From 34816d1e093709c99353dc09485f55d7fd9d1d2a Mon Sep 17 00:00:00 2001
From: Antoine Resenterra <antoine.resenterra@authlete.com>
Date: Tue, 23 Jun 2026 15:38:39 +0900
Subject: [PATCH] feat: migrate to Jakarta EE 10, Java 25 and Jetty 12

---
 Dockerfile                                    |  2 +-
 Dockerfile.prod                               | 10 +-
 README.ja.md                                  | 35 ++++---
 README.md                                     | 41 +++++---
 authlete.properties                           | 76 +++++++++------
 doc/CUSTOMIZATION.ja.md                       | 70 +++++++-------
 doc/CUSTOMIZATION.md                          | 69 +++++++-------
 jetty/jetty-http.xml                          |  2 +-
 pom.xml                                       | 94 +++++++++++--------
 .../jaxrs/server/ad/AuthenticationDevice.java |  6 +-
 .../AsyncAuthenticationCallbackRequest.java   |  2 +-
 .../ad/dto/AsyncAuthenticationResponse.java   |  2 +-
 .../ad/dto/BaseAuthenticationRequest.java     |  2 +-
 .../ad/dto/PollAuthenticationResponse.java    |  2 +-
 .../dto/PollAuthenticationResultRequest.java  |  2 +-
 .../server/api/AppleAppSiteAssociation.java   |  8 +-
 .../api/AuthorizationDecisionEndpoint.java    | 24 ++---
 .../AuthorizationDecisionHandlerSpiImpl.java  | 12 +--
 .../server/api/AuthorizationEndpoint.java     | 22 ++---
 .../AuthorizationRequestHandlerSpiImpl.java   | 16 ++--
 .../jaxrs/server/api/AuthzPageModel.java      |  2 +-
 .../api/ClientRegistrationEndpoint.java       | 30 +++---
 .../server/api/ConfigurationEndpoint.java     | 10 +-
 .../api/FederationConfigurationEndpoint.java  |  8 +-
 .../jaxrs/server/api/FederationEndpoint.java  | 22 ++---
 .../api/FederationRegistrationEndpoint.java   | 10 +-
 .../server/api/GrantManagementEndpoint.java   | 16 ++--
 .../server/api/IntrospectionEndpoint.java     | 22 ++---
 .../jaxrs/server/api/JwksEndpoint.java        |  8 +-
 .../server/api/JwtAuthzGrantProcessor.java    | 14 +--
 .../jaxrs/server/api/NativeSsoProcessor.java  |  6 +-
 .../jaxrs/server/api/OBBDCRProcessor.java     | 10 +-
 .../jaxrs/server/api/OBBTokenTask.java        | 12 +--
 .../server/api/PushedAuthReqEndpoint.java     | 22 ++---
 .../jaxrs/server/api/RevocationEndpoint.java  | 22 ++---
 .../jaxrs/server/api/TestEndpoint.java        | 12 +--
 .../jaxrs/server/api/TokenEndpoint.java       | 24 ++---
 .../jaxrs/server/api/TokenExchanger.java      | 14 +--
 .../api/TokenRequestHandlerSpiImpl.java       | 10 +-
 .../jaxrs/server/api/UserInfoEndpoint.java    | 24 ++---
 .../api/UserInfoRequestHandlerSpiImpl.java    |  6 +-
 .../AttestationChallengeEndpoint.java         |  8 +-
 ...channelAuthenticationCallbackEndpoint.java | 14 +--
 ...lAuthenticationCompleteHandlerSpiImpl.java | 18 ++--
 .../BackchannelAuthenticationEndpoint.java    | 22 ++---
 ...elAuthenticationRequestHandlerSpiImpl.java |  4 +-
 .../BaseAuthenticationDeviceProcessor.java    | 22 ++---
 .../device/DeviceAuthorizationEndpoint.java   | 22 ++---
 .../api/device/DeviceCompleteEndpoint.java    | 20 ++--
 .../DeviceCompleteRequestHandlerSpiImpl.java  | 10 +-
 .../device/DeviceVerificationEndpoint.java    | 26 ++---
 ...viceVerificationRequestHandlerSpiImpl.java | 10 +-
 .../server/api/obb/AccountsEndpoint.java      | 12 +--
 .../server/api/obb/ConsentsEndpoint.java      | 22 ++---
 .../api/obb/FAPI2BaseAccountsEndpoint.java    | 12 +--
 .../server/api/obb/ResourcesEndpoint.java     | 12 +--
 .../api/vci/AbstractCredentialEndpoint.java   |  6 +-
 .../api/vci/BatchCredentialEndpoint.java      | 22 ++---
 .../server/api/vci/CredentialEndpoint.java    | 22 ++---
 .../api/vci/CredentialJWKSetEndpoint.java     |  8 +-
 .../api/vci/CredentialJwtIssuerEndpoint.java  |  8 +-
 .../api/vci/CredentialMetadataEndpoint.java   |  8 +-
 .../api/vci/CredentialNonceEndpoint.java      |  8 +-
 .../api/vci/CredentialOfferEndpoint.java      | 10 +-
 .../api/vci/CredentialOfferIssueEndpoint.java | 22 ++---
 .../api/vci/CredentialOfferPageModel.java     |  2 +-
 .../api/vci/DeferredCredentialEndpoint.java   | 20 ++--
 .../jaxrs/server/core/AppContextListener.java |  4 +-
 .../jaxrs/server/core/SessionTracker.java     |  6 +-
 .../FapiInteractionIdResponseFilter.java      | 10 +-
 .../jaxrs/server/http/RequestUtility.java     |  2 +-
 .../jaxrs/server/obb/util/ObbUtils.java       | 16 ++--
 .../jaxrs/server/util/CertValidator.java      |  4 +-
 .../jaxrs/server/util/ExceptionUtil.java      |  2 +-
 .../jaxrs/server/util/ProcessingUtil.java     |  6 +-
 .../jaxrs/server/util/ResponseUtil.java       | 10 +-
 .../webapp/WEB-INF/template/authorization.jsp |  2 +-
 .../WEB-INF/template/credential-offer.jsp     |  2 +-
 .../WEB-INF/template/device/authorization.jsp |  2 +-
 .../WEB-INF/template/device/verification.jsp  |  2 +-
 src/main/webapp/WEB-INF/web.xml               |  7 +-
 81 files changed, 657 insertions(+), 589 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index f118b8f..ad65111 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM maven:3.8.5-openjdk-8
+FROM maven:3.9-eclipse-temurin-25
 EXPOSE 8080
 
 RUN mkdir -p /authlete/app
diff --git a/Dockerfile.prod b/Dockerfile.prod
index 437af6e..5a81245 100644
--- a/Dockerfile.prod
+++ b/Dockerfile.prod
@@ -1,6 +1,6 @@
 # Production-friendly Dockerfile with multi-stage build and decent layer caching
 
-FROM --platform=$BUILDPLATFORM maven:3.9.9-eclipse-temurin-21 AS builder
+FROM --platform=$BUILDPLATFORM maven:3.9-eclipse-temurin-25 AS builder
 
 WORKDIR /build
 COPY pom.xml .
@@ -9,11 +9,17 @@ COPY src/ /build/src/
 RUN mvn -Dmaven.test.skip=true -Dmaven.javadoc.skip=true package
 
 
-FROM jetty:9.4.56-jre21-eclipse-temurin
+FROM jetty:12.1.10-jdk25-eclipse-temurin
 
 USER root
 COPY certs/ certs/
 RUN certs/import-certificate.sh certs/Open_Banking_Brasil_Sandbox_Root_G2.pem
 USER jetty
+
+# Jetty 12 deploys WARs through an EE environment module. This app targets
+# Jakarta EE 10 (Servlet 6.0 / Jersey 3.1), so enable the ee10 deployer,
+# annotation scanning and JSP support (used by the Jersey MVC pages).
+RUN java -jar "$JETTY_HOME/start.jar" --add-modules=ee10-deploy,ee10-annotations,ee10-jsp
+
 ENV JAVA_OPTIONS="$JAVA_OPTIONS -Djetty.httpConfig.requestHeaderSize=65536"
 COPY --from=builder /build/target/*.war /var/lib/jetty/webapps/ROOT.war
diff --git a/README.ja.md b/README.ja.md
index 769b657..0b94c61 100644
--- a/README.ja.md
+++ b/README.ja.md
@@ -6,13 +6,20 @@
 
 [OAuth 2.0][1] と [OpenID Connect][2] をサポートする認可サーバーの Java による実装です。
 
-この実装は JAX-RS 2.0 API と [authlete-java-jaxrs][3] ライブラリを用いて書かれています。
-JAX-RS は _The Java API for RESTful Web Services_ です。 JAX-RS 2.0 API は
-[JSR 339][4] で標準化され、Java EE 7 に含まれています。 一方、authlete-java-jaxrs
-は、認可サーバーとリソースサーバーを実装するためのユーティリティークラス群を提供するオープンソースライブラリです。
-authlete-java-jaxrs は [authlete-java-common][5] ライブラリを使用しており、こちらは
+この実装は Jakarta RESTful Web Services API (_Jakarta REST_、旧称 JAX-RS) と
+[authlete-java-jakarta][3] ライブラリを用いて書かれています。 Jakarta REST は
+[Jakarta EE][4] の一部です。 この認可サーバーは **Jakarta EE 10** スタック
+(Jakarta REST 3.1 / Servlet 6.0、Jersey 3.1) を対象とし、**Java 25** でビルド・実行されます。
+一方、authlete-java-jakarta は、認可サーバーとリソースサーバーを実装するためのユーティリティークラス群を提供するオープンソースライブラリです。
+authlete-java-jakarta は [authlete-java-common][5] ライブラリを使用しており、こちらは
 [Authlete Web API][6] とやりとりするためのオープンソースライブラリです。
 
+> **注:** この認可サーバーは以前、レガシーな Java EE スタック
+> (JAX-RS 2.0 / `javax.*`、Jersey 2、Servlet 3、Java 8) の上に構築されていました。
+> 現在は **Jakarta EE 10** (`jakarta.*`) に移行しており、Tomcat 10+ や Jetty 12 などの
+> 最新のサーブレットコンテナにそのままデプロイできます。 また、デフォルトの Authlete API
+> バージョンも **Authlete 3.0** になりました (「設定ファイル」の節を参照)。
+
 この実装は「DB レス」です。 これの意味するところは、認可データ (アクセストークン等)
 や認可サーバー自体の設定、クライアントアプリケーション群の設定を保持するためのデータベースを用意する必要がないということです。
 これは、[Authlete][7] をバックエンドサービスとして利用することにより実現しています。
@@ -69,7 +76,7 @@ API クレデンシャルズを取得する手順はとても簡単です。
 
         $ vi authlete.properties
 
-3. [maven][42] がインストールされていること、 `JAVA_HOME` が適切に設定されていることを確認します。
+3. [maven][42] と **JDK 25** (以降) がインストールされていること、 `JAVA_HOME` が適切に設定されていることを確認します。
 
 4. [http://localhost:8080][38] で認可サーバーを起動します。
 
@@ -89,6 +96,12 @@ Docker を利用する場合は, ステップ 2 の後に以下のコマンド
 
     $ mvn -Dauthlete.configuration.file=local.authlete.properties jetty:run &
 
+デフォルトでは `authlete.properties` は **Authlete 3.0** (API `V3`) 向けに設定されています。
+サービスのクラスタの `base_url` (例: `https://jp.authlete.com`)、`service.api_key`、
+および `service.access_token` を設定してください。 Authlete 2.x を引き続き使用する場合は、
+ファイル内にコメントアウトされた「Authlete 2.x (legacy)」ブロックがあり、そちらに切り替えられます
+(`https://api.authlete.com` 上で API キー + API シークレットを使用)。
+
 エンドポイント
 --------------
 
