Java Security Frameworks

A list of third party (i.e. not part of Java SE or EE) security frameworks. This page contains a list of Java security libraries and frameworks and indicates which security features each library supports.

Enterprise

• OWASP Enterprise Security API a new OWASP project to provide all essential security services under one roof.
• HDIV A web application security framework that provides a number of functions.

Access Control (Authentication and Authorisation)

• jGuard - jGuard is written in Java. Its goal is to provide a security framework based on JAAS (Java Authentication and Authorization Security). The framework is written for web and standalone applications, to easily provide solutions for access control problems.

Encryption

• Bouncycastle - Lightweight Java cryptography APIs
• Jasypt - Jasypt is a java library which allows the developer to add basic encryption capabilities to his/her projects with minimum effort, and without the need of having deep knowledge on how cryptography works.

Cross Site Scripting (XSS)

• OWASP Java Encoder Project is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies to help Java web developers defend against Cross Site Scripting.
• OWASP Java HTML Sanitizer Project is a fast and easy to configure HTML Sanitizer written in Java which lets you include HTML authored by third-parties in your web application while protecting against XSS.
• OWASP Java JSON Sanitizer is a tool to convert JSON-like content to valid JSON! The OWASP JSON Sanitizer Project is a simple to use Java library that can be attached at either end of a data-pipeline

Additional Java Security Libraries

Security Features Key

• AU Authentication
• AC Authorization / Access Control
• CF Anti CSRF
• CR Cryptography
• IV Input Validation
• OE Output encoding
• SM Session management
• XM XML security
• XS XSS protection