View on GitHub


Easy of use abstractions on top of Java EE security APIs

Download this project as a .zip file Download this project as a tar.gz file

What is OmniSecurity?

OmniSecurity provides a basic security (login) facility for simple, self-contained web applications with easy of use abstractions on top of Java EE security APIs like JASPIC and JACC.

The focus is on integrating with the Java EE security model and making the low-level security APIs that Java EE offers easier and more approachable. As such OmniSecurity is not a security framework itself, but merely a set of utilities for the existing Java EE security APIs.

This project takes advantage of the JASPIC/JASPI/JSR 196 SPI and aims among others at building a portable SAM (Server Authentication Module/Server Auth Module) that delegates the actual authentication (user name and role retrieval) to user code. It's an implementation of the ideas proposed in JAVAEE_SPEC-9 and JASPIC_SPEC-17

OmniSecurity is a sub-project of OmniFaces.
It targets Java EE 7 exclusively and is build with JDK 7.

Note: OmniSecurity has been superseded by The Java EE Security API (JSR 375) and its RI Soteria. We plan to start work on an OmniSecurity 2 or possibly a differently named project like OmniSecurityAPI than rebased on the Java EE Security API.


Maven coordinates:



The auth module is demonstrated in a Java EE 6 kickoff app, which also has a live demo.