@@ -194,8 +207,8 @@ Authlete はユーザーアカウントを管理しないので、基本的に
 ----------------
 
 この実装では、認可ページを実装するために `Viewable` クラスを使用しています。
-このクラスは [Jersey][18] (JAX-RS の参照実装) に含まれているものですが、JAX-RS
-2.0 API の一部ではありません。
+このクラスは [Jersey][18] (Jakarta REST の参照実装) に含まれているものですが、Jakarta REST
+API の一部ではありません。
 
 
 関連仕様
@@ -232,7 +245,7 @@ Authlete はユーザーアカウントを管理しないので、基本的に
 
 - [Authlete][7] - Authlete ホームページ
 - [authlete-java-common][5] - Java 用 Authlete 共通ライブラリ
-- [authlete-java-jaxrs][3] - JAX-RS (Java) 用 Authlete ライブラリ
+- [authlete-java-jakarta][3] - Jakarta (Java) 用 Authlete ライブラリ
 - [java-resource-server][40] - リソースサーバーの実装
 
 
@@ -249,8 +262,8 @@ Authlete はユーザーアカウントを管理しないので、基本的に
 
 [1]: https://www.rfc-editor.org/rfc/rfc6749.html
 [2]: https://openid.net/connect/
-[3]: https://github.com/authlete/authlete-java-jaxrs
-[4]: https://jcp.org/en/jsr/detail?id=339
+[3]: https://github.com/authlete/authlete-java-jakarta
+[4]: https://jakarta.ee/specifications/restful-ws/
 [5]: https://github.com/authlete/authlete-java-common
 [6]: https://docs.authlete.com/
 [7]: https://www.authlete.com/
diff --git a/README.md b/README.md
index 2d8d9b2..e21a8d5 100644
--- a/README.md
+++ b/README.md
@@ -7,13 +7,21 @@ Overview
 This is an authorization server implementation in Java which supports
 [OAuth 2.0][1] and [OpenID Connect][2].
 
-This implementation is written using JAX-RS 2.0 API and [authlete-java-jaxrs][3]
-library. JAX-RS is _The Java API for RESTful Web Services_. JAX-RS 2.0 API has
-been standardized by [JSR 339][4] and it is included in Java EE 7. On the other
-hand, authlete-java-jaxrs library is an open source library which provides utility
-classes for developers to implement an authorization server and a resource server.
-authlete-java-jaxrs in turn uses [authlete-java-common][5] library which is
-another open source library to communicate with [Authlete Web APIs][6].
+This implementation is written using the Jakarta RESTful Web Services API
+(_Jakarta REST_, formerly known as JAX-RS) and the [authlete-java-jakarta][3]
+library. Jakarta REST is part of [Jakarta EE][4]. This server targets the
+**Jakarta EE 10** stack (Jakarta REST 3.1 / Servlet 6.0, Jersey 3.1) and builds
+and runs on **Java 25**. On the other hand, authlete-java-jakarta library is an
+open source library which provides utility classes for developers to implement an
+authorization server and a resource server. authlete-java-jakarta in turn uses
+[authlete-java-common][5] library which is another open source library to
+communicate with [Authlete Web APIs][6].
+
+> **Note:** This server was previously built on the legacy Java EE stack
+> (JAX-RS 2.0 / `javax.*`, Jersey 2, Servlet 3, Java 8). It has been migrated to
+> **Jakarta EE 10** (`jakarta.*`), so it now deploys cleanly to modern servlet
+> containers such as Tomcat 10+ and Jetty 12. The default Authlete API version
+> is also now **Authlete 3.0** (see [Configuration File](#configuration-file)).
 
 This implementation is _DB-less_. What this means is that you don't have to
 have a database server that stores authorization data (e.g. access tokens),
@@ -69,7 +77,8 @@ How To Run
 
         $ vi authlete.properties
 
-3. Make sure that you have installed [maven][42] and set `JAVA_HOME` properly.
+3. Make sure that you have installed [maven][42] and a **JDK 25** (or later) and
+   set `JAVA_HOME` properly.
 
 4. Start the authorization server on [http://localhost:8080][38].
 
@@ -89,6 +98,12 @@ the system property `authlete.configuration.file` like the following.
 
     $ mvn -Dauthlete.configuration.file=local.authlete.properties jetty:run &
 
+By default, `authlete.properties` is configured for **Authlete 3.0** (API `V3`):
+set your service's cluster `base_url` (e.g. `https://jp.authlete.com`), the
+`service.api_key` and a `service.access_token`. If you still use Authlete 2.x,
+the file contains a commented "Authlete 2.x (legacy)" block you can switch to
+(API key + API secret on `https://api.authlete.com`).
+
 
 Endpoints
 ---------
@@ -201,8 +216,8 @@ Implementation Note
 -------------------
 
 This implementation uses `Viewable` class to implement the authorization page.
-The class is included in [Jersey][18] (the reference implementation of JAX-RS),
-but it is not a part of JAX-RS 2.0 API.
+The class is included in [Jersey][18] (the reference implementation of Jakarta
+REST), but it is not a part of the Jakarta REST API.
 
 
 Related Specifications
@@ -239,7 +254,7 @@ See Also
 
 - [Authlete][7] - Authlete Home Page
 - [authlete-java-common][5] - Authlete Common Library for Java
-- [authlete-java-jaxrs][3] - Authlete Library for JAX-RS (Java)
+- [authlete-java-jakarta][3] - Authlete Library for Jakarta (Java)
 - [java-resource-server][40] - Resource Server Implementation
 
 
@@ -256,8 +271,8 @@ Contact
 
 [1]: https://www.rfc-editor.org/rfc/rfc6749.html
 [2]: https://openid.net/connect/
-[3]: https://github.com/authlete/authlete-java-jaxrs
-[4]: https://jcp.org/en/jsr/detail?id=339
+[3]: https://github.com/authlete/authlete-java-jakarta
+[4]: https://jakarta.ee/specifications/restful-ws/
 [5]: https://github.com/authlete/authlete-java-common
 [6]: https://docs.authlete.com/
 [7]: https://www.authlete.com/
diff --git a/authlete.properties b/authlete.properties
index 5a4c2be..851bd57 100644
--- a/authlete.properties
+++ b/authlete.properties
@@ -11,47 +11,65 @@
 #       Source:  https://github.com/authlete/authlete-java-common
 #       JavaDoc: http://authlete.github.io/authlete-java-common/
 #
+#   This file is configured for Authlete 3.0 (API V3) by default. Authlete 3.0
+#   is the latest generation of Authlete and the version used for upcoming
+#   releases and updates. If you still rely on Authlete 2.x, see the
+#   "Authlete 2.x (legacy)" block near the bottom of this file.
+#
 #================================================================================
 
 
+# api_version
+#
+#   The Authlete API version. "V3" selects Authlete 3.0, which is the default
+#   for this authorization server.
+#
+api_version = V3
+
+
 # base_url
 #
-#   The base URL of the Authlete server. If you are using the shared server,
-#   set "https://api.authlete.com" to this parameter. On the other hand, if
-#   you are using a dedicated server, please contact "Authlete, Inc."
+#   The base URL of the Authlete server. For the Authlete 3.0 Shared Cloud,
+#   choose the URL of your service's cluster region:
+#
+#     https://us.authlete.com - 🇺🇸 US Cluster
+#     https://jp.authlete.com - 🇯🇵 Japan Cluster
+#     https://eu.authlete.com - 🇪🇺 Europe Cluster
+#     https://br.authlete.com - 🇧🇷 Brazil Cluster
+#
+#   If you are using a dedicated server, please contact "Authlete, Inc."
 #   <support@authlete.com> about the URL of your dedicated Authlete server.
 #
-base_url = https://api.authlete.com
+base_url = https://us.authlete.com
 
 
 # service.api_key
-# service.api_secret
+# service.access_token
 #
-#   API credentials of one of your services. You can find API credentials of
-#   your services in Service Owner Console. The location of the management
-#   console is "https://so.authlete.com/" if you are using the shared server.
-#   On the other hand, if you are using a dedicated server, please contact
-#   "Authlete, Inc." <support@authlete.com> about the location of the
-#   management console of your dedicated Authlete server.
+#   Credentials of one of your services. With Authlete 3.0 (API V3), a service
+#   is identified by its API key and authenticated with an access token. You
+#   can find these in the Authlete management console
+#   (https://console.authlete.com/).
+#
+service.api_key =
+service.access_token =
+
+
+#--------------------------------------------------------------------------------
+# Authlete 2.x (legacy)
+#
+#   Earlier versions of this authorization server used Authlete 2.x. To use
+#   Authlete 2.x instead of 3.0, comment out the "api_version = V3" block above
+#   and uncomment the lines below.
+#
+#   Authlete 2.x uses the shared server at https://api.authlete.com and
+#   authenticates a service with an API key + API secret pair. You can find
+#   these credentials in the Service Owner Console (https://so.authlete.com/).
 #
 #   You can use "service.api_secret.encrypted" instead of "service.api_secret"
 #   to avoid writing a plain secret key in this configuration file. See the
 #   JavaDoc of AuthletePropertiesConfiguration for details.
-#
-service.api_key = 5593494639
-service.api_secret = AAw0rner_-y1A6J9s20wjRCpkBvez3GxEBoL9jOJVR0
-
-# For Authlete 3.0
-# 
-# To use Authlete 3.0, you need to uncomment the block starting from the line "api_version = V3".
-# 
-# The base_url should be selected based on your service's cluster region (for the Shared Cloud version):
-#   https://us.authlete.com - 🇺🇸 US Cluster
-#   https://jp.authlete.com - 🇯🇵 Japan Cluster
-#   https://eu.authlete.com - 🇪🇺 Europe Cluster
-#   https://br.authlete.com - 🇧🇷 Brazil Cluster
-#
-#api_version = V3
-#base_url = https://<region>.authlete.com
-#service.api_key = 986126671
-#service.access_token =
+#--------------------------------------------------------------------------------
+#base_url = https://api.authlete.com
+#service.api_key =
+#service.api_secret =
diff --git a/doc/CUSTOMIZATION.ja.md b/doc/CUSTOMIZATION.ja.md
index 1890b06..5f4239b 100644
--- a/doc/CUSTOMIZATION.ja.md
+++ b/doc/CUSTOMIZATION.ja.md
@@ -35,26 +35,26 @@ java-oauth-server のソースツリー内ではなくクラウド上の Authlet
 
 Authlete が提供する [Web API][4] を使い、認可サーバーを書くことができます。
 [authlete-java-common][5] は、その Web API と直接通信をおこなうライブラリです。
-[authlete-java-jaxrs][6] は、[authlete-java-common API][7]
+[authlete-java-jakarta][6] は、[authlete-java-common API][7]
 をラッピングするユーティリティークラス群を含むライブラリで、それらのクラス群を使えば、
 authlete-java-common API を直接使用するよりもかなり簡単に認可サーバーを書くことができます。
-java-oauth-server は、authlete-java-jaxrs のユーティリティークラス群によって構成される
-[authlete-java-jaxrs API][8] を使用して書かれています。
+java-oauth-server は、authlete-java-jakarta のユーティリティークラス群によって構成される
+[authlete-java-jakarta API][8] を使用して書かれています。
 
-名前が示唆するように、authlete-java-jaxrs ライブラリは JAX-RS 2.0 API に依存しています。
-JAX-RS は _The Java API for RESTful Web Services_ の略称です。
-JAX-RS 2.0 API は [JSR 339][9] で標準化され、Java EE 7 に含まれています。
+名前が示唆するように、authlete-java-jakarta ライブラリは Jakarta RESTful Web Services API
+(_Jakarta REST_、旧称 JAX-RS) に依存しています。 Jakarta REST は [Jakarta EE][9] の一部です。
+この認可サーバーは Jakarta EE 10 (Jakarta REST 3.1 / Servlet 6.0) を対象としています。
 
