This feature enables support for securing the server runtime environment and applications; it includes a basic user registry. This feature supersedes appSecurity-1.0 and does not include servlet-3.0 or support for the LDAP user registry. To secure web applications, add the servlet-3.0 feature. To secure EJB applications, add the ejbLite-3.1 feature. To use LDAP, add the ldapRegistry-3.0 feature. When you add the appSecurity-2.0 feature to your server, you need to configure a user registry, such as the basic user registry or the LDAP user registry.

Enabling this feature

To enable the Application Security 2.0 feature, add the following element declaration into your server.xml file, inside the featureManager element:

<feature>appSecurity-2.0</feature>

Feature configuration elements

Liberty API packages provided by this feature

  • com.ibm.websphere.security.auth.callback

  • com.ibm.wsspi.security.auth.callback

  • com.ibm.wsspi.security.common.auth.module

  • com.ibm.wsspi.security.tai

  • com.ibm.wsspi.security.token

Features that this feature enables

Supported Java versions

  • JavaSE-1.8

  • JavaSE-11.0

  • JavaSE-17.0

  • JavaSE-21.0

  • JavaSE-22.0

Features that enable this feature

Developing a feature that depends on this feature

If you are developing a feature that depends on this feature, include the following item in the Subsystem-Content header in your feature manifest file.

com.ibm.websphere.appserver.appSecurity-2.0; type="osgi.subsystem.feature"