Despite the version number 3, Jakarta Security 3 is the first real update of Jakarta Security since it was introduced as Java EE Security in Java EE 8. In this article we’ll take a look at what new things have been added. We’ll first take a look at the user facing umbrella API, which is Jakarta Security itself, and then take a look at the two underlying SPIs it depends on; Jakarta Authentication and Jakarta Authorization. OpenID Connect The signature addition to Jakarta Security 3 is the new OpenID Connect authentication mechanism, contributed by Payara’s Lead Developer Rudy De Busscher and Principal Engineer Gaurav Gupta . OpenID Connect joins the existing Basic , Form and Custom Form authentication mechanisms. The plan to also gain parity to Servlet by adding Jakarta Security versions of the Client-Cert and Digest authentication mechanisms unfortunately failed, as simply nobody picked up the work for that. As Jakarta Security is now mostly a volunteer driven OSS proje...