 次の図は、これまでに言及したコンポーネント群の関係を示したものです。
 
 ```
-+-------------------------------+
-|          java-oauth-server    |
-+----+--------------------------+
-|    |     authlete-java-jaxrs  |
-|    +---+----------------------+          +----------+
-| JAX-RS | authlete-java-common | <------> | Authlete |
-+--------+----------------------+          +----------+
++----------------------------------+
+|          java-oauth-server       |
++---------+------------------------+
+|         | authlete-java-jakarta  |
+|         +----+-------------------+          +----------+
+| Jakarta | authlete-java-common   | <------> | Authlete |
++---------+------------------------+          +----------+
 ```
 
 
@@ -67,14 +67,14 @@ OAuth 2.0 に加えて OpenID Connect もサポートしているにもかかわ
 
 実装では、<code>[AuthorizationRequestHandler][15]</code>
 クラスを使い、認可リクエストを処理する作業をそのクラスの `handle()` メソッドに委譲しています。
-クラスの詳細については [authlete-java-jaxrs][6] ライブラリの README ファイルに書かれています。
+クラスの詳細については [authlete-java-jakarta][6] ライブラリの README ファイルに書かれています。
 ここで重要なのは、このクラスのコンストラクタが <code>[AuthorizationRequestHandlerSpi][16]</code>
 インターフェースの実装を必要とし、その実装はあなたが提供しなければならないという点です。
 別の言い方をすると、`AuthorizationRequestHandlerSpi`
 インターフェースのメソッド群がカスタマイズポイントです。
 
 当該インターフェースには、次のようなメソッド群が定義されています。
-これらのメソッド群の要求事項の詳細については authlete-java-jaxrs API の
+これらのメソッド群の要求事項の詳細については authlete-java-jakarta API の
 [JavaDoc][8] を参照してください。
 
   1. `boolean isUserAuthenticated()`
@@ -121,8 +121,8 @@ java-oauth-server の現在の実装では、(Authlete の `/api/auth/authorizat
 からの応答を表す <code>[AuthorizationResponse][20]</code> クラスのインスタンスである)
 引数からデータを取り出し、そのデータを <code>[authorization.jsp][21]</code>
 という HTML テンプレートに埋め込みます。 これをおこなうため、実装では `Viewable`
-というクラスを使用しています。 このクラスは [Jersey][12] (JAX-RS のレファレンス実装)
-に含まれていますが、JAX-RS 2.0 API の一部ではありません。
+というクラスを使用しています。 このクラスは [Jersey][12] (Jakarta REST のレファレンス実装)
+に含まれていますが、Jakarta REST API の一部ではありません。
 
 認可ページをカスタマイズしたい場合は、`generateAuthorizationPage()`
 メソッドと認可ページのテンプレート (`authorization.jsp`)
@@ -200,13 +200,13 @@ java-oauth-server の現在の実装は、エンドユーザーの決定を `/ap
 
 実装では、<code>[AuthorizationDecisionHandler][30]</code>
 クラスを使い、エンドユーザーの決定を処理する作業をそのクラスの `handle()` メソッドに委譲しています。
-クラスの詳細については [authlete-java-jaxrs][6] ライブラリの README ファイルに書かれています。
+クラスの詳細については [authlete-java-jakarta][6] ライブラリの README ファイルに書かれています。
 ここで重要なのは、このクラスのコンストラクタが <code>[AuthorizationDecisionHandlerSpi][31]</code>
 インターフェースの実装を必要とし、その実装はあなたが提供しなければならないという点です。
 別の言い方をすると、`AuthorizationDecisionHandlerSpi` インターフェースのメソッド群がカスタマイズポイントです。
 
 当該インターフェースには、次のようなメソッド群が定義されています。
-これらのメソッド群の要求事項の詳細については authlete-java-jaxrs API の
+これらのメソッド群の要求事項の詳細については authlete-java-jakarta API の
 [JavaDoc][8] を参照してください。
 
   1. `boolean isClientAuthorized()`
@@ -281,7 +281,7 @@ Authlete に伝える必要があります。 `AuthorizationDecisionhandlerSpi`
 
 実装では、<code>[TokenRequestHandler][24]</code>
 クラスを使い、トークンリクエストを処理する作業をそのクラスの `handle()` メソッドに委譲しています。
-クラスの詳細については [authlete-java-jaxrs][6] ライブラリの README ファイルに書かれています。
+クラスの詳細については [authlete-java-jakarta][6] ライブラリの README ファイルに書かれています。
 ここで重要なのは、このクラスのコンストラクタが <code>[TokenRequestHandlerSpi][25]</code>
 インターフェースの実装を必要とし、その実装はあなたが提供しなければならないという点です。
 別の言い方をすると、`TokenRequestHandlerSpi` インターフェースのメソッド群がカスタマイズポイントです。
@@ -331,8 +331,8 @@ class TokenRequestHandlerSpiImpl extends TokenRequestHandlerSpiAdapter
 - [Authlete][1] - Authlete ホームページ
 - [authlete-java-common][5] - Java 用 Authlete 共通ライブラリ
 - [authlete-java-common API][7] - Java 用 Authlete 共通ライブラリの JavaDoc
-- [authlete-java-jaxrs][6] - JAX-RS (Java) 用 Authlete ライブラリ
-- [authlete-java-jaxrs API][8] - JAX-RS (Java) 用 Authlete ライブラリの JavaDoc
+- [authlete-java-jakarta][6] - Jakarta (Java) 用 Authlete ライブラリ
+- [authlete-java-jakarta API][8] - Jakarta (Java) 用 Authlete ライブラリの JavaDoc
 
 
 コンタクト
@@ -351,33 +351,33 @@ class TokenRequestHandlerSpiImpl extends TokenRequestHandlerSpiAdapter
 [3]: https://openid.net/connect/
 [4]: https://docs.authlete.com/
 [5]: https://github.com/authlete/authlete-java-common
-[6]: https://github.com/authlete/authlete-java-jaxrs
+[6]: https://github.com/authlete/authlete-java-jakarta
 [7]: https://authlete.github.io/authlete-java-common/
-[8]: https://authlete.github.io/authlete-java-jaxrs/
-[9]: https://jcp.org/en/jsr/detail?id=339
+[8]: https://authlete.github.io/authlete-java-jakarta/
+[9]: https://jakarta.ee/specifications/restful-ws/
 [10]: https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
 [11]: https://openid.net/specs/openid-connect-core-1_0.html
 [12]: https://jersey.java.net/
 [13]: https://www.authlete.com/documents/so_console/
 [14]: ../src/main/java/com/authlete/jaxrs/server/api/AuthorizationEndpoint.java
-[15]: https://authlete.github.io/authlete-java-jaxrs/com/authlete/jaxrs/AuthorizationRequestHandler.html
-[16]: https://authlete.github.io/authlete-java-jaxrs/com/authlete/jaxrs/spi/AuthorizationRequestHandlerSpi.html
-[17]: https://authlete.github.io/authlete-java-jaxrs/com/authlete/jaxrs/spi/AuthorizationRequestHandlerSpi.html#generateAuthorizationPage-com.authlete.common.dto.AuthorizationResponse-
+[15]: https://authlete.github.io/authlete-java-jakarta/com/authlete/jakarta/AuthorizationRequestHandler.html
+[16]: https://authlete.github.io/authlete-java-jakarta/com/authlete/jakarta/spi/AuthorizationRequestHandlerSpi.html
+[17]: https://authlete.github.io/authlete-java-jakarta/com/authlete/jakarta/spi/AuthorizationRequestHandlerSpi.html#generateAuthorizationPage-com.authlete.common.dto.AuthorizationResponse-
 [18]: ../src/main/java/com/authlete/jaxrs/server/api/AuthorizationRequestHandlerSpiImpl.java
-[19]: https://authlete.github.io/authlete-java-jaxrs/com/authlete/jaxrs/spi/AuthorizationRequestHandlerSpiAdapter.html
+[19]: https://authlete.github.io/authlete-java-jakarta/com/authlete/jakarta/spi/AuthorizationRequestHandlerSpiAdapter.html
 [20]: https://authlete.github.io/authlete-java-common/com/authlete/common/dto/AuthorizationResponse.html
 [21]: ../src/main/webapp/WEB-INF/template/authorization.jsp
 [22]: https://authlete.github.io/authlete-java-common/com/authlete/common/types/Display.html
 [23]: ../src/main/java/com/authlete/jaxrs/server/api/TokenEndpoint.java
-[24]: https://authlete.github.io/authlete-java-jaxrs/com/authlete/jaxrs/TokenRequestHandler.html
-[25]: https://authlete.github.io/authlete-java-jaxrs/com/authlete/jaxrs/spi/TokenRequestHandlerSpi.html
+[24]: https://authlete.github.io/authlete-java-jakarta/com/authlete/jakarta/TokenRequestHandler.html
+[25]: https://authlete.github.io/authlete-java-jakarta/com/authlete/jakarta/spi/TokenRequestHandlerSpi.html
 [26]: https://tools.ietf.org/html/rfc6749#section-4.3
 [27]: ../src/main/java/com/authlete/jaxrs/server/api/TokenRequestHandlerSpiImpl.java
-[28]: https://authlete.github.io/authlete-java-jaxrs/com/authlete/jaxrs/spi/TokenRequestHandlerSpiAdapter.html
+[28]: https://authlete.github.io/authlete-java-jakarta/com/authlete/jakarta/spi/TokenRequestHandlerSpiAdapter.html
 [29]: ../src/main/java/com/authlete/jaxrs/server/api/AuthorizationDecisionEndpoint.java
-[30]: https://authlete.github.io/authlete-java-jaxrs/com/authlete/jaxrs/AuthorizationDecisionHandler.html
-[31]: https://authlete.github.io/authlete-java-jaxrs/com/authlete/jaxrs/spi/AuthorizationDecisionHandlerSpi.html
+[30]: https://authlete.github.io/authlete-java-jakarta/com/authlete/jakarta/AuthorizationDecisionHandler.html
+[31]: https://authlete.github.io/authlete-java-jakarta/com/authlete/jakarta/spi/AuthorizationDecisionHandlerSpi.html
 [32]: ../src/main/java/com/authlete/jaxrs/server/api/AuthorizationDecisionHandlerSpiImpl.java
-[33]: https://authlete.github.io/authlete-java-jaxrs/com/authlete/jaxrs/spi/AuthorizationDecisionHandlerSpiAdapter.html
+[33]: https://authlete.github.io/authlete-java-jakarta/com/authlete/jakarta/spi/AuthorizationDecisionHandlerSpiAdapter.html
 [34]: ../src/main/java/com/authlete/jaxrs/server/api/IntrospectionEndpoint.java
 [35]: https://tools.ietf.org/html/rfc7662
diff --git a/doc/CUSTOMIZATION.md b/doc/CUSTOMIZATION.md
index a479ade..b5a5986 100644
--- a/doc/CUSTOMIZATION.md
+++ b/doc/CUSTOMIZATION.md
@@ -40,27 +40,28 @@ Overall Structure
 
 Authlete provides [Web APIs][4] that can be used to write an authorization
 server. [authlete-java-common][5] is a library which directly communicates
-with the Web APIs, and [authlete-java-jaxrs][6] is a library which provides
+with the Web APIs, and [authlete-java-jakarta][6] is a library which provides
 utility classes wrapping the [authlete-java-common API][7] to make it much
 easier for developers to implement an authorization server than using
 authlete-java-common API directly. java-oauth-server is written using
-[authlete-java-jaxrs API][8] exposed by the utility classes.
+[authlete-java-jakarta API][8] exposed by the utility classes.
 
-As its name implies, authlete-java-jaxrs library depends on JAX-RS 2.0 API.
-JAX-RS means _The Java API for RESTful Web Services_. JAX-RS 2.0 API has
-been standardized by [JSR 339][9] and it is included in Java EE 7.
+As its name implies, authlete-java-jakarta library depends on the Jakarta
+RESTful Web Services API (_Jakarta REST_, formerly known as JAX-RS). Jakarta
+REST is part of [Jakarta EE][9]; this server targets Jakarta EE 10 (Jakarta
+REST 3.1 / Servlet 6.0).
 
