Application Security 3.0

This feature enables support for securing the server runtime environment and applications using Security-1.0 as defined in JSR-375.

Enable this feature

To enable the Application Security 3.0 feature, add the following element declaration into the server.xml file, inside the featureManager element:

<feature>appSecurity-3.0</feature>

Feature configuration elements

• administrator-role
• authCache
• authentication
• basicRegistry
• cache
• cacheManager
• cachingProvider
• classloader
• classloading
• jaasLoginContextEntry
• jaasLoginModule
• kerberos
• library
• ltpa
• quickStartSecurity
• reader-role
• trustAssociation

Standard API packages provided by this feature

• javax.security.auth.message
• javax.security.auth.message.callback
• javax.security.auth.message.config
• javax.security.auth.message.module
• javax.security.enterprise
• javax.security.enterprise.authentication.mechanism.http
• javax.security.enterprise.credential
• javax.security.enterprise.identitystore
• javax.servlet
• javax.servlet.annotation
• javax.servlet.descriptor
• javax.servlet.http

Liberty API packages provided by this feature

• com.ibm.websphere.security.auth.callback
• com.ibm.wsspi.security.auth.callback
• com.ibm.wsspi.security.common.auth.module
• com.ibm.wsspi.security.tai
• com.ibm.wsspi.security.token

Features that this feature enables

• cdi-2.0
• el-3.0
• servlet-4.0
• ssl-1.0

Supported Java versions

• JavaSE-1.8
• JavaSE-11.0
• JavaSE-17.0
• JavaSE-21.0
• JavaSE-24.0

Platform Versions

• javaee-8.0
• jakartaee-8.0

Features that enable this feature

• jacc-1.5
• jaspic-1.1
• mpJwt-1.0
• mpJwt-1.1
• mpJwt-1.2
• openid-2.0
• webProfile-8.0

Develop a feature that depends on this feature

If we are developing a feature that depends on this feature, include the following item in the Subsystem-Content header in your feature manifest file.

com.ibm.websphere.appserver.appSecurity-3.0; type="osgi.subsystem.feature"