--- title: Java Compatibility Requirements description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: >- Docs > Datadog Security > App and API Protection > Enabling App and API Protection > Compatibility Requirements > Java Compatibility Requirements --- # Java Compatibility Requirements {% callout %} # Important note for users on the following Datadog sites: app.ddog-gov.com {% alert level="danger" %} This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site). (). {% /alert %} {% /callout %} ## App and API Protection capabilities{% #app-and-api-protection-capabilities %} The following App and API Protection capabilities are supported in the Java library, for the specified tracer version: | App and API Protection capability | Minimum Java tracer version | | -------------------------------------- | --------------------------- | | Threat Detection | 1.8.0 | | API Security | 1.31.0 | | Threat Protection | 1.9.0 | | Customize response to blocked requests | 1.11.0 | | Automatic user activity event tracking | 1.20.0 | The minimum tracer version to get all supported App and API Protection capabilities for Java is 1.31.0. **Note**: Threat Protection requires enabling [Remote Configuration](https://docs.datadoghq.com/tracing/guide/remote_config), which is included in the listed minimum tracer version. ### Supported deployment types{% #supported-deployment-types %} Threat Detection is supported in the following deployment types: - Docker - Kubernetes - Amazon ECS - AWS Fargate - AWS Lambda - Azure App Service **Note**: Azure App Service is supported for **web applications only**. App and API Protection doesn't support Azure Functions. ## Language and framework compatibility{% #language-and-framework-compatibility %} ### Supported Java versions{% #supported-java-versions %} The Java Tracer supports automatic instrumentation for the following Oracle JDK and OpenJDK JVM runtimes. | JVM versions | Operating Systems | Support level | Tracer version | | ------------ | ------------------------------------------------------------------------ | ------------- | -------------- | | 8 to 17 | Windows (x86-64)Linux (glibc, musl) (arm64, x86-64)MacOS (arm64, x86-64) | Supported | Latest | Datadog does not officially support any early-access versions of Java. ### Web framework compatibility{% #web-framework-compatibility %} - Attacker source HTTP request details - Tags for the HTTP request (status code, method, etc) - Distributed Tracing to see attack flows through your applications | Framework | Versions | Threat Detection supported? | Threat Protection supported? | | ---------------- | ------------- | --------------------------- | ----------------------------------------- | | Grizzly | 2.0+ | yes | yes | | Glassfish | yes | yes | | gRPC | 1.5+ | yes | N/A (Blocking not yet available for gRPC) | | Java Servlet | 2.3+, 3.0+ | yes | yes | | Jetty | 7.0-9.x, 10.x | yes | yes | | Spring Boot | 1.5 | yes | yes | | Spring Web (MVC) | 4.0+ | yes | yes | | Spring WebFlux | 5.0+ | | Tomcat | 5.5+ | yes | yes | | Vert.x | 3.4+, 4+ | yes | yes | **Note**: Many application servers are Servlet compatible and are automatically covered by that instrumentation, such as Websphere, Weblogic, and JBoss. Also, frameworks like Spring Boot (version 3) inherently work because they usually use a supported embedded application server, such as Tomcat, Jetty, or Netty. {% alert level="info" %} If you don't see your framework of choice listed, let us know! Fill out [this short form to send details](https://forms.gle/gHrxGQMEnAobukfn7). {% /alert %} ### Networking framework compatibility{% #networking-framework-compatibility %} `dd-java-agent` includes support for automatically tracing the following networking frameworks. **Networking tracing provides:** - Distributed tracing through your applications - Request-based blocking ##### App and API Protection Capability Notes{% #app-and-api-protection-capability-notes %} | Framework | Versions | Threat Detection supported? | Threat Protection supported? | | ---------------------------------- | -------- | --------------------------- | ---------------------------- | | Apache HTTP Client | 4.0+ | yes | | gRPC | 1.5+ | yes | | HttpURLConnection | all | yes | | Jax RS Clients | 2.0+ | yes | yes | | Jersey Server | 1.9-2.29 | yes | yes | | Netty HTTP Server | 3.8+ | yes | | RESTEasy | 3.0.x | yes | | Spring SessionAwareMessageListener | 3.1+ | yes | {% alert level="info" %} If you don't see your framework of choice listed, let us know! Fill out [this short form to send details](https://forms.gle/gHrxGQMEnAobukfn7). {% /alert %} ### Data store compatibility{% #data-store-compatibility %} `dd-java-agent` includes support for automatically tracing the following database frameworks/drivers. **Datastore tracing provides:** - Timing request to response - Query info (for example, a sanitized query string) - Error and stacktrace capturing ##### App and API Protection capability notes{% #app-and-api-protection-capability-notes-1 %} | Database | Versions | Threat Detection supported? | | --------- | -------- | --------------------------- | | JDBC | N/A | yes | | Aerospike | 4.0+ | yes | | Couchbase | 2.0+ | yes | | MongoDB | 3.0-4.0+ | yes | `dd-java-agent` is also compatible with common JDBC drivers for Threat Detection, such as: - Apache Derby - Firebird SQL - H2 Database Engine - HSQLDB - IBM DB2 - MariaDB - MSSQL (Microsoft SQL Server) - MySQL - Oracle - Postgres SQL - ScalikeJDBC {% alert level="info" %} If you don't see your framework of choice listed, let us know! Fill out [this short form to send details](https://forms.gle/gHrxGQMEnAobukfn7). {% /alert %} ### User Authentication Frameworks compatibility{% #user-authentication-frameworks-compatibility %} **Integrations to User Authentication Frameworks provide:** - User login events, including the user IDs - Account Takeover detection monitoring for user login events | Framework | Minimum Framework Version | | --------------- | ------------------------- | | Spring Security | 5.5+ | This is new content at line 33