Payara Server
Payara Server is an open-source middleware application server that serves as a runtime environment for developing, deploying, and managing Jakarta EE (formerly Java EE), Java SE, Spring Boot, and MicroProfile applications across on-premises, cloud, hybrid, and containerized environments.[1] It originated in 2014 as a community-driven fork of the GlassFish 4.1 open-source edition, created by Payara Services Limited to provide production-ready enhancements, bug fixes, and ongoing support after Oracle reduced investment in GlassFish.[2] Since its inception, Payara Server has evolved into a robust platform emphasizing stability, security, and high availability for mission-critical workloads, with regular updates incorporating Jakarta EE specifications up to Jakarta EE 11 (certified in November 2025) and modern deployment tools like Docker and Kubernetes.[3][4] Key features of Payara Server include its support for large-scale monolithic and microservices architectures, automatic high-availability clustering with features like session replication and failover, and compliance with standards such as the EU Cyber-Resilience Act for enhanced security.[1] It offers broad Java version compatibility, including long-term support for existing subscribers on legacy versions like Java 8 until 2030, making it suitable for enterprises modernizing existing applications without full rewrites.[1][5] The server also integrates developer tools for streamlined application deployment, logging, and monitoring, enabling efficient scaling in cloud-native setups on platforms like AWS, Azure, and Kubernetes.[6] Payara Server is available in two editions: the free Community Edition, ideal for development and testing with full open-source access, and the Enterprise Edition, which provides commercial support, service-level agreements (SLAs) such as 10x5 or 24x7 coverage, monthly security patches, and a 10-year lifecycle for production environments.[1] Trusted by global enterprises, it powers over 150,000 monthly users and facilitates the modernization of legacy Java applications, with more than 80% of companies relying on such systems.[3] As part of the broader Payara Platform, it includes variants like Payara Micro for embedded deployments and Payara Qube for simplified operations, positioning it as a versatile solution in the Java ecosystem.[3]Overview
Description
Payara Server is an open-source middleware platform designed for building, deploying, and managing Java-based enterprise applications, with full support for Jakarta EE standards.[7] It enables developers and organizations to create scalable, secure applications that run reliably across various environments, including on-premises, cloud, and hybrid setups.[8] The server primarily serves use cases involving the hosting of web applications, enterprise Java services, and microservices in production environments, where stability and compliance with industry standards are essential.[9] It supports rapid development cycles and secure deployments, making it suitable for mission-critical workloads that require consistent performance.[7] As a drop-in replacement for GlassFish, Payara Server builds on its foundations to offer enhanced stability, ongoing support, and production-ready features for traditional application server needs.[9] Originating as a fork of GlassFish in 2014, it has evolved independently to address enterprise demands.[9] As of November 2025, the latest stable release is Payara Platform Community 7.2025.1, which includes official certification for Jakarta EE 11, underscoring its maturity and alignment with current standards.[10]Editions and licensing
Payara Server is available in two primary editions: the Community Edition, which is fully open-source and free for use, and the Enterprise Edition, a commercial variant designed for production environments. The Community Edition serves as the foundation, incorporating enhancements built on top of the open-source GlassFish application server.[2][7] The Community Edition is licensed under the Common Development and Distribution License (CDDL) 1.1 and the GNU General Public License version 2.0 (GPLv2) with the Classpath Exception, allowing broad usage for development, testing, and small-scale deployments without cost. This dual-licensing model, inherited from GlassFish, enables users to choose between a permissive license for proprietary applications or a copyleft model for open-source projects. It supports Jakarta EE and MicroProfile standards, with frequent releases focused on innovation and community contributions via forums and GitHub.[11][12] In contrast, the Enterprise Edition operates under a proprietary licensing model with subscription-based access, providing additional proprietary features, professional support, and an extended software lifecycle of up to 10 years. Subscribers gain access to premium tools such as advanced monitoring, immediate security hotfixes, downported patches, SSL certificate management, and dedicated notifiers, alongside options for 24x7 or 10x5 support and consultancy services from Payara Services Ltd. This edition is optimized for mission-critical production workloads, including high availability and compliance needs.[2][13] Key differences between the editions are summarized in the following table:| Aspect | Community Edition | Enterprise Edition |
|---|---|---|
| Licensing | Open-source (CDDL 1.1 / GPLv2 + CE) | Proprietary subscription |
| Support | Community forums and GitHub | 24x7, 10x5, or project-based professional |
| Release Cycle | Frequent, innovation-focused | Monthly with long-term stability and patches |
| Security Updates | Via next release | Immediate hotfixes and alerts |