 The figure below illustrates the relationship among the components mentioned
 so far.
 
 ```
-+-------------------------------+
-|          java-oauth-server    |
-+----+--------------------------+
-|    |     authlete-java-jaxrs  |
-|    +---+----------------------+          +----------+
-| JAX-RS | authlete-java-common | <------> | Authlete |
-+--------+----------------------+          +----------+
++----------------------------------+
+|          java-oauth-server       |
++---------+------------------------+
+|         | authlete-java-jakarta  |
+|         +----+-------------------+          +----------+
+| Jakarta | authlete-java-common   | <------> | Authlete |
++---------+------------------------+          +----------+
 ```
 
 
@@ -75,14 +76,14 @@ need to change this file.
 The implementation uses <code>[AuthorizationRequestHandler][15]</code> class
 and delegates the task to handle an authorization request to `handle()` method
 of the class. Details about the class is written in the README file of
-[authlete-java-jaxrs][6] library. What is important here is that the
+[authlete-java-jakarta][6] library. What is important here is that the
 constructor of the class requires an implementation of
 <code>[AuthorizationRequestHandlerSpi][16]</code> interface and that the
 implementation must be provided by you. In other words, the methods in
 `AuthorizationRequestHandlerSpi` interface are customization points.
 
 The interface has the methods listed below. See the [JavaDoc][8] of
-authlete-java-jaxrs API for details about the requirements of these methods.
+authlete-java-jakarta API for details about the requirements of these methods.
 
   1. `boolean isUserAuthenticated()`
   2. `long getUserAuthenticatedAt()`
@@ -132,8 +133,8 @@ argument (an intance of <code>[AuthorizationResponse][20]</code> class which
 represents a response from Authlete's `/api/auth/authorization` API) and
 embeds them into an HTML template, <code>[authorization.jsp][21]</code>.
 To achieve this, the implementation uses `Viewable` class. The class is
-included in [Jersey][12] (the reference implementation of JAX-RS), but it
-is not a part of JAX-RS 2.0 API.
+included in [Jersey][12] (the reference implementation of Jakarta REST), but it
+is not a part of the Jakarta REST API.
 
 If you want to customize the authorization page, change the implementation
 of `generateAuthorizationPage()` method and/or the template of the
@@ -215,14 +216,14 @@ implementation of the authorization decision endpoint is in
 The implementation uses <code>[AuthorizationDecisionHandler][30]</code> class
 and delegates the task to handle an end-user's decision to `handle()` method
 of the class. Details about the class is written in the README file of
-[authlete-java-jaxrs][6] library. What is important here is that the
+[authlete-java-jakarta][6] library. What is important here is that the
 constructor of the class requires an implementation of
 <code>[AuthorizationDecisionHandlerSpi][31]</code> interface and that the
 implementation must be provided by you. In other words, the methods in
 `AuthorizationDecisionHandlerSpi` interface are customization points.
 
 The interface has the methods listed below. See the [JavaDoc][8] of
-authlete-java-jaxrs API for details about the requirements of these methods.
+authlete-java-jakarta API for details about the requirements of these methods.
 
   1. `boolean isClientAuthorized()`
   2. `long getUserAuthenticatedAt()`
@@ -301,7 +302,7 @@ the file.
 
 The implementation uses <code>[TokenRequestHandler][24]</code> class and delegates
 the task to handle a token request to `handle()` method of the class. Details about
-the class is written in the README file of [authlete-java-jaxrs][6] library. What
+the class is written in the README file of [authlete-java-jakarta][6] library. What
 is important here is that the constructor of the class requires an implementation
 of <code>[TokenRequestHandlerSpi][25]</code> interface and that the implementation
 must be provided by you. In other words, the methods in `TokenRequestHandlerSpi`
@@ -354,8 +355,8 @@ See Also
 - [Authlete][1] - Authlete Home Page
 - [authlete-java-common][5] - Authlete Common Library for Java
 - [authlete-java-common API][7] - JavaDoc of Authlete Common Library for Java
-- [authlete-java-jaxrs][6] - Authlete Library for JAX-RS (Java)
-- [authlete-java-jaxrs API][8] - JavaDoc of Authlete Library for JAX-RS (Java)
+- [authlete-java-jakarta][6] - Authlete Library for Jakarta (Java)
+- [authlete-java-jakarta API][8] - JavaDoc of Authlete Library for Jakarta (Java)
 
 
 Contact
@@ -374,33 +375,33 @@ Contact
 [3]: https://openid.net/connect/
 [4]: https://docs.authlete.com/
 [5]: https://github.com/authlete/authlete-java-common
-[6]: https://github.com/authlete/authlete-java-jaxrs
+[6]: https://github.com/authlete/authlete-java-jakarta
 [7]: https://authlete.github.io/authlete-java-common/
-[8]: https://authlete.github.io/authlete-java-jaxrs/
-[9]: https://jcp.org/en/jsr/detail?id=339
+[8]: https://authlete.github.io/authlete-java-jakarta/
+[9]: https://jakarta.ee/specifications/restful-ws/
 [10]: https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
 [11]: https://openid.net/specs/openid-connect-core-1_0.html
 [12]: https://jersey.java.net/
 [13]: https://www.authlete.com/documents/so_console/
 [14]: ../src/main/java/com/authlete/jaxrs/server/api/AuthorizationEndpoint.java
-[15]: https://authlete.github.io/authlete-java-jaxrs/com/authlete/jaxrs/AuthorizationRequestHandler.html
-[16]: https://authlete.github.io/authlete-java-jaxrs/com/authlete/jaxrs/spi/AuthorizationRequestHandlerSpi.html
-[17]: https://authlete.github.io/authlete-java-jaxrs/com/authlete/jaxrs/spi/AuthorizationRequestHandlerSpi.html#generateAuthorizationPage-com.authlete.common.dto.AuthorizationResponse-
+[15]: https://authlete.github.io/authlete-java-jakarta/com/authlete/jakarta/AuthorizationRequestHandler.html
+[16]: https://authlete.github.io/authlete-java-jakarta/com/authlete/jakarta/spi/AuthorizationRequestHandlerSpi.html
+[17]: https://authlete.github.io/authlete-java-jakarta/com/authlete/jakarta/spi/AuthorizationRequestHandlerSpi.html#generateAuthorizationPage-com.authlete.common.dto.AuthorizationResponse-
 [18]: ../src/main/java/com/authlete/jaxrs/server/api/AuthorizationRequestHandlerSpiImpl.java
-[19]: https://authlete.github.io/authlete-java-jaxrs/com/authlete/jaxrs/spi/AuthorizationRequestHandlerSpiAdapter.html
+[19]: https://authlete.github.io/authlete-java-jakarta/com/authlete/jakarta/spi/AuthorizationRequestHandlerSpiAdapter.html
 [20]: https://authlete.github.io/authlete-java-common/com/authlete/common/dto/AuthorizationResponse.html
 [21]: ../src/main/webapp/WEB-INF/template/authorization.jsp
 [22]: https://authlete.github.io/authlete-java-common/com/authlete/common/types/Display.html
 [23]: ../src/main/java/com/authlete/jaxrs/server/api/TokenEndpoint.java
-[24]: https://authlete.github.io/authlete-java-jaxrs/com/authlete/jaxrs/TokenRequestHandler.html
-[25]: https://authlete.github.io/authlete-java-jaxrs/com/authlete/jaxrs/spi/TokenRequestHandlerSpi.html
+[24]: https://authlete.github.io/authlete-java-jakarta/com/authlete/jakarta/TokenRequestHandler.html
+[25]: https://authlete.github.io/authlete-java-jakarta/com/authlete/jakarta/spi/TokenRequestHandlerSpi.html
 [26]: https://tools.ietf.org/html/rfc6749#section-4.3
 [27]: ../src/main/java/com/authlete/jaxrs/server/api/TokenRequestHandlerSpiImpl.java
-[28]: https://authlete.github.io/authlete-java-jaxrs/com/authlete/jaxrs/spi/TokenRequestHandlerSpiAdapter.html
+[28]: https://authlete.github.io/authlete-java-jakarta/com/authlete/jakarta/spi/TokenRequestHandlerSpiAdapter.html
 [29]: ../src/main/java/com/authlete/jaxrs/server/api/AuthorizationDecisionEndpoint.java
-[30]: https://authlete.github.io/authlete-java-jaxrs/com/authlete/jaxrs/AuthorizationDecisionHandler.html
-[31]: https://authlete.github.io/authlete-java-jaxrs/com/authlete/jaxrs/spi/AuthorizationDecisionHandlerSpi.html
+[30]: https://authlete.github.io/authlete-java-jakarta/com/authlete/jakarta/AuthorizationDecisionHandler.html
+[31]: https://authlete.github.io/authlete-java-jakarta/com/authlete/jakarta/spi/AuthorizationDecisionHandlerSpi.html
 [32]: ../src/main/java/com/authlete/jaxrs/server/api/AuthorizationDecisionHandlerSpiImpl.java
-[33]: https://authlete.github.io/authlete-java-jaxrs/com/authlete/jaxrs/spi/AuthorizationDecisionHandlerSpiAdapter.html
+[33]: https://authlete.github.io/authlete-java-jakarta/com/authlete/jakarta/spi/AuthorizationDecisionHandlerSpiAdapter.html
 [34]: ../src/main/java/com/authlete/jaxrs/server/api/IntrospectionEndpoint.java
 [35]: https://tools.ietf.org/html/rfc7662
diff --git a/jetty/jetty-http.xml b/jetty/jetty-http.xml
index 5c99d11..ac05d40 100644
--- a/jetty/jetty-http.xml
+++ b/jetty/jetty-http.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0"?>
-<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "https://eclipse.dev/jetty/configure_10_0.dtd">
 <Configure id="Server" class="org.eclipse.jetty.server.Server">
   <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
     <Set name="requestHeaderSize">
diff --git a/pom.xml b/pom.xml
index f8bbb54..30638a6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -12,14 +12,21 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 
-    <authlete.java.common.version>4.39</authlete.java.common.version>
-    <authlete.java.jaxrs.version>2.93</authlete.java.jaxrs.version>
+    <maven.compiler.release>25</maven.compiler.release>
+
+    <authlete.java.common.version>4.45</authlete.java.common.version>
+    <authlete.java.jakarta.version>2.96</authlete.java.jakarta.version>
     <authlete.cbor.version>1.21</authlete.cbor.version>
-    <javax.servlet-api.version>3.0.1</javax.servlet-api.version>
-    <jersey.version>2.34</jersey.version>
-    <jetty.version>9.4.27.v20200227</jetty.version>
-    <maven.compiler.plugin.version>3.10.1</maven.compiler.plugin.version>
-    <maven.war.plugin.version>3.3.2</maven.war.plugin.version>
+    <jakarta.servlet-api.version>6.0.0</jakarta.servlet-api.version>
+    <jakarta.servlet.jsp.jstl-api.version>3.0.2</jakarta.servlet.jsp.jstl-api.version>
+    <jakarta.servlet.jsp.jstl.version>3.0.1</jakarta.servlet.jsp.jstl.version>
+    <jakarta.annotation-api.version>2.1.1</jakarta.annotation-api.version>
+    <jakarta.xml.bind-api.version>4.0.5</jakarta.xml.bind-api.version>
+    <jaxb-runtime.version>4.0.9</jaxb-runtime.version>
+    <jersey.version>3.1.11</jersey.version>
+    <jetty.version>12.1.10</jetty.version>
+    <maven.compiler.plugin.version>3.15.0</maven.compiler.plugin.version>
+    <maven.war.plugin.version>3.5.1</maven.war.plugin.version>
   </properties>
 
