File Identity Store

Since Payara Server 5.194

The Payara API provides a @FileIdentityStoreDefinition annotation that creates an identity store to authenticate the users using the file realm.


The File realm identity store is defined through the @FileIdentityStoreDefinition annotation. Specifying this in a valid place as defined by the Jakarta EE Security API will create the identity store. Often this may mean that any class is a valid position. If the file realm not found with the defined name then a new File realm is registered on the server using the create-auth-realm asadmin command, otherwise existing file realm instance is used to authenticate the users.


The following code sample illustrates how to configure file realm identity store:

@DeclareRoles({ "a", "b"})
@BasicAuthenticationMechanismDefinition(realmName = "file-realm")
public class MyRestApp extends Application {


The file realm identity store can be configured with both @FileIdentityStoreDefinition annotation attributes and MicroProfile Config properties. The annotation and MicroProfile properties have several configuration options.

They are detailed as shown below.

Option MP Config property Description Default Required


The name of the realm.



The location of the file to store user credentials locally. If no file name is defined then the realm name is used as the file name.

Realm Name


The users are assigned membership to these groups for the purposes of authorization decisions.


The JAAS Context of File realm.


Note : If both an annotation attribute and a MicroProfile Config property are defined for the same option then the MicroProfile Config property value always takes precedence over the @FileIdentityStoreDefinition annotation value.