| Additional Features | Core Jakarta EE/MicroProfile | Premium tools (e.g., advanced monitoring, Yubikey) |
| Suitability | Development and small-scale | Production and enterprise deployments |
History
Origins as GlassFish fork
GlassFish Server, originally developed by Sun Microsystems and acquired by Oracle in 2010, served as the open-source reference implementation for Java EE standards. However, following Oracle's announcement in November 2013 that it would cease providing commercial support for future major releases of GlassFish, community concerns grew over the pace of open-source development and maintenance, as updates and bug fixes became less frequent.[15][16] In response, Payara Server was forked from the open-source GlassFish 4.1 edition and launched in October 2014 by C2B2 Consulting, a UK-based middleware consultancy specializing in Java EE solutions. This initial version, Payara Server 4, was created by Steve Millidge and his team at C2B2 (which later rebranded and evolved into Payara Services Ltd) to ensure continued vitality for the platform. The fork aimed to deliver regular updates, timely bug fixes, and commercial support options that Oracle had discontinued, thereby addressing enterprise needs for a stable, production-ready Java EE server without disrupting existing deployments.[17][18] The early Payara Server releases emphasized stability enhancements through backported fixes from the GlassFish community and beyond, while maintaining full binary compatibility as a drop-in replacement for GlassFish 4.x. This approach quickly gained traction among users seeking reliable alternatives, fostering community contributions and positioning Payara as a bridge to ongoing innovation in the Java EE ecosystem.[2][19]Key development milestones
Payara Server transitioned to version 5 in March 2018, aligning fully with Java EE 8 specifications through integration of GlassFish 5 reference implementations.[20] This release introduced initial support for MicroProfile 1.2, enabling lightweight microservices development alongside traditional enterprise applications.[21] Subsequent updates in the 5.x series, such as 5.183 in September 2018, advanced MicroProfile compatibility to version 2.0.[19] The version 6 era began with the initial release in November 2022, marking a strategic shift to the Jakarta EE branding following the Eclipse Foundation's stewardship of the platform since 2017.[22][23] This era adopted a quarterly release cadence to deliver timely enhancements, including improved cloud integration for containerized environments. Payara maintained compatibility with evolving Jakarta EE standards, achieving full Jakarta EE 10 support in late 2022.[24] In 2021, Payara emphasized an enterprise-focused strategy through the expansion of its Enterprise Edition, launched in 2020, to ensure long-term funding and support for open-source development via commercial subscriptions.[25] The 2025 releases advanced Jakarta EE 11 readiness, with the September edition (Payara 7.2025.1 Beta1) focusing on compatibility improvements and component upgrades.[26] In October 2025, Payara contributors proposed the Jakarta Agentic AI Project to integrate AI agents into the Jakarta EE ecosystem.[27][28] These updates also enhanced Kubernetes-native deployments, building on prior cloud-native capabilities to support orchestrated, scalable Jakarta EE applications.[29] The November 2025 release (Payara Community 7.2025.1) achieved full certification for Jakarta EE 11 compatibility.[10] Throughout its evolution, community contributions have been pivotal, with open-source developers providing bug fixes and backporting features from upstream GlassFish via GitHub repositories.[7] This collaborative model has sustained Payara's quarterly innovation while ensuring alignment with broader Jakarta EE ecosystem goals.[30]Architecture
Core components
Payara Server's architecture features a modular design rooted in the OSGi framework, enabling dynamic loading and management of components at runtime. This foundation, inherited from GlassFish, utilizes the Apache Felix OSGi implementation to encapsulate functionalities as bundles, allowing for selective deployment and extension without restarting the server.[31] Core modules include the Grizzly HTTP server, which handles incoming web traffic with non-blocking I/O for high performance; the EJB container, responsible for managing enterprise JavaBeans and their lifecycle; and the JPA persistence layer, which supports object-relational mapping through providers like EclipseLink.[32][31] This modularity is further enhanced by the HK2 kernel, a lightweight dependency injection and service locator system that facilitates component discovery and wiring.[31] Among the key components inherited from GlassFish, the web container provides robust support for servlets, JSPs, and web services, leveraging Grizzly's framework in a manner akin to embedded Tomcat integration for efficient request processing.[31] JMS provider integration is handled through resources like the embedded OpenMQ broker, enabling reliable messaging for asynchronous communication in enterprise applications. Transaction management is implemented via the Java Transaction API (JTA), ensuring atomicity and consistency across distributed operations with a built-in transaction manager.[31] Payara Server introduces extensions to this base architecture, including custom APIs for streamlined configuration management and the Domain Administration Server (DAS), which serves as a central hub for overseeing multiple server instances and domains through tools like theasadmin utility. These enhancements build on GlassFish's structure while adding Payara-specific attributes to configuration files, such as domain.xml, to support advanced administrative tasks.