   <profiles>
@@ -30,19 +37,19 @@
       </activation>
       <dependencies>
         <dependency>
-          <groupId>javax.annotation</groupId>
-          <artifactId>javax.annotation-api</artifactId>
-          <version>1.3.1</version>
+          <groupId>jakarta.annotation</groupId>
+          <artifactId>jakarta.annotation-api</artifactId>
+          <version>${jakarta.annotation-api.version}</version>
         </dependency>
         <dependency>
-          <groupId>javax.xml.bind</groupId>
-          <artifactId>jaxb-api</artifactId>
-          <version>2.3.1</version>
+          <groupId>jakarta.xml.bind</groupId>
+          <artifactId>jakarta.xml.bind-api</artifactId>
+          <version>${jakarta.xml.bind-api.version}</version>
         </dependency>
         <dependency>
           <groupId>org.glassfish.jaxb</groupId>
           <artifactId>jaxb-runtime</artifactId>
-          <version>2.3.1</version>
+          <version>${jaxb-runtime.version}</version>
           <scope>runtime</scope>
         </dependency>
       </dependencies>
@@ -58,8 +65,8 @@
 
     <dependency>
       <groupId>com.authlete</groupId>
-      <artifactId>authlete-java-jaxrs</artifactId>
-      <version>${authlete.java.jaxrs.version}</version>
+      <artifactId>authlete-java-jakarta</artifactId>
+      <version>${authlete.java.jakarta.version}</version>
     </dependency>
 
     <dependency>
@@ -69,9 +76,9 @@
     </dependency>
 
     <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-      <version>${javax.servlet-api.version}</version>
+      <groupId>jakarta.servlet</groupId>
+      <artifactId>jakarta.servlet-api</artifactId>
+      <version>${jakarta.servlet-api.version}</version>
       <scope>provided</scope>
     </dependency>
 
@@ -106,56 +113,62 @@
     </dependency>
 
     <dependency>
-        <groupId>javax.servlet</groupId>
-        <artifactId>jstl</artifactId>
-        <version>1.2</version>
+        <groupId>jakarta.servlet.jsp.jstl</groupId>
+        <artifactId>jakarta.servlet.jsp.jstl-api</artifactId>
+        <version>${jakarta.servlet.jsp.jstl-api.version}</version>
+    </dependency>
+
+    <dependency>
+        <groupId>org.glassfish.web</groupId>
+        <artifactId>jakarta.servlet.jsp.jstl</artifactId>
+        <version>${jakarta.servlet.jsp.jstl.version}</version>
     </dependency>
 
     <dependency>
         <groupId>org.bouncycastle</groupId>
         <artifactId>bcpkix-jdk18on</artifactId>
-        <version>1.78.1</version>
+        <version>1.84</version>
     </dependency>
 
     <dependency>
       <groupId>com.nimbusds</groupId>
       <artifactId>oauth2-oidc-sdk</artifactId>
-      <version>9.43.4</version>
+      <version>11.37.2</version>
     </dependency>
 
     <dependency>
       <groupId>ch.qos.logback</groupId>
       <artifactId>logback-core</artifactId>
-      <version>1.3.15</version>
+      <version>1.5.34</version>
     </dependency>
 
     <dependency>
       <groupId>ch.qos.logback</groupId>
       <artifactId>logback-classic</artifactId>
-      <version>1.3.15</version>
+      <version>1.5.34</version>
     </dependency>
 
     <dependency>
       <groupId>org.slf4j</groupId>
       <artifactId>slf4j-api</artifactId>
-      <version>1.7.32</version>
+      <version>2.0.18</version>
     </dependency>
 
     <dependency>
       <groupId>com.google.zxing</groupId>
       <artifactId>core</artifactId>
-      <version>3.5.1</version>
+      <version>3.5.4</version>
     </dependency>
     <dependency>
       <groupId>com.google.zxing</groupId>
       <artifactId>javase</artifactId>
-      <version>3.5.1</version>
+      <version>3.5.4</version>
     </dependency>
 
     <dependency>
       <groupId>com.google.code.gson</groupId>
       <artifactId>gson</artifactId>
-      <version>2.10.1</version>
+      <version>2.14.0</version>
     </dependency>
   </dependencies>
 
@@ -166,8 +179,7 @@
         <artifactId>maven-compiler-plugin</artifactId>
         <version>${maven.compiler.plugin.version}</version>
         <configuration>
-          <source>1.8</source>
-          <target>1.8</target>
+          <release>${maven.compiler.release}</release>
           <compilerArgument>-proc:none</compilerArgument>
         </configuration>
       </plugin>
@@ -184,21 +196,25 @@
       </plugin>
 
       <plugin>
-        <groupId>org.eclipse.jetty</groupId>
-        <artifactId>jetty-maven-plugin</artifactId>
+        <groupId>org.eclipse.jetty.ee10</groupId>
+        <artifactId>jetty-ee10-maven-plugin</artifactId>
         <version>${jetty.version}</version>
         <configuration>
           <jettyXml>${project.basedir}/jetty/jetty-http.xml</jettyXml>
+          <!--
+            The web.xml is metadata-complete and all Jersey providers are
+            registered explicitly (auto-discovery disabled), so no WEB-INF jar
+            needs annotation scanning. An empty include pattern disables that
+            scan, which also silences the "scanned from multiple locations"
+            warnings emitted by jetty:run (the same .m2 jar seen twice).
+          -->
           <webApp>
-            <webInfIncludeJarPattern>.*/.*jersey-[^/]\.jar$</webInfIncludeJarPattern>
+            <webInfIncludeJarPattern>^$</webInfIncludeJarPattern>
           </webApp>
           <stopPort>9090</stopPort>
           <stopKey>stop</stopKey>
           <systemProperties>
-            <systemProperty>
-              <name>https.cipherSuites</name>
-              <value>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</value>
-            </systemProperty>
+            <https.cipherSuites>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</https.cipherSuites>
           </systemProperties>
         </configuration>
         <executions>
diff --git a/src/main/java/com/authlete/jaxrs/server/ad/AuthenticationDevice.java b/src/main/java/com/authlete/jaxrs/server/ad/AuthenticationDevice.java
index 54d1532..3eab43e 100644
--- a/src/main/java/com/authlete/jaxrs/server/ad/AuthenticationDevice.java
+++ b/src/main/java/com/authlete/jaxrs/server/ad/AuthenticationDevice.java
@@ -19,9 +19,9 @@
 
 import static org.glassfish.jersey.client.ClientProperties.CONNECT_TIMEOUT;
 import static org.glassfish.jersey.client.ClientProperties.READ_TIMEOUT;
-import javax.ws.rs.client.Client;
-import javax.ws.rs.client.ClientBuilder;
-import javax.ws.rs.client.Entity;
+import jakarta.ws.rs.client.Client;
+import jakarta.ws.rs.client.ClientBuilder;
+import jakarta.ws.rs.client.Entity;
 import org.glassfish.jersey.client.ClientConfig;
 import com.authlete.jaxrs.server.ServerConfig;
 import com.authlete.jaxrs.server.ad.dto.AsyncAuthenticationRequest;
diff --git a/src/main/java/com/authlete/jaxrs/server/ad/dto/AsyncAuthenticationCallbackRequest.java b/src/main/java/com/authlete/jaxrs/server/ad/dto/AsyncAuthenticationCallbackRequest.java
index e0beca3..f209c51 100644
--- a/src/main/java/com/authlete/jaxrs/server/ad/dto/AsyncAuthenticationCallbackRequest.java
+++ b/src/main/java/com/authlete/jaxrs/server/ad/dto/AsyncAuthenticationCallbackRequest.java
@@ -18,7 +18,7 @@
 
 
 import java.io.Serializable;
-import javax.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlElement;
 import com.authlete.jaxrs.server.ad.type.Result;
 
 
diff --git a/src/main/java/com/authlete/jaxrs/server/ad/dto/AsyncAuthenticationResponse.java b/src/main/java/com/authlete/jaxrs/server/ad/dto/AsyncAuthenticationResponse.java
index 15d33ec..493d295 100644
--- a/src/main/java/com/authlete/jaxrs/server/ad/dto/AsyncAuthenticationResponse.java
+++ b/src/main/java/com/authlete/jaxrs/server/ad/dto/AsyncAuthenticationResponse.java
@@ -18,7 +18,7 @@
 
 
 import java.io.Serializable;
-import javax.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlElement;
 
 
 /**
diff --git a/src/main/java/com/authlete/jaxrs/server/ad/dto/BaseAuthenticationRequest.java b/src/main/java/com/authlete/jaxrs/server/ad/dto/BaseAuthenticationRequest.java
index fe68003..c0c953c 100644
--- a/src/main/java/com/authlete/jaxrs/server/ad/dto/BaseAuthenticationRequest.java
+++ b/src/main/java/com/authlete/jaxrs/server/ad/dto/BaseAuthenticationRequest.java
@@ -18,7 +18,7 @@
 
 
 import java.io.Serializable;
-import javax.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlElement;
 
 
 /**
diff --git a/src/main/java/com/authlete/jaxrs/server/ad/dto/PollAuthenticationResponse.java b/src/main/java/com/authlete/jaxrs/server/ad/dto/PollAuthenticationResponse.java
index 0eb7133..f509e6a 100644
--- a/src/main/java/com/authlete/jaxrs/server/ad/dto/PollAuthenticationResponse.java
+++ b/src/main/java/com/authlete/jaxrs/server/ad/dto/PollAuthenticationResponse.java
@@ -18,7 +18,7 @@
 
 
 import java.io.Serializable;
-import javax.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlElement;
 
 
 /**
diff --git a/src/main/java/com/authlete/jaxrs/server/ad/dto/PollAuthenticationResultRequest.java b/src/main/java/com/authlete/jaxrs/server/ad/dto/PollAuthenticationResultRequest.java
index cbefed5..6adc7f9 100644
--- a/src/main/java/com/authlete/jaxrs/server/ad/dto/PollAuthenticationResultRequest.java
+++ b/src/main/java/com/authlete/jaxrs/server/ad/dto/PollAuthenticationResultRequest.java
@@ -18,7 +18,7 @@
 
 
 import java.io.Serializable;
-import javax.xml.bind.annotation.XmlElement;
+import jakarta.xml.bind.annotation.XmlElement;
 
 
 /**
diff --git a/src/main/java/com/authlete/jaxrs/server/api/AppleAppSiteAssociation.java b/src/main/java/com/authlete/jaxrs/server/api/AppleAppSiteAssociation.java
index 8ba08f8..6047853 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/AppleAppSiteAssociation.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/AppleAppSiteAssociation.java
@@ -17,10 +17,10 @@
 package com.authlete.jaxrs.server.api;
 
 
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
 
 
 /**
diff --git a/src/main/java/com/authlete/jaxrs/server/api/AuthorizationDecisionEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/AuthorizationDecisionEndpoint.java
index eb41d10..0d67341 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/AuthorizationDecisionEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/AuthorizationDecisionEndpoint.java
@@ -20,22 +20,22 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Date;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpSession;
+import jakarta.ws.rs.Consumes;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.MultivaluedMap;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApiFactory;
 import com.authlete.common.dto.Client;
 import com.authlete.common.types.User;
-import com.authlete.jaxrs.AuthorizationDecisionHandler.Params;
-import com.authlete.jaxrs.BaseAuthorizationDecisionEndpoint;
+import com.authlete.jakarta.AuthorizationDecisionHandler.Params;
+import com.authlete.jakarta.BaseAuthorizationDecisionEndpoint;
 import com.authlete.jaxrs.server.util.ProcessingUtil;
-import com.authlete.jaxrs.spi.AuthorizationDecisionHandlerSpi;
+import com.authlete.jakarta.spi.AuthorizationDecisionHandlerSpi;
 
