Security Connectors

Security Connectors are a collection of Jakarta EE Security adapters that implements industry-standard security protocols, specifications and integrates with third-party security artifacts & components.

The available connectors on Maven central are:

OpenId Connect Client

Implements OpenId Connect standard protocol by implementing Jakarta EE Security HTTP Authentication Mechanism and Identity Store for authentication & authorization using @OpenIdAuthenticationDefinition annotation and also provides access to the user’s profile info, Identity token, Access token, & Refresh token using CDI-based injection.

OAuth 2.0 Client:

Implements OAuth 2.0 standard protocol by implementing Jakarta EE Security HTTP Authentication Mechanism and Identity Store for authorization using @OAuth2AuthenticationDefinition annotation and provides access to the Identity token and Access token using CDI-based injection.

Payara Platform Enterprise also provides the built-in Yubikey Authentication Mechanism. This allows authentication through a hardware device. This type of authentication removes some need of using credentials and requires authenticating using a physical token in a very secure way.

Standalone Variants of Connectors

Standalone connectors provide the same functionality as standard connectors. But while the standard connectors are built to be integrated with Payara Platform runtimes (e.g. Payara Server), the standalone connectors are built to be safely included in the applications deployed to a Payara Platform runtime without any conflicts with the connectors in the runtime. This is done by shading the classes in the connector and all its dependencies so that is in a different package name.

Adding a Standalone Connector

A standalone connector can be added to your application as a JAR library (or as a compile-time dependency in a WAR Maven project). To use it, follow the documentation of the standard connectors but use the package instead of the to import the classes.

OpenID Connect standalone connector has a standalone variant. For more information, click here.
If you’d like to use a newer version of a connector on one of the Payara Platform runtimes which already contains an older version of the container, you need to either add a standard container into your application and disable classloading delegation (Disabling Classloading delegation) or add a standalone variant of the container in your application.