Try Free

Authentication and Authorization Stores in Payara Platform

Security
Jadon Ortlepp
Published: 07 Jul 2020
Updated: 21 Oct 2025

Securing your application is a very important aspect of development. You not only need to make sure that the application has the intended functionality but also that this functionality can only be executed by the appropriate people. It is critical to ensure that updates to data are restricted to the correct people, and that end users only see data they are allowed to see. And in case of sensitive data, this is even more important.

The definition and configuration of these processes have become easier with the introduction of the Security API in Java EE 8 which is available in Payara Platform 5. 

This guide describes concepts such as:

  • HTTP Authentication Mechanism and Identity Store
  • Groups vs. Role
  • OAuth2 and OpenIdConnect
  • Combining the Payara Realms with the Security API
  • Detailed examples for how to use in the Payara Platform

Payara Platform has a multitude of possibilities to secure your application. We will introduce the concepts of the Security API and show detailed examples on how you can use it to secure the application using a hashed password stored in the database and using the Google OpenIdConnect functionality.

We will also discuss the option to define multiple IdentityStores to retrieves authorization information from multiple sources and using multiple stores for authentication which include creating a custom Identity Store handler for the veto concept.

And finally, we will describe how you can combine the Payara Realms with the Security API to
have even more possibilities.

{{cta(‘1e4c6b99-f75d-431c-827a-3e939e6af8e6’)}}

 

Share:

Download Payara Platform Community

Comments (0)

Post a comment

Your email address will not be published. Required fields are marked *

Payara needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Legal & Privacy Policy.

Related Posts

The Imperative for Legacy Java Modernization in Banking Cover 2 minutes
Security
Luqman Saeed
24 Oct 2025

The $57 Billion Problem: Why Banking’s Java Legacy Crisis Demands Immediate Action

How outdated Java systems are draining budgets and throttling innovation across financial services? Let’s dig in in this blog […]

Read More
Interview The software that could be putting your cyber-security at risk 2 minutes
Security
Payara Content Team
22 Oct 2025

Middleware Cyber Security: The Hidden Risk Every C-Suite Should Prioritize

When tackling cyber risk at the strategic level, it pays to learn from trusted leaders. Steve Millidge, CEO and […]

Read More
Graphic promoting the Jakarta EE Agentic AI Project by Payara Community. The design shows a laptop screen with a central icon of a person wearing headphones and using a laptop, surrounded by sparkles. The background features blue ocean-themed elements with coral and small fish. Logos for Jakarta EE and Payara Community appear at the top. 3 minutes
Community
Dominika Tasarz
20 Oct 2025

Announcing the Jakarta Agentic AI Project

Exploring the Future of AI with the Jakarta EE Community At Payara, we’re passionate about pushing the boundaries of […]

Read More