 
 /**
diff --git a/src/main/java/com/authlete/jaxrs/server/api/AuthorizationDecisionHandlerSpiImpl.java b/src/main/java/com/authlete/jaxrs/server/api/AuthorizationDecisionHandlerSpiImpl.java
index 1c9e8b6..47342c0 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/AuthorizationDecisionHandlerSpiImpl.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/AuthorizationDecisionHandlerSpiImpl.java
@@ -23,9 +23,9 @@
 import java.util.UUID;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
+import jakarta.ws.rs.WebApplicationException;
+import jakarta.ws.rs.core.MultivaluedMap;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.assurance.VerifiedClaims;
 import com.authlete.common.assurance.constraint.VerifiedClaimsConstraint;
 import com.authlete.common.dto.Client;
@@ -36,13 +36,13 @@
 import com.authlete.jaxrs.server.db.DatasetDao;
 import com.authlete.jaxrs.server.db.VerifiedClaimsDao;
 import com.authlete.jaxrs.server.util.ResponseUtil;
-import com.authlete.jaxrs.spi.AuthorizationDecisionHandlerSpiAdapter;
+import com.authlete.jakarta.spi.AuthorizationDecisionHandlerSpiAdapter;
 
 
 /**
- * Implementation of {@link com.authlete.jaxrs.spi.AuthorizationDecisionHandlerSpi
+ * Implementation of {@link com.authlete.jakarta.spi.AuthorizationDecisionHandlerSpi
  * AuthorizationDecisionHandlerSpi} interface which needs to be given
- * to the constructor of {@link com.authlete.jaxrs.AuthorizationDecisionHandler
+ * to the constructor of {@link com.authlete.jakarta.AuthorizationDecisionHandler
  * AuthorizationDecisionHandler}.
  *
  * <p>
diff --git a/src/main/java/com/authlete/jaxrs/server/api/AuthorizationEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/AuthorizationEndpoint.java
index d21fc0b..b798cdd 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/AuthorizationEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/AuthorizationEndpoint.java
@@ -17,18 +17,18 @@
 package com.authlete.jaxrs.server.api;
 
 
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriInfo;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.Consumes;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.MultivaluedMap;
+import jakarta.ws.rs.core.Response;
+import jakarta.ws.rs.core.UriInfo;
 import com.authlete.common.api.AuthleteApiFactory;
-import com.authlete.jaxrs.BaseAuthorizationEndpoint;
+import com.authlete.jakarta.BaseAuthorizationEndpoint;
 
 
 /**
diff --git a/src/main/java/com/authlete/jaxrs/server/api/AuthorizationRequestHandlerSpiImpl.java b/src/main/java/com/authlete/jaxrs/server/api/AuthorizationRequestHandlerSpiImpl.java
index 0448cb6..ee075ca 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/AuthorizationRequestHandlerSpiImpl.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/AuthorizationRequestHandlerSpiImpl.java
@@ -20,25 +20,25 @@
 import java.util.Arrays;
 import java.util.Date;
 import java.util.List;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpSession;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
 import org.glassfish.jersey.server.mvc.Viewable;
 import com.authlete.common.dto.AuthorizationResponse;
 import com.authlete.common.dto.Client;
 import com.authlete.common.types.Prompt;
 import com.authlete.common.types.SubjectType;
 import com.authlete.common.types.User;
-import com.authlete.jaxrs.AuthorizationDecisionHandler.Params;
+import com.authlete.jakarta.AuthorizationDecisionHandler.Params;
 import com.authlete.jaxrs.server.federation.FederationManager;
-import com.authlete.jaxrs.spi.AuthorizationRequestHandlerSpiAdapter;
+import com.authlete.jakarta.spi.AuthorizationRequestHandlerSpiAdapter;
 
 
 /**
- * Implementation of {@link com.authlete.jaxrs.spi.AuthorizationRequestHandlerSpi
+ * Implementation of {@link com.authlete.jakarta.spi.AuthorizationRequestHandlerSpi
  * AuthorizationRequestHandlerSpi} interface which needs to be given
- * to the constructor of {@link com.authlete.jaxrs.AuthorizationRequestHandler
+ * to the constructor of {@link com.authlete.jakarta.AuthorizationRequestHandler
  * AuthorizationRequestHandler}.
  *
  * <p>
diff --git a/src/main/java/com/authlete/jaxrs/server/api/AuthzPageModel.java b/src/main/java/com/authlete/jaxrs/server/api/AuthzPageModel.java
index 2e8386f..406f463 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/AuthzPageModel.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/AuthzPageModel.java
@@ -18,7 +18,7 @@
 
 import com.authlete.common.dto.AuthorizationResponse;
 import com.authlete.common.types.User;
-import com.authlete.jaxrs.AuthorizationPageModel;
+import com.authlete.jakarta.AuthorizationPageModel;
 import com.authlete.jaxrs.server.federation.FederationConfig;
 
 
diff --git a/src/main/java/com/authlete/jaxrs/server/api/ClientRegistrationEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/ClientRegistrationEndpoint.java
index 58631f5..0aa6dd2 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/ClientRegistrationEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/ClientRegistrationEndpoint.java
@@ -19,24 +19,24 @@
 
 import java.security.GeneralSecurityException;
 import java.util.Map;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.GET;
-import javax.ws.rs.HeaderParam;
-import javax.ws.rs.POST;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.Response.Status;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.Consumes;
+import jakarta.ws.rs.DELETE;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.HeaderParam;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.PUT;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.PathParam;
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.HttpHeaders;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
+import jakarta.ws.rs.core.Response.Status;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.api.AuthleteApiFactory;
 import com.authlete.common.util.Utils;
-import com.authlete.jaxrs.BaseClientRegistrationEndpoint;
+import com.authlete.jakarta.BaseClientRegistrationEndpoint;
 import com.authlete.jaxrs.server.obb.util.ObbUtils;
 
 
diff --git a/src/main/java/com/authlete/jaxrs/server/api/ConfigurationEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/ConfigurationEndpoint.java
index e0d1523..bfed47f 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/ConfigurationEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/ConfigurationEndpoint.java
@@ -17,14 +17,14 @@
 package com.authlete.jaxrs.server.api;
 
 
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.core.Response;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.QueryParam;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.api.AuthleteApiFactory;
 import com.authlete.common.dto.ServiceConfigurationRequest;
-import com.authlete.jaxrs.BaseConfigurationEndpoint;
+import com.authlete.jakarta.BaseConfigurationEndpoint;
 
 
 /**
diff --git a/src/main/java/com/authlete/jaxrs/server/api/FederationConfigurationEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/FederationConfigurationEndpoint.java
index b2d63bf..a28e3d1 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/FederationConfigurationEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/FederationConfigurationEndpoint.java
@@ -17,13 +17,13 @@
 package com.authlete.jaxrs.server.api;
 
 
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.Response;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApiFactory;
 import com.authlete.common.dto.FederationConfigurationRequest;
 import com.authlete.common.types.EntityType;
-import com.authlete.jaxrs.BaseFederationConfigurationEndpoint;
+import com.authlete.jakarta.BaseFederationConfigurationEndpoint;
 
 
 /**
diff --git a/src/main/java/com/authlete/jaxrs/server/api/FederationEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/FederationEndpoint.java
index 4e122fb..6c25fa3 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/FederationEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/FederationEndpoint.java
@@ -20,19 +20,19 @@
 import java.io.IOException;
 import java.net.URI;
 import java.util.Date;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.Response.Status;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpSession;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.PathParam;
+import jakarta.ws.rs.WebApplicationException;
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
+import jakarta.ws.rs.core.Response.Status;
 import org.glassfish.jersey.server.mvc.Viewable;
 import com.authlete.common.types.User;
-import com.authlete.jaxrs.BaseEndpoint;
+import com.authlete.jakarta.BaseEndpoint;
 import com.authlete.jaxrs.server.db.UserDao;
 import com.authlete.jaxrs.server.db.UserEntity;
 import com.authlete.jaxrs.server.federation.Federation;
diff --git a/src/main/java/com/authlete/jaxrs/server/api/FederationRegistrationEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/FederationRegistrationEndpoint.java
index 51c722e..3880b29 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/FederationRegistrationEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/FederationRegistrationEndpoint.java
@@ -17,13 +17,13 @@
 package com.authlete.jaxrs.server.api;
 
 
-import javax.ws.rs.Consumes;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.Response;
+import jakarta.ws.rs.Consumes;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApiFactory;
 import com.authlete.common.dto.FederationRegistrationRequest;
-import com.authlete.jaxrs.BaseFederationRegistrationEndpoint;
+import com.authlete.jakarta.BaseFederationRegistrationEndpoint;
 
 
 /**
diff --git a/src/main/java/com/authlete/jaxrs/server/api/GrantManagementEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/GrantManagementEndpoint.java
index f379641..6b6efda 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/GrantManagementEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/GrantManagementEndpoint.java
@@ -17,15 +17,15 @@
 package com.authlete.jaxrs.server.api;
 
 
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.Response;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.DELETE;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.PathParam;
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApiFactory;
-import com.authlete.jaxrs.BaseGrantManagementEndpoint;
+import com.authlete.jakarta.BaseGrantManagementEndpoint;
 
 
 /**
diff --git a/src/main/java/com/authlete/jaxrs/server/api/IntrospectionEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/IntrospectionEndpoint.java
index 8294935..b487385 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/IntrospectionEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/IntrospectionEndpoint.java
@@ -17,19 +17,19 @@
 package com.authlete.jaxrs.server.api;
 
 
-import javax.ws.rs.Consumes;
-import javax.ws.rs.HeaderParam;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.Response.Status;
+import jakarta.ws.rs.Consumes;
+import jakarta.ws.rs.HeaderParam;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.HttpHeaders;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.MultivaluedMap;
+import jakarta.ws.rs.core.Response;
+import jakarta.ws.rs.core.Response.Status;
 import com.authlete.common.api.AuthleteApiFactory;
 import com.authlete.common.web.BasicCredentials;
-import com.authlete.jaxrs.BaseIntrospectionEndpoint;
-import com.authlete.jaxrs.IntrospectionRequestHandler.Params;
+import com.authlete.jakarta.BaseIntrospectionEndpoint;
+import com.authlete.jakarta.IntrospectionRequestHandler.Params;
 import com.authlete.jaxrs.server.db.ResourceServerDao;
 import com.authlete.jaxrs.server.db.ResourceServerEntity;
 
diff --git a/src/main/java/com/authlete/jaxrs/server/api/JwksEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/JwksEndpoint.java
index 8714fb9..66517f5 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/JwksEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/JwksEndpoint.java
@@ -17,11 +17,11 @@
 package com.authlete.jaxrs.server.api;
 
 
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.Response;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApiFactory;
-import com.authlete.jaxrs.BaseJwksEndpoint;
+import com.authlete.jakarta.BaseJwksEndpoint;
 
