Jakarta Authorization 3.0

Release Date

The planned changes in this version fall into one of two areas:

  • Full removal of dependency on java.security.Policy and replacing it with somethibg else (which is why this is a major release). https://github.com/jakartaee/authorization/issues/99
  • New features
    • Register a policy provider (its replacement, as per the above item) programmatically per application https://github.com/jakartaee/authorization/issues/99
    • Introduce a portable group to role mapper
    • Standarize the context ID for Servlet containers
    • Several convenience methods to make the API easier to use

This release will also address any bug fixes and clarifications requests that arise during development.


This release will be non-compatible with previous releases, and integrators need to update their integration.

As Jakarta Authorization is mostly an SPI aimed at Jakarta EE runtimes (such as application servers), the impact for the average user will be low.