--- title: Java Compatibility Requirements description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: >- Docs > Datadog Security > App and API Protection > Enabling App and API Protection > Compatibility Requirements > Java Compatibility Requirements --- # Java Compatibility Requirements {% callout %} # Important note for users on the following Datadog sites: app.ddog-gov.com, us2.ddog-gov.com {% alert level="danger" %} This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ({% placeholder "user-datadog-site-name" /%}). {% /alert %} {% /callout %} ## App and API Protection capabilities{% #app-and-api-protection-capabilities %} The following App and API Protection capabilities are supported in the Java library, for the specified tracer version: | App and API Protection capability | Minimum Java tracer version | | ------------------------------------------- | --------------------------- | | HTTP Monitoring | 1.51.0 | | gRPC Monitoring | 1.36.0 | | GraphQL Monitoring | 1.32.0 | | Exploit Prevention | 1.45.0 | | API Security | 1.54.0 | | Account Takeover Protection | 1.39.0 | | Runtime Activation | 1.13.0 | | Runtime Software Composition Analysis (SCA) | 1.13.0 | | Runtime Code Analysis (IAST) | 1.47.0 | The minimum tracer version to get all supported App and API Protection capabilities for Java is 1.54.0. **Note**: Blocking requires enabling [Remote Configuration](https://docs.datadoghq.com/tracing/guide/remote_config.md), which is included in the listed minimum tracer version. ### Supported deployment types{% #supported-deployment-types %} | Deployment type | Support | | ----------------- | ------- | | Docker | yes | | Kubernetes | yes | | Amazon ECS | yes | | AWS Fargate | yes | | AWS Lambda | yes | | Azure App Service | yes | **Note**: Azure App Service is supported for **web applications only**. App and API Protection doesn't support Azure Functions. ## Language and framework compatibility{% #language-and-framework-compatibility %} ### Supported Java versions{% #supported-java-versions %} The Java Tracer supports automatic instrumentation for the following Oracle JDK and OpenJDK JVM runtimes. | JVM versions | Operating Systems | Support level | Tracer version | | ------------ | ------------------------------------------------------------------------ | ------------- | -------------- | | 8 to 17 | Windows (x86-64)Linux (glibc, musl) (arm64, x86-64)MacOS (arm64, x86-64) | Supported | Latest | Datadog does not officially support any early-access versions of Java. ## Integrations{% #integrations %} The Java tracer includes support for the following frameworks, data stores and libraries. You can also find more tracing integrations in [APM's tracing compatibility page](https://docs.datadoghq.com/tracing/trace_collection/compatibility/java.md). {% alert level="info" %} If you don't see your framework of choice listed, let us know! Fill out [this short form to send details](https://forms.gle/gHrxGQMEnAobukfn7). {% /alert %} ### Web framework compatibility{% #web-framework-compatibility %} - Attacker source HTTP request details - Tags for the HTTP request (status code, method, etc) - Distributed Tracing to see attack flows through your applications | Framework | Versions | HTTP Monitoring | HTTP Blocking | | ---------------------------------------------------------------------------------- | --------- | --------------- | ------------- | | [Akka HTTP](https://doc.akka.io/libraries/akka-http/current/) | \>=10.0.0 | yes | yes | | [Apache Commons FileUpload](https://commons.apache.org/proper/commons-fileupload/) | \>=1.5 | | [Grizzly](https://javaee.github.io/grizzly/) | \>=2.0 | yes | yes | | [Jersey](https://eclipse-ee4j.github.io/jersey/) | \>=2.0 | yes | yes | | [Jetty](https://eclipse.dev/jetty/) | \>=7.0 | yes | yes | | [Open Liberty](https://openliberty.io/) | \>=20.0 | yes | yes | | [Netty](https://netty.io/) | \>=3.8.0 | yes | yes | | [Pekko