jGuard is a java security framework based on JAAS. this framework is written for web applications, to resolve simply, access control problems.


  • relies only on java 1.4 and j2ee 1.3 or higher
  • can be adapted on any webapp, on any application server
  • permit to a user to have more than one role simultaneously
  • does not depend on a web framework, or an AOP framework
  • build on top of the standard and very secure and flexible JAAS
  • authentications and authorizations are handled by pluggable mechanisms
  • handle authentication data stored in a database, an XML file, a JNDI datasource, an LDAP directory, Kerberos...
  • changes take effects 'on the fly' (dynamic configuration)
  • permissions, roles,and their associations can be created, updated,deleted on the fly through a webapp (an API is provided too)
  • each webapp has its own authentications and authorizations configuration
  • a taglib is provided to protect jsp fragment
  • support security manager

URL: http://jguard.sourceforge.net/
Licence: LGPL