Elytron is a set of Java APIs and SPIs for application server security. Although it was developed to unify security across the WildFly application server, Elytron is an open-source, standalone library that can theoretically be used in other Java server environments. Within WildFly, Elytron has replaced the combination of PicketBox and the Java Authentication and Authorization Service (JAAS) as the WildFly client and server security mechanism. In this session, we’ll first touch on some Java application server security history to understand the motivation for introducing Elytron. Then, we’ll dive into what Elytron is and learn about its core concepts, including authentication and authorization. We’ll then go through an example of how Elytron can be used to secure an embedded web server.