HTTP](https://pekko.apache.org/docs/pekko-http/current/) | \>=1.0.0 | yes | | [Play Framework](https://www.playframework.com/) | \>=2.3.0 | yes | yes | | [Ratpack](https://ratpack.io/) | \>=1.5.0 | yes | yes | | [RESTEasy](https://resteasy.dev/) | \>=3.0.0 | yes | yes | | Servlet | \>=2.2 | yes | yes | | Servlet Request Body | \>=2.2 | | [Spring WebMVC](https://spring.io/projects/spring-framework) | \>=3.1.0 | yes | yes | | [Spring WebFlux](https://spring.io/projects/spring-framework) | \>=5.0.0 | yes | yes | | [Tomcat](https://tomcat.apache.org/) | \>=5.5 | yes | yes | | [Undertow](https://undertow.io/) | \>=2.0.0 | yes | yes | | [Vert.x](https://vertx.io/) | \>=3.4.0 | yes | yes | **Note**: Many application servers are Servlet compatible and are automatically covered by that instrumentation, such as Websphere, Weblogic, and JBoss. Also, frameworks like Spring Boot (version 3) inherently work because they usually use a supported embedded application server, such as Tomcat, Jetty, or Netty. ### Networking framework compatibility{% #networking-framework-compatibility %} #### HTTP client{% #http-client %} | Framework | Versions | Server-side Request Forgery (SSRF) | | ----------------------------------------------------------------------------------- | ---------------- | ---------------------------------- | | [OkHttp](https://square.github.io/okhttp/) | \>=2.2 | yes | | java.net (URL/HttpURLConnection) | \* | yes | | java.net.http (HttpClient) | \* | yes | | [Apache HttpClient 4](https://hc.apache.org/httpcomponents-client-4.5.x/) | \>=4.0 <=4.99.99 | yes | | [Apache HttpClient 5](https://hc.apache.org/httpcomponents-client-5.4.x/) | \>=5.0 | yes | | [Apache HttpAsyncClient 4](https://hc.apache.org/httpcomponents-asyncclient-4.1.x/) | \>=4.0 | | Apache Commons HttpClient | \>=2.0 | yes | | [Apache HttpCore](https://hc.apache.org/httpcomponents-core-4.4.x/) | \>=4.0 <=4.99.99 | | [Apache HttpCore 5](https://hc.apache.org/httpcomponents-core-5.3.x/) | \>=5.0 | | [Scala Standard Library](https://www.scala-lang.org/) | \>=2.10.7 | #### gRPC{% #grpc %} | Framework | Versions | gRPC Monitoring | gRPC Blocking | | -------------------------------------------- | -------- | --------------- | ------------- | | [gRPC](https://grpc.io/docs/languages/java/) | \>=1.5.0 | yes | ### Data store compatibility{% #data-store-compatibility %} **Datastore tracing provides:** - SQL attack detection - Query info (for example, a sanitized query string) - Error and stacktrace capturing | Framework | Versions | SQL Injection (SQLi) | | --------------------------------------- | -------- | -------------------- | | [Hibernate](https://hibernate.org/orm/) | \>=3.3.0 | yes | | JDBC | \>=4.0 | yes | ### GraphQL compatibility{% #graphql-compatibility %} | Framework | Versions | GraphQL Monitoring | | --------------------------------------------- | -------- | ------------------ | | [graphql-java](https://www.graphql-java.com/) | \>=14.0 | yes | ### Filesystem compatibility{% #filesystem-compatibility %} | Framework | Local File Inclusion (LFI) | | ----------------------------------------------------- | -------------------------- | | java.io / java.nio.file | yes | | [Scala Standard Library](https://www.scala-lang.org/) | ### Subprocess compatibility{% #subprocess-compatibility %} | Framework | Command Injection | Shell Injection | | ---------------------------------- | ----------------- | --------------- | | java.lang (Runtime/ProcessBuilder) | yes | yes | ### User Authentication Frameworks compatibility{% #user-authentication-frameworks-compatibility %} **Integrations to User Authentication Frameworks provide:** - User login events, including the user IDs - Account Takeover detection monitoring for user login events | Framework | Automatic User Event Tracking | | ------------------------------------------------------------- | ----------------------------- | | [Spring Security](https://spring.io/projects/spring-security) | yes |