As of November 2025, Payara Server 6.2025.x maintains full compliance with Jakarta EE 10 specifications, incorporating updates to core APIs like Servlet 6.0, JPA 3.1, and JAX-RS 3.1, and provides beta support for Jakarta EE 11, while providing compatibility for applications updated to Jakarta EE 10; legacy Java EE 8 applications require namespace updates from javax to jakarta for deployment on Payara Server 6.[33][26] This ensures that foundational components remain interoperable across specification versions with appropriate updates for most deployments.[33]
High availability and clustering
Payara Server provides high availability (HA) and clustering capabilities through a combination of in-memory data replication, dynamic instance management, and integration with external components, enabling reliable operation in distributed environments. Central to this is the Domain Data Grid, powered by Hazelcast, which facilitates automatic instance discovery and peer-to-peer communication among server instances without requiring a central Domain Administration Server (DAS) for coordination. This architecture supports scalability by allowing instances to join or leave clusters dynamically, ensuring minimal disruption during failures or expansions. Note that traditional clusters have been deprecated in favor of Deployment Groups for modern HA setups.[34] Deployment Groups represent Payara Server's modern clustering model, introduced in version 5 as a flexible alternative to traditional clusters. These groups form a loose collection of standalone Payara Server instances that can be targeted for application deployments, lifecycle management, and configuration synchronization. Unlike legacy setups dependent on the DAS, Deployment Groups enable dynamic instance management where servers operate independently yet collaborate via the Hazelcast-based Data Grid for tasks like session sharing and data distribution. Administrators can add or remove instances from a group using commands such asadd-instance-to-deployment-group, allowing repurposing of resources—for example, shifting an instance from a development group to production—while maintaining HA through automatic discovery and replication. This model supports rolling restarts that preserve data integrity, ensuring no loss during maintenance.[35][36]
Load balancing and failover in Payara Server leverage both internal mechanisms and external integrations to distribute traffic and handle failures seamlessly. The server supports session replication via the Hazelcast Data Grid, which provides in-memory persistence for HTTP sessions and stateful session beans across instances in a Deployment Group or cluster, enabling automatic failover if an instance becomes unavailable. Automatic instance discovery occurs through Hazelcast's multicast or TCP/IP configurations, allowing new members to join without manual intervention. For load balancing, Payara includes built-in support for HTTP load balancer configurations via the create-http-lb command, which generates settings for distributing requests across instances using policies like round-robin or weighted distribution; this is typically paired with an external front-end such as Apache HTTP Server using mod_jk or mod_proxy_ajp modules to route traffic and monitor health checkers for failover. In failover scenarios, the system redirects requests to healthy instances, preserving user sessions through replicated data.[37]
HA configurations in Payara Server emphasize active-active topologies, where multiple instances process requests simultaneously for optimal resource utilization. Stateful session persistence is achieved through Hazelcast's distributed caching, replicating session data synchronously or asynchronously to ensure continuity during instance failures. The server integrates with external load balancers like HAProxy, which can be configured to proxy requests to Payara instances while leveraging health checks and sticky sessions for efficient traffic management and failover. This setup supports scalable deployments, such as running multiple Deployment Groups across nodes, with the Data Grid handling data consistency.[38]
Payara Server supports zero-downtime upgrades via rolling deployment strategies, where instances are updated sequentially while maintaining service availability through load balancer rerouting and session replication. For disaster recovery, Hazelcast's WAN replication can synchronize data across geographically distributed clusters, though specific configurations may vary.[39]
Features
Jakarta EE and MicroProfile support
Payara Server provides full support for Jakarta EE 11, ensuring compatibility with core enterprise Java specifications through rigorous Technology Compatibility Kit (TCK) testing. This certification encompasses key components such as Jakarta Servlets for web request handling, Jakarta Pages (JSP) for dynamic web content generation, Jakarta Enterprise Beans (EJB) for business logic encapsulation, Jakarta Persistence (JPA) for object-relational mapping, Jakarta RESTful Web Services (JAX-RS) for building RESTful APIs, and Contexts and Dependency Injection (CDI) for managing dependencies and contexts. As of the 2025 releases, including Payara Platform Community 7.2025.1, this support remains integral to the server's enterprise capabilities, with ongoing compatibility verified against the Eclipse Foundation's standards.