 
 /**
diff --git a/src/main/java/com/authlete/jaxrs/server/api/JwtAuthzGrantProcessor.java b/src/main/java/com/authlete/jaxrs/server/api/JwtAuthzGrantProcessor.java
index 31b31a2..38474ee 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/JwtAuthzGrantProcessor.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/JwtAuthzGrantProcessor.java
@@ -18,13 +18,13 @@
 
 
 import java.util.Map;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.CacheControl;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.Response.ResponseBuilder;
-import javax.ws.rs.core.Response.Status;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.WebApplicationException;
+import jakarta.ws.rs.core.CacheControl;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
+import jakarta.ws.rs.core.Response.ResponseBuilder;
+import jakarta.ws.rs.core.Response.Status;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.dto.TokenCreateRequest;
 import com.authlete.common.dto.TokenCreateResponse;
diff --git a/src/main/java/com/authlete/jaxrs/server/api/NativeSsoProcessor.java b/src/main/java/com/authlete/jaxrs/server/api/NativeSsoProcessor.java
index 3a049ae..85dd5f8 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/NativeSsoProcessor.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/NativeSsoProcessor.java
@@ -20,9 +20,9 @@
 import java.util.Map;
 import java.util.Objects;
 import java.util.UUID;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Response;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.WebApplicationException;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.dto.NativeSsoRequest;
 import com.authlete.common.dto.NativeSsoResponse;
diff --git a/src/main/java/com/authlete/jaxrs/server/api/OBBDCRProcessor.java b/src/main/java/com/authlete/jaxrs/server/api/OBBDCRProcessor.java
index 853c176..bac9b21 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/OBBDCRProcessor.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/OBBDCRProcessor.java
@@ -35,11 +35,11 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.Response.Status;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.WebApplicationException;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
+import jakarta.ws.rs.core.Response.Status;
 import com.authlete.common.util.Utils;
 import com.authlete.jaxrs.server.obb.util.ObbUtils;
 import com.nimbusds.jose.JOSEException;
diff --git a/src/main/java/com/authlete/jaxrs/server/api/OBBTokenTask.java b/src/main/java/com/authlete/jaxrs/server/api/OBBTokenTask.java
index 607bd36..c964910 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/OBBTokenTask.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/OBBTokenTask.java
@@ -2,12 +2,12 @@
 
 
 import java.util.Map;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.Response.Status;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.WebApplicationException;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.MultivaluedMap;
+import jakarta.ws.rs.core.Response;
+import jakarta.ws.rs.core.Response.Status;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.jaxrs.server.obb.database.ConsentDao;
 import com.authlete.jaxrs.server.obb.model.Consent;
diff --git a/src/main/java/com/authlete/jaxrs/server/api/PushedAuthReqEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/PushedAuthReqEndpoint.java
index 00dca3c..86e5226 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/PushedAuthReqEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/PushedAuthReqEndpoint.java
@@ -1,19 +1,19 @@
 package com.authlete.jaxrs.server.api;
 
 
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.Consumes;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.HttpHeaders;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.MultivaluedMap;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.api.AuthleteApiFactory;
-import com.authlete.jaxrs.BasePushedAuthReqEndpoint;
-import com.authlete.jaxrs.PushedAuthReqHandler.Params;
+import com.authlete.jakarta.BasePushedAuthReqEndpoint;
+import com.authlete.jakarta.PushedAuthReqHandler.Params;
 
 
 /**
diff --git a/src/main/java/com/authlete/jaxrs/server/api/RevocationEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/RevocationEndpoint.java
index 7455c8b..4289f5e 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/RevocationEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/RevocationEndpoint.java
@@ -17,19 +17,19 @@
 package com.authlete.jaxrs.server.api;
 
 
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.Consumes;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.HttpHeaders;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.MultivaluedMap;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.api.AuthleteApiFactory;
-import com.authlete.jaxrs.BaseRevocationEndpoint;
-import com.authlete.jaxrs.RevocationRequestHandler.Params;
+import com.authlete.jakarta.BaseRevocationEndpoint;
+import com.authlete.jakarta.RevocationRequestHandler.Params;
 
 
 /**
diff --git a/src/main/java/com/authlete/jaxrs/server/api/TestEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/TestEndpoint.java
index 49d84b1..1b48c34 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/TestEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/TestEndpoint.java
@@ -8,12 +8,12 @@
 import java.util.Map;
 import java.util.TreeMap;
 import java.util.stream.Collectors;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
 
diff --git a/src/main/java/com/authlete/jaxrs/server/api/TokenEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/TokenEndpoint.java
index 034f1c6..8f58ebd 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/TokenEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/TokenEndpoint.java
@@ -18,21 +18,21 @@
 
 
 import java.util.Map;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.Consumes;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.HttpHeaders;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.MultivaluedMap;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.api.AuthleteApiFactory;
 import com.authlete.common.util.Utils;
-import com.authlete.jaxrs.BaseTokenEndpoint;
-import com.authlete.jaxrs.TokenRequestHandler.Params;
-import com.authlete.jaxrs.spi.TokenRequestHandlerSpi;
+import com.authlete.jakarta.BaseTokenEndpoint;
+import com.authlete.jakarta.TokenRequestHandler.Params;
+import com.authlete.jakarta.spi.TokenRequestHandlerSpi;
 
 
 /**
diff --git a/src/main/java/com/authlete/jaxrs/server/api/TokenExchanger.java b/src/main/java/com/authlete/jaxrs/server/api/TokenExchanger.java
index a298fdf..dacadda 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/TokenExchanger.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/TokenExchanger.java
@@ -19,13 +19,13 @@
 
 import java.net.URI;
 import java.util.Map;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.CacheControl;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.Response.ResponseBuilder;
-import javax.ws.rs.core.Response.Status;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.WebApplicationException;
+import jakarta.ws.rs.core.CacheControl;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
+import jakarta.ws.rs.core.Response.ResponseBuilder;
+import jakarta.ws.rs.core.Response.Status;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.dto.TokenCreateRequest;
 import com.authlete.common.dto.TokenCreateResponse;
diff --git a/src/main/java/com/authlete/jaxrs/server/api/TokenRequestHandlerSpiImpl.java b/src/main/java/com/authlete/jaxrs/server/api/TokenRequestHandlerSpiImpl.java
index 522090e..cee455c 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/TokenRequestHandlerSpiImpl.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/TokenRequestHandlerSpiImpl.java
@@ -18,20 +18,20 @@
 
 
 import java.util.Map;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.core.Response;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.dto.Property;
 import com.authlete.common.dto.TokenResponse;
 import com.authlete.common.types.User;
 import com.authlete.jaxrs.server.db.UserDao;
-import com.authlete.jaxrs.spi.TokenRequestHandlerSpiAdapter;
+import com.authlete.jakarta.spi.TokenRequestHandlerSpiAdapter;
 
 
 /**
- * Implementation of {@link com.authlete.jaxrs.spi.TokenRequestHandlerSpi
+ * Implementation of {@link com.authlete.jakarta.spi.TokenRequestHandlerSpi
  * TokenRequestHandlerSpi} interface which needs to be given to the
- * constructor of {@link com.authlete.jaxrs.TokenRequestHandler
+ * constructor of {@link com.authlete.jakarta.TokenRequestHandler
  * TokenRequestHandler}.
  *
  * @author Takahiko Kawasaki
diff --git a/src/main/java/com/authlete/jaxrs/server/api/UserInfoEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/UserInfoEndpoint.java
index 02af84e..d7c3145 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/UserInfoEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/UserInfoEndpoint.java
@@ -17,19 +17,19 @@
 package com.authlete.jaxrs.server.api;
 
 
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.GET;
-import javax.ws.rs.HeaderParam;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.HeaderParam;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.HttpHeaders;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApiFactory;
-import com.authlete.jaxrs.BaseUserInfoEndpoint;
-import com.authlete.jaxrs.UserInfoRequestHandler.Params;
-import com.authlete.jaxrs.util.JaxRsUtils;
+import com.authlete.jakarta.BaseUserInfoEndpoint;
+import com.authlete.jakarta.UserInfoRequestHandler.Params;
+import com.authlete.jakarta.util.JaxRsUtils;
 
 
 /**
diff --git a/src/main/java/com/authlete/jaxrs/server/api/UserInfoRequestHandlerSpiImpl.java b/src/main/java/com/authlete/jaxrs/server/api/UserInfoRequestHandlerSpiImpl.java
index ca1079a..61c566b 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/UserInfoRequestHandlerSpiImpl.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/UserInfoRequestHandlerSpiImpl.java
@@ -25,13 +25,13 @@
 import com.authlete.jaxrs.server.db.DatasetDao;
 import com.authlete.jaxrs.server.db.UserDao;
 import com.authlete.jaxrs.server.db.VerifiedClaimsDao;
-import com.authlete.jaxrs.spi.UserInfoRequestHandlerSpiAdapter;
+import com.authlete.jakarta.spi.UserInfoRequestHandlerSpiAdapter;
 
 
 /**
- * Implementation of {@link com.authlete.jaxrs.spi.UserInfoRequestHandlerSpi
+ * Implementation of {@link com.authlete.jakarta.spi.UserInfoRequestHandlerSpi
  * UserInfoRequestHandlerSpi} interface which needs to be given to the
- * constructor of {@link com.authlete.jaxrs.UserInfoRequestHandler
+ * constructor of {@link com.authlete.jakarta.UserInfoRequestHandler
  * UserInfoRequestHandler}.
  */
 public class UserInfoRequestHandlerSpiImpl extends UserInfoRequestHandlerSpiAdapter
diff --git a/src/main/java/com/authlete/jaxrs/server/api/attestation/AttestationChallengeEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/attestation/AttestationChallengeEndpoint.java
index 2198cd5..c5da57d 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/attestation/AttestationChallengeEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/attestation/AttestationChallengeEndpoint.java
@@ -17,13 +17,13 @@
 package com.authlete.jaxrs.server.api.attestation;
 
 
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.Response;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.api.AuthleteApiFactory;
 import com.authlete.common.dto.AttestationChallengeRequest;
-import com.authlete.jaxrs.BaseAttestationChallengeEndpoint;
+import com.authlete.jakarta.BaseAttestationChallengeEndpoint;
 
 
 /**
diff --git a/src/main/java/com/authlete/jaxrs/server/api/backchannel/BackchannelAuthenticationCallbackEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/backchannel/BackchannelAuthenticationCallbackEndpoint.java
index 4a3a1cb..6d534e1 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/backchannel/BackchannelAuthenticationCallbackEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/backchannel/BackchannelAuthenticationCallbackEndpoint.java
@@ -21,16 +21,16 @@
 import static com.authlete.jaxrs.server.util.ExceptionUtil.internalServerErrorException;
 import static com.authlete.jaxrs.server.util.ResponseUtil.noContent;
 import java.util.Date;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
+import jakarta.ws.rs.Consumes;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.WebApplicationException;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApiFactory;
 import com.authlete.common.dto.BackchannelAuthenticationCompleteRequest.Result;
 import com.authlete.common.types.User;
-import com.authlete.jaxrs.BackchannelAuthenticationCompleteRequestHandler;
+import com.authlete.jakarta.BackchannelAuthenticationCompleteRequestHandler;
 import com.authlete.jaxrs.server.ad.dto.AsyncAuthenticationCallbackRequest;
 
 
diff --git a/src/main/java/com/authlete/jaxrs/server/api/backchannel/BackchannelAuthenticationCompleteHandlerSpiImpl.java b/src/main/java/com/authlete/jaxrs/server/api/backchannel/BackchannelAuthenticationCompleteHandlerSpiImpl.java
index d650794..717b91c 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/backchannel/BackchannelAuthenticationCompleteHandlerSpiImpl.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/backchannel/BackchannelAuthenticationCompleteHandlerSpiImpl.java
@@ -21,23 +21,23 @@
 import java.net.URI;
 import java.util.Date;
 import javax.net.ssl.SSLContext;
-import javax.ws.rs.client.Client;
-import javax.ws.rs.client.ClientBuilder;
-import javax.ws.rs.client.Entity;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.Response.Status;
+import jakarta.ws.rs.client.Client;
+import jakarta.ws.rs.client.ClientBuilder;
+import jakarta.ws.rs.client.Entity;
+import jakarta.ws.rs.core.HttpHeaders;
+import jakarta.ws.rs.core.Response;
+import jakarta.ws.rs.core.Response.Status;
 import org.glassfish.jersey.client.ClientProperties;
 import com.authlete.common.dto.BackchannelAuthenticationCompleteRequest.Result;
 import com.authlete.common.dto.BackchannelAuthenticationCompleteResponse;
 import com.authlete.common.types.User;
-import com.authlete.jaxrs.spi.BackchannelAuthenticationCompleteRequestHandlerSpiAdapter;
+import com.authlete.jakarta.spi.BackchannelAuthenticationCompleteRequestHandlerSpiAdapter;
 
