Security is always a concern when implementing applications that will run in production environments. The Payara Platform Enterprise is a fully-supported open source software for enterprises offering a strong tool set of security features so you won’t have to implement your own security measures from scratch, enabling reliable and secure deployments of Jakarta EE and MicroProfile applications on premises, in the cloud, or hybrid environments.
Making the platform secure and providing useful built-in security tools for application developers and production administrators is an essential part of the platform development process and is accomplished with monthly releases, security fixes, critical security patches, and a 10-year software lifecycle. The Payara Platform also provides tools to secure and restrict access to a production system, encrypt communication, and audit security events and configuration changes.
This guide explains and demonstrates the security auditing best practises and features you can find in Payara Server. Security is always a concern you must have when implementing applications that will run in production environments. Both the JVM and Payara Server have a strong tool set of security implementations for most use cases in the industry.
This User Guide will discuss the different aspects of securing the JAX-RS endpoints of your application using standards and common practices like OAuth2, OpenID Connect, JWT Tokens, and MicroProfile JWT authentication in combination with the Payara Platform.
In this datasheet learn about the tools provided by the Payara Platform to secure and restrict access to a production system, encrypt communication, and audit security events and configuration changes.
This user guide written in collaboration with Snyk, takes you through 7 key pointers for developing applications with a minimal security risk. It will help you take responsibility for the security of your software, to best avoid becoming one of the 20,000 websites every day that get hacked on average.
Payara Services Limited is very active at identifying and fixing possible security vulnerabilities included into Payara Server and Payara Micro that are either inherited from GlassFish upstream or introduced by new features developed.
We strongly encourage users to report such problems in the following ways:
You can also direct inquiries about reported CVE issues detected in similar Java platforms or application servers (like Apache Tomcat, JBoss WildFly, etc.) and let us research whether or not Payara Server is affected by such issues.
Explore expert tips, webinars, and product updates to help you build, deploy, and scale modern enterprise Java applications faster.
Using Payara Platform Enterprise gives you additional reassurance that your production systems are secured and safe Payara Platform also […]
Download
Identify Risks. Strengthen Compliance. Safeguard Java. Java applications are under pressure in 2025. With 88% of enterprise apps containing […]
Download
Identify Vulnerabilities. Harden Servers. Safeguard Enterprise Java. Jakarta EE (Java EE) application servers remain a critical backbone for enterprise […]
DownloadJava Champion Ondrej Mihalyi demonstrates with a simple game application, some MicroProfile capabilities in the Payara Platform which powers both Payara Server and Payara Micro. Demonstrating how to:
This User Guide will discuss the different aspects of securing the JAX-RS endpoints of your application using standards and common practices like OAuth2, OpenID Connect, JWT Tokens, and MicroProfile JWT authentication in combination with the Payara Platform.
In this datasheet learn about the tools provided by the Payara Platform to secure and restrict access to a production system, encrypt communication, and audit security events and configuration changes.
This user guide written in collaboration with Snyk, takes you through 7 key pointers for developing applications with a minimal security risk. It will help you take responsibility for the security of your software, to best avoid becoming one of the 20,000 websites every day that get hacked on average.