[40][41] In addition to Jakarta EE compliance, Payara Server integrates Eclipse MicroProfile 6.1, which enhances observability and operational efficiency in modern applications. This includes implementations of MicroProfile Metrics for collecting and exposing application performance data, MicroProfile Health for proactive health monitoring and readiness checks, MicroProfile OpenTracing for distributed tracing to track request flows across services, and MicroProfile OpenAPI for automated generation of API documentation. These features collectively enable robust observability by providing standardized metrics, health endpoints, tracing capabilities, and API insights, all certified via TCK compliance to ensure interoperability.[42][43] Payara Server's certification history demonstrates consistent TCK compliance beginning with version 5, which achieved Jakarta EE 8 compatibility in 2019, and progressing through subsequent releases to support evolving specifications. Since version 5, Payara has maintained full TCK passage for both Jakarta EE platforms and MicroProfile suites, with version 6 marking early adoption of Jakarta EE 10 and MicroProfile 6.0 certifications upon their respective launches, and version 7 (as of November 2025) achieving Jakarta EE 11 and MicroProfile 6.1 certifications. As a strategic member of the Eclipse Foundation's Jakarta EE Working Group, Payara has led contributions to specification development, including feature proposals and implementation feedback that influence standards like CDI and JAX-RS.[33][10] To optimize Jakarta EE workloads, Payara Server incorporates performance-tuned containers that deliver low-latency API responses and efficient resource pooling. The EJB container, for instance, features adjustable pool sizes (e.g., maximum of 128 for stateless beans) to balance concurrency and throughput, while thread pools for HTTP and ORB components are configurable (e.g., minimum 25 to maximum 350 threads) to minimize response times under load. Resource pooling extends to JDBC connections with steady sizes around 10 and maximum waits tuned to zero for immediate availability, complemented by JVM settings like G1 garbage collection to reduce latency in API processing. These optimizations ensure scalable, high-performance execution of Jakarta EE applications without compromising compliance.[44]Cloud-native and microservices capabilities
Payara Server's cloud-native capabilities enable seamless deployment in containerized environments, supporting modern architectures that emphasize scalability, resilience, and rapid iteration. Built on Jakarta EE and Eclipse MicroProfile foundations, it facilitates the transition from traditional monolithic applications to distributed microservices without requiring significant code changes.[45][46] A cornerstone of these capabilities is Payara Micro, an embedded runtime designed specifically for microservices. It allows developers to package applications as uber-JARs, enabling direct execution of WAR files from the command line with a single invocation, eliminating the need for separate server installation or configuration. With a minimal footprint of under 100 MB, Payara Micro starts in seconds, making it ideal for resource-constrained container environments and supporting Jakarta EE Web Profile compliance for lightweight deployments.[45][47][48] For cloud integrations, Payara Server provides native support for Docker through official images available in public repositories, allowing straightforward containerization of applications. It extends to Kubernetes via the Payara Kubernetes Operator, which automates deployment groups, session replication, and elastic scaling within clusters. This operator simplifies orchestration on platforms like AWS, Azure, and Google Cloud Platform, where Payara's built-in AutoScale feature dynamically adjusts instances based on demand metrics such as CPU utilization or custom health checks.[49][50] In terms of reactive and asynchronous features, Payara Server integrates with SmallRye Mutiny through its Eclipse MicroProfile Reactive Messaging and Streams Operators support, enabling non-blocking I/O and event-driven processing for microservices. This allows applications to handle high-throughput scenarios efficiently, such as streaming data or asynchronous messaging, by composing reactive pipelines that propagate failures and backpressure gracefully.[51] Payara Server supports compatibility with service meshes like Istio via its Hazelcast clustering plugin, which ensures automatic member discovery in Kubernetes environments without additional configuration. While direct GitOps tooling is not natively embedded, the platform's REST APIs and Operator facilitate integration with GitOps workflows for declarative deployments.[52]Deployment and management
Installation and configuration
Payara Server requires a compatible Java Development Kit (JDK) as a prerequisite. The Community Edition supports JDK 21 from vendors such as OpenJDK, Azul Zulu, Oracle JDK, Amazon Corretto, and Eclipse Adoptium.[53] The Enterprise Edition additionally supports JDK 11 and 17.[54] Recent releases, including Payara Server 7.2025.1, recommend JDK 21 for optimal performance and security updates.[10] Examples include OpenJDK 21 or Azul Zulu 21, which must be installed and configured via theJAVA_HOME environment variable before proceeding.[55]
