Skip to main content

Eclipse Soteria

Eclipse Soteria is the Eclipse Foundation reference implementation of Jakarta Security, providing pluggable authentication, identity, and security context services for Jakarta EE applications (identity and access).

  • Reference implementation of the Jakarta Security specification for Jakarta EE (identity and access).
  • Provides authentication, authorization, and security context handling for Jakarta EE web and enterprise applications (application security).
  • Integrates with container-managed security and Hypertext Transfer Protocol (HTTP) authentication mechanisms such as Basic and form-based login (web security).
  • Offers extensible security infrastructure via custom identity stores, authentication mechanisms, and interceptors (security extensibility).
  • Aligns with the Eclipse EE4J and Jakarta EE platform for standardized enterprise Java security behavior (enterprise Java platform).

More About Eclipse Soteria

Eclipse Soteria is the reference implementation of the Jakarta Security (formerly Java EE Security) specification under the Eclipse EE4J project and Eclipse Foundation governance, focused on providing a standard security model for Jakarta EE applications (identity and access). It implements the APIs and behaviors defined by the Jakarta Security specification so that enterprise Java runtimes can deliver a consistent mechanism for authentication, authorization, and security context management across web and enterprise components.

The project targets the security layer in Jakarta EE, integrating with servlet containers and other platform components to handle user identity, authentication flows, and Role-Based Access Control (RBAC) (application security). It exposes standard APIs for working with security contexts, including access to the caller principal, roles, and other identity attributes, allowing application code to query and enforce security constraints in a portable way. Because Soteria is the reference implementation, it serves both as a functional security library and as a behavioral baseline that other Jakarta Security implementations can follow.

Soteria implements pluggable identity store and authentication mechanism concepts (security extensibility). Identity stores can connect authentication to a variety of backends, including databases, directory services, or other user repositories, as defined by the Jakarta Security specification. Authentication mechanisms can cover HTTP-based flows such as BASIC, form-based login, and other servlet-oriented schemes (web security). These pluggable components enable application and container vendors to integrate Jakarta Security into diverse deployment environments while maintaining the same programming model.

In enterprise environments, Eclipse Soteria is typically used within Jakarta EE application servers or servlet containers that adopt Jakarta Security (enterprise Java platform). It provides the concrete library code that enforces declarative and programmatic security constraints, often in conjunction with annotations and deployment descriptors. This allows organizations to apply uniform security policies across microservices or monolithic applications built on Jakarta EE, while relying on a specification-defined contract for interoperability.

From an architectural perspective, Soteria fits in the identity and access management layer of Java-based enterprise stacks, interacting with HTTP layers, CDI, and other Jakarta EE services where the specification requires it (application infrastructure). Its alignment with the Eclipse EE4J project and Jakarta EE ecosystem positions it as a standard-compliant option for teams that require portable security behavior across different Jakarta EE compatible runtimes. For directory and taxonomy purposes, Eclipse Soteria is best categorized under enterprise Java security frameworks, reference implementations, and identity and access management libraries for Jakarta EE.