This feature enables support for securing the server runtime environment and applications using Security-1.0 as defined in JSR-375.

Enabling this feature

To enable the Application Security 3.0 feature, add the following element declaration into your server.xml file, inside the featureManager element:

<feature>appSecurity-3.0</feature>

Feature configuration elements

Standard API packages provided by this feature

  • javax.security.auth.message

  • javax.security.auth.message.callback

  • javax.security.auth.message.config

  • javax.security.auth.message.module

  • javax.security.enterprise

  • javax.security.enterprise.authentication.mechanism.http

  • javax.security.enterprise.credential

  • javax.security.enterprise.identitystore

Liberty API packages provided by this feature

  • com.ibm.websphere.security.auth.callback

  • com.ibm.wsspi.security.auth.callback

  • com.ibm.wsspi.security.common.auth.module

  • com.ibm.wsspi.security.tai

  • com.ibm.wsspi.security.token

Features that this feature enables

Supported Java versions

  • JavaSE-1.8

  • JavaSE-11.0

  • JavaSE-17.0

  • JavaSE-21.0

  • JavaSE-22.0

Features that enable this feature

Developing a feature that depends on this feature

If you are developing a feature that depends on this feature, include the following item in the Subsystem-Content header in your feature manifest file.

com.ibm.websphere.appserver.appSecurity-3.0; type="osgi.subsystem.feature"