Security in Jakarta EE has long been under-used and under-specified. Existing specifications ranged from overly complex to non-existent. The result: few people used security standards. Java EE 8 changed that with JSR 375. Its evolution Jakarta Security facilitates portable application security integrated with container security. Allowing applications to treat authentication mechanisms like OAuth or OpenID Connect same as built-in container mechanisms like FORM or container-based access to a URL and features like @RolesAllowed and isUserInRole automatically work as expected.