Securing your WildFly or JBoss EAP server with SSL/HTTPS is essential for protecting data and ensuring compliance with security best practices. Using Let’s Encrypt, you can automate the issuance and renewal of SSL certificates for your WildFly applications, removing the hassle of manual certificate management and ensuring your deployments remain secure with valid, up-to-date certificates.
JBoss Security

WildFly relies upon Elytron as the new single unified framework that can manage and configure security for both standalone servers and managed domains.
The legacy security subsystem (which uses PicketBox framework) has been removed in WildFly 25 therefore it’s required to migrate your security infrastructure to Elytron if you want to use the latest version of the application server.
The Elytron project provides a single unified security framework across the entire application server. As a single framework it will be usable both for configuring management access to the server and for applications installed to the Application Server.
To learn more about WildFly Security, we recommend checking the following resources:
Elytron Realms
Introduction to Elytron Security Realms
How to configure an Elytron JDBC Realm on WildFly
How to configure an Elytron LDAP Realm on WildFly
How to create a custom Elytron Realm
How to use failover and distributed Realms in Elytron
How to configure an Elytron JAAS Security Realm
HTTPS / TLS
How to configure SSL/HTTPS on WildFly
Configuring TLS 1.3 on WildFly application Server
Securing Management Interfaces
How to secure WildFly Management interfaces
Securing WildFly Management interfaces with LDAP
Application Security
Configuring HTTP Basic Authentication with WildFly
Securing a Web application with LDAP and Keycloak
Secure WildFly applications with OpenID Connect
Legacy Security (PicketBox)
Securing JBoss applications with PicketBox
Securing JBoss applications using the ApplicationRealm
Configuring JBoss with PicketBox LDAP Module
How to create a Custom JBoss Login Module
Configuring a MongoDB Login Module
Various
How to debug WildFly security issues
Using Java EE Security Manager with WildFly
Configuring a Caching Realm with Elytron
This tutorial guides you through configuring a caching realm in Elytron to improve authentication performance for your WildFly applications. By caching user credentials retrieved from a separate security realm (e.g., LDAP), you can significantly reduce the load on your identity store and enhance application responsiveness.
Secure WildFly applications with OpenID Connect
WildFly 25 enables you to secure deployments using OpenID Connect (OIDC) without installing a Keycloak client adapter. This tutorial will show a proof of concept example of it.
How to configure an Elytron LDAP Realm on WildFly
This tutorial guides you through setting up an LDAP realm using the WildFly Elytron security subsystem for user authentication. We will learn how to bootstrap a sample LDAP Server with docker and create an LDAP Realm on WildFly Hard requirements For the sake of simplicity, we will start a Containerised version of OpenLdap, which is … Read more
How to configure an Elytron JAAS Security Realm
This article is a walk though the configuration of an Elytron JAAS security Realm on WildFly application server. We will shortly review how JAAS configuration works and then we will deploy an example application which leverages the JAAS Security Configuration file.
How to configure SSL/HTTPS on WildFly
Securing your applications with SSL/HTTPS in WildFly or JBoss EAP is essential for protecting sensitive data and ensuring compliance with modern security standards. In this updated guide, you will learn how to configure HTTPS on WildFly in 2025, using secure TLS protocols and managing certificates with modern tools.
Securing JBoss applications with PicketBox
PicketBox is the legacy security framework for JBoss / WildFly applications. This security framework is now deprecated on newer versions of WildFly and it’s therefore recommended to switch to Elytron.
Within the Security section of this site, you will find introduction and advanced tutorials to get started with Elytron.
How to run WildFly through a firewall
This tutorial will guide you through the configuration of firewall rules to run WildFly through a firewall.
Creating an Elytron Security Realm for WildFly
Elytron is WildFly’s security framework which has replaced the PicketBox legacy security system. In this tutorial we will have an overview of it and learn how to create a sample Elytron File System Realm to secure applications. Next, we will learn how to encrypt the content of Identities in the File System.
How to debug WildFly security issues
In this article we will discuss how to troubleshoot WildFly security issues by enabling the right Loggers or System Properties.