via JAAS login modules.
Extensible authentication of users via JAAS login modules.
Support for custom per method authentication of users via integration with the EJB container method interceptor.
Support for JAAS Subject based authorization of users.
Flexible mapping from legacy security systems to JAAS Subject based permissions.

TEAM

Project Lead: Anil Saldhana
Advisor: Scott Stark
Team: Stefan Guilhen
Team: Marcus Moyses (Voluntary)

Security Vulnerabilities Contact

If you find any vulnerability in JBoss suite of Projects/Products, please do not hesitate to use the following page and the associated email address on the page, to securely communicate the vulnerability information: JBoss/Redhat Security Vulnerability. You can also email either (security AT jboss DOT com) or (security AT jboss DOT org). Your information will be private and confidential.

Latest News

Please read the blog at Anil Saldhana's Blog
Please read the press release issued by Oasis at the end of the Burton Catalyst XACML Interoperability Event here. Oasis News Release (June 28, 2007)

Faces

Community/Standards Participation

We support the following Standards Organizations with participation on various committees.
Java Community Process