The server can be downloaded as a ZIP archive from the official Payara website, providing the full distribution for standalone installations.[56] For containerized environments, official Docker images are available on Docker Hub under the payara/server-full repository, tagged by version such as 7.2025.1.[57] While community guides exist for integrating with package managers like apt on Ubuntu or yum on CentOS, Payara does not provide official repositories for these; installations typically involve manual ZIP extraction followed by service configuration.[58]
To install via ZIP on Linux or macOS, extract the archive using the unzip command (e.g., unzip payara-7.2025.1.zip), resulting in a directory like payara7/glassfish containing the server files.[59] On Windows, use the built-in file explorer or tools like 7-Zip to extract the ZIP, then set environment variables such as PAYARA_HOME pointing to the extracted glassfish folder.[60] For Docker, pull the image with docker pull payara/server-full:7.2025.1 and run a container exposing ports 8080 (HTTP) and 4848 (admin), for example: docker run -d -p 8080:8080 -p 4848:4848 --name payara payara/server-full:7.2025.1.[57] Linux users should ensure execute permissions on scripts in the bin directory (e.g., chmod +x bin/asadmin), while Windows requires running batch files like asadmin.bat from the Command Prompt; macOS installations benefit from Homebrew for JDK setup but follow Linux-like extraction.[59][60]
Basic configuration begins with domain management using the asadmin command-line interface, located in the bin directory. A default domain named domain1 is pre-configured upon extraction, but to create a new one, execute asadmin create-domain --adminport 4848 --instanceport 8080 mydomain, which generates the necessary files including domain.xml.[59] The domain.xml file, found at domains/mydomain/config/domain.xml, stores server settings and can be edited manually for customizations such as changing HTTP ports (e.g., under <http-listener> elements), adding JVM options via <jvm-options> tags (e.g., -Xmx2g for heap size), or defining security realms in the <security-service> section—though asadmin commands like set domain.configs.config.server-config.java-config.javahome=/path/to/jdk are preferred to avoid syntax errors. Initial startup is achieved with asadmin start-domain mydomain on Linux/macOS or asadmin.bat start-domain mydomain on Windows, verifying readiness via the admin console at http://localhost:4848.[59] For high availability setups, basic clustering can be referenced by creating additional domains on remote instances, but detailed configuration follows separate guidelines.
Monitoring and administration
Payara Server offers a suite of built-in tools for post-deployment monitoring and administration, enabling administrators to oversee instance health, diagnose issues, and optimize performance. The primary interface is the Admin Console, a web-based graphical user interface accessible via HTTP on the default port 4848, which provides intuitive navigation for viewing server status, configuring resources, and executing diagnostic tasks.[61] Complementing this, the asadmin command-line interface (CLI) supports scripted automation for deployments, resource management, and diagnostics; for instance, commands likedeploy handle application updates, while list --monitor retrieves available monitoring data points.[62] Additionally, REST APIs expose endpoints such as /management/domain for programmatic access to configuration and monitoring data, allowing integration into CI/CD pipelines for automated diagnostics and deployments.[63]
Monitoring capabilities in Payara Server are enabled by default and can be fine-tuned per module (e.g., JVM, EJB) at levels like LOW or HIGH using set-monitoring-level via asadmin, with dynamic adjustments possible without restarts in some cases.[62] Java Management Extensions (JMX) integration exposes runtime statistics through MBeans, accessible via clients like JConsole on port 8686, covering metrics such as heap usage and thread counts for real-time analysis.[64] For broader observability, MicroProfile Metrics support exposes server and application metrics in Prometheus-compatible format at the /metrics endpoint, facilitating scraping by Prometheus and visualization in Grafana dashboards to track trends like request latency and error rates.[65] Log aggregation is supported by directing server logs to external systems, with tools like Kibana enabling visualization of aggregated data for pattern detection in events and errors.[66]
Key administration tasks encompass user management, resource configuration, and performance optimization. Security realms for user authentication, such as file-based or JDBC realms, are administered using asadmin commands like create-file-user to add users and assign groups, ensuring secure access control. JDBC resource pools are created and tuned via create-jdbc-connection-pool and create-jdbc-resource in asadmin or through the Admin Console under Resources > JDBC, allowing settings for pool size, validation timeouts, and failover to maintain database connectivity. Performance tuning includes heap analysis by monitoring JVM metrics with monitor --type jvm to identify memory leaks, followed by adjustments to JVM options like -Xmx for maximum heap size directly in the domain configuration.[67]
In Payara Server Enterprise, advanced features include Payara InSight, a dedicated module offering real-time dashboards for metrics visualization, configurable alerts on thresholds like CPU utilization, and capacity planning tools to forecast resource needs based on historical trends.