Built with Seam

You can find the full source code for this website in the Seam package in the directory /examples/wiki. It is licensed under the LGPL.

Active development of Seam Security has been halted by Red Hat. Functionality has been absorbed by the Picketlink Project.

Seam Security

Offers simpler, yet more powerful authentication and authorization for Java EE applications.

To get started, add the following dependencies to your pom.xml: :


* Maven artifacts are located in the JBoss Community Repository:

Module team

Name Module role Commit username (Git) Organization Hometown (Time zone)
Shane Bryzak Lead sbryzak Red Hat, Inc. Brisbane, AU (UTC+10)
Marcel Kolsteren Contributor marcelk Meandi ICT Utrecht, The Netherlands (UTC+1)
Want your name to appear in this list? Join us in #seam-dev on freenode and let us know you want to get involved.


Seam Security provides a powerful set of authentication and authorization services for CDI applications. Authentication is based on the JAAS standard and allows for total control over the user authentication process. Authorization is based on a pluggable, extendable API and offers a number of features for locking down the sensitive parts of your application - ranging from simple role-based security checks all the way through to advanced rule-based and ACL permissions.

To make life even easier, Seam Security provides an Identity Management API for managing the users and roles within your application, and a Permission Management API for managing the permissions for individual domain objects and other user-defined permissions.

For more advanced security requirements, seamless integration with PicketLink allows you to take advantage of an even greater range of security backends, such as SSO, Kerberos and SAML.

Release plan

Version Time frame Focus
3.0.0.Alpha1 Available TBD
3.0.0.Alpha2 December 2010 External authentication services


Among others, the security module will have the following features.

Support for externally authenticated users

The security module will allow CDI applications to delegate user authentication to an identity provider like OpenId. This will allow developers to open up their application for users that own an account at Google or Yahoo or any other SAMLv2 or OpenID provider. The user experience will be better: the user doesn't have to register a new account, doesn't need to remember another password, and only needs to login once. The developer experience will also be better: no need for administering user passwords and no need to implement password recovery mechanisms.

You can expect:

  • Single Sign On
  • Single Logout
  • Metadata import- and export
  • User attribute exchange
  • Virtual application support (multi-tenancy)

Ideas for additional features:

  • Integration with the JPA identity store (enable linking of internal identity store account with external accounts)

Support for exposing IDM users to other applications

If you have a CDI application with an own user/password database, you can use the security module to expose those users to other applications. This turns your application into a SAMLv2 identity provider and/or an OpenID provider. Other applications (Seam based or not Seam based) can delegate authentication to your IDM application.

Design whiteboard

This section serves as a whiteboard for design and ideas for this module. Once you've decided to pursue a feature, it should be added to JIRA as a feature request and optionally linked from this page.