 
 /**
- * Implementation of {@link com.authlete.jaxrs.spi.BackchannelAuthenticationCompleteRequestHandlerSpi
+ * Implementation of {@link com.authlete.jakarta.spi.BackchannelAuthenticationCompleteRequestHandlerSpi
  * BackchannelAuthenticationCompleteRequestHandlerSpi} interface which needs to
- * be given to the constructor of {@link com.authlete.jaxrs.BackchannelAuthenticationCompleteRequestHandler
+ * be given to the constructor of {@link com.authlete.jakarta.BackchannelAuthenticationCompleteRequestHandler
  * BackchannelAuthenticationCompleteRequestHandler}.
  *
  * @author Hideki Ikeda
diff --git a/src/main/java/com/authlete/jaxrs/server/api/backchannel/BackchannelAuthenticationEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/backchannel/BackchannelAuthenticationEndpoint.java
index bdeb40d..c518f65 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/backchannel/BackchannelAuthenticationEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/backchannel/BackchannelAuthenticationEndpoint.java
@@ -17,19 +17,19 @@
 package com.authlete.jaxrs.server.api.backchannel;
 
 
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.Consumes;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.HttpHeaders;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.MultivaluedMap;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.api.AuthleteApiFactory;
-import com.authlete.jaxrs.BackchannelAuthenticationRequestHandler.Params;
-import com.authlete.jaxrs.BaseBackchannelAuthenticationEndpoint;
+import com.authlete.jakarta.BackchannelAuthenticationRequestHandler.Params;
+import com.authlete.jakarta.BaseBackchannelAuthenticationEndpoint;
 
 
 /**
diff --git a/src/main/java/com/authlete/jaxrs/server/api/backchannel/BackchannelAuthenticationRequestHandlerSpiImpl.java b/src/main/java/com/authlete/jaxrs/server/api/backchannel/BackchannelAuthenticationRequestHandlerSpiImpl.java
index ce137f1..f80a4be 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/backchannel/BackchannelAuthenticationRequestHandlerSpiImpl.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/backchannel/BackchannelAuthenticationRequestHandlerSpiImpl.java
@@ -18,7 +18,7 @@
 
 
 import java.util.concurrent.Executors;
-import javax.ws.rs.WebApplicationException;
+import jakarta.ws.rs.WebApplicationException;
 import com.authlete.common.dto.BackchannelAuthenticationIssueResponse;
 import com.authlete.common.dto.BackchannelAuthenticationResponse;
 import com.authlete.common.dto.Scope;
@@ -27,7 +27,7 @@
 import com.authlete.jaxrs.server.ServerConfig;
 import com.authlete.jaxrs.server.ad.type.Mode;
 import com.authlete.jaxrs.server.db.UserDao;
-import com.authlete.jaxrs.spi.BackchannelAuthenticationRequestHandlerSpiAdapter;
+import com.authlete.jakarta.spi.BackchannelAuthenticationRequestHandlerSpiAdapter;
 
 
 public class BackchannelAuthenticationRequestHandlerSpiImpl extends BackchannelAuthenticationRequestHandlerSpiAdapter
diff --git a/src/main/java/com/authlete/jaxrs/server/api/backchannel/BaseAuthenticationDeviceProcessor.java b/src/main/java/com/authlete/jaxrs/server/api/backchannel/BaseAuthenticationDeviceProcessor.java
index e86032c..e2206fd 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/backchannel/BaseAuthenticationDeviceProcessor.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/backchannel/BaseAuthenticationDeviceProcessor.java
@@ -25,7 +25,7 @@
 import com.authlete.common.dto.Scope;
 import com.authlete.common.dto.BackchannelAuthenticationCompleteRequest.Result;
 import com.authlete.common.types.User;
-import com.authlete.jaxrs.BackchannelAuthenticationCompleteRequestHandler;
+import com.authlete.jakarta.BackchannelAuthenticationCompleteRequestHandler;
 import com.authlete.jaxrs.server.ServerConfig;
 import com.authlete.jaxrs.server.ad.AuthenticationDevice;
 
@@ -121,7 +121,7 @@ public BaseAuthenticationDeviceProcessor(String ticket, User user, String client
 
 
     /**
-     * Delegate the process to {@link com.authlete.jaxrs.BackchannelAuthenticationCompleteRequestHandler
+     * Delegate the process to {@link com.authlete.jakarta.BackchannelAuthenticationCompleteRequestHandler
      * BackchannelAuthenticationCompleteRequestHandler} with the result of {@link
      * Result#AUTHORIZED AUTHORIZED}. This method is equivalent to {@link #complete(Result,
      * Date) complete}({@link Result}.{@link Result#AUTHORIZED AUTHORIZED}, {@code authTime},
@@ -140,7 +140,7 @@ protected void completeWithAuthorized(Date authTime)
 
 
     /**
-     * Delegate the process to {@link com.authlete.jaxrs.BackchannelAuthenticationCompleteRequestHandler
+     * Delegate the process to {@link com.authlete.jakarta.BackchannelAuthenticationCompleteRequestHandler
      * BackchannelAuthenticationCompleteRequestHandler} with the result of {@link
      * Result#ACCESS_DENIED ACCESS_DENIED}, the description of the error and the
      * URI of a document which describes the error in detail. This method is
@@ -161,7 +161,7 @@ protected void completeWithAccessDenied(String errorDescription, URI errorUri)
 
 
     /**
-     * Delegate the process to {@link com.authlete.jaxrs.BackchannelAuthenticationCompleteRequestHandler
+     * Delegate the process to {@link com.authlete.jakarta.BackchannelAuthenticationCompleteRequestHandler
      * BackchannelAuthenticationCompleteRequestHandler} with the result of {@link
      * Result#ACCESS_DENIED ACCESS_DENIED} and the description of the error. This
      * method is equivalent to {@link #completeWithAccessDenied(String, URI)
@@ -177,7 +177,7 @@ protected void completeWithAccessDenied(String errorDescription)
 
 
     /**
-     * Delegate the process to {@link com.authlete.jaxrs.BackchannelAuthenticationCompleteRequestHandler
+     * Delegate the process to {@link com.authlete.jakarta.BackchannelAuthenticationCompleteRequestHandler
      * BackchannelAuthenticationCompleteRequestHandler} with the result of {@link
      * Result#ACCESS_DENIED ACCESS_DENIED} and the URI of a document which describes
      * the error in detail. This method is equivalent to {@link #completeWithAccessDenied(String, URI)
@@ -193,7 +193,7 @@ protected void completeWithAccessDenied(URI errorUri)
 
 
     /**
-     * Delegate the process to {@link com.authlete.jaxrs.BackchannelAuthenticationCompleteRequestHandler
+     * Delegate the process to {@link com.authlete.jakarta.BackchannelAuthenticationCompleteRequestHandler
      * BackchannelAuthenticationCompleteRequestHandler} with the result of {@link
      * Result#ACCESS_DENIED ACCESS_DENIED}. This method is equivalent to {@link
      * #completeWithAccessDenied(String, URI) completeWithAccessDenied}({@code null}
@@ -206,7 +206,7 @@ protected void completeWithAccessDenied()
 
 
     /**
-     * Delegate the process to {@link com.authlete.jaxrs.BackchannelAuthenticationCompleteRequestHandler
+     * Delegate the process to {@link com.authlete.jakarta.BackchannelAuthenticationCompleteRequestHandler
      * BackchannelAuthenticationCompleteRequestHandler} with the result of {@link
      * Result#TRANSACTION_FAILED TRANSACTION_FAILED}, the description of the error
      * and the URI of a document which describes the error in detail. This method
@@ -227,7 +227,7 @@ protected void completeWithTransactionFailed(String errorDescription, URI errorU
 
 
     /**
-     * Delegate the process to {@link com.authlete.jaxrs.BackchannelAuthenticationCompleteRequestHandler
+     * Delegate the process to {@link com.authlete.jakarta.BackchannelAuthenticationCompleteRequestHandler
      * BackchannelAuthenticationCompleteRequestHandler} with the result of {@link
      * Result#TRANSACTION_FAILED TRANSACTION_FAILED} and the description of the
      * error. This method is equivalent to {@link #completeWithTransactionFailed
@@ -244,7 +244,7 @@ protected void completeWithTransactionFailed(String errorDescription)
 
 
     /**
-     * Delegate the process to {@link com.authlete.jaxrs.BackchannelAuthenticationCompleteRequestHandler
+     * Delegate the process to {@link com.authlete.jakarta.BackchannelAuthenticationCompleteRequestHandler
      * BackchannelAuthenticationCompleteRequestHandler} with the result of {@link
      * Result#TRANSACTION_FAILED TRANSACTION_FAILED} and the URI of a document
      * which describes the error in detail. This method is equivalent to {@link
@@ -261,7 +261,7 @@ protected void completeWithTransactionFailed(URI errorUri)
 
 
     /**
-     * Delegate the process to {@link com.authlete.jaxrs.BackchannelAuthenticationCompleteRequestHandler
+     * Delegate the process to {@link com.authlete.jakarta.BackchannelAuthenticationCompleteRequestHandler
      * BackchannelAuthenticationCompleteRequestHandler} with the result of {@link
      * Result#TRANSACTION_FAILED TRANSACTION_FAILED}. This method is equivalent
      * to {@link #completeWithTransactionFailed(String, URI) completeWithTransactionFailed}
@@ -274,7 +274,7 @@ protected void completeWithTransactionFailed()
 
 
     /**
-     * Delegate the process to {@link com.authlete.jaxrs.BackchannelAuthenticationCompleteRequestHandler
+     * Delegate the process to {@link com.authlete.jakarta.BackchannelAuthenticationCompleteRequestHandler
      * BackchannelAuthenticationCompleteRequestHandler}.
      *
      * @param result
diff --git a/src/main/java/com/authlete/jaxrs/server/api/device/DeviceAuthorizationEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/device/DeviceAuthorizationEndpoint.java
index caf0824..e39bb57 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/device/DeviceAuthorizationEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/device/DeviceAuthorizationEndpoint.java
@@ -17,19 +17,19 @@
 package com.authlete.jaxrs.server.api.device;
 
 
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.Consumes;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.HttpHeaders;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.MultivaluedMap;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.api.AuthleteApiFactory;
-import com.authlete.jaxrs.BaseDeviceAuthorizationEndpoint;
-import com.authlete.jaxrs.DeviceAuthorizationRequestHandler.Params;
+import com.authlete.jakarta.BaseDeviceAuthorizationEndpoint;
+import com.authlete.jakarta.DeviceAuthorizationRequestHandler.Params;
 
 
 /**
diff --git a/src/main/java/com/authlete/jaxrs/server/api/device/DeviceCompleteEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/device/DeviceCompleteEndpoint.java
index 2e320dd..58d011c 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/device/DeviceCompleteEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/device/DeviceCompleteEndpoint.java
@@ -19,18 +19,18 @@
 
 import static com.authlete.jaxrs.server.util.ExceptionUtil.badRequestException;
 import java.util.Date;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpSession;
+import jakarta.ws.rs.Consumes;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.MultivaluedMap;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApiFactory;
 import com.authlete.common.types.User;
-import com.authlete.jaxrs.BaseDeviceCompleteEndpoint;
+import com.authlete.jakarta.BaseDeviceCompleteEndpoint;
 
 
 /**
diff --git a/src/main/java/com/authlete/jaxrs/server/api/device/DeviceCompleteRequestHandlerSpiImpl.java b/src/main/java/com/authlete/jaxrs/server/api/device/DeviceCompleteRequestHandlerSpiImpl.java
index a71a791..8655e1d 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/device/DeviceCompleteRequestHandlerSpiImpl.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/device/DeviceCompleteRequestHandlerSpiImpl.java
@@ -21,17 +21,17 @@
 import static com.authlete.jaxrs.server.util.ResponseUtil.internalServerError;
 import static com.authlete.jaxrs.server.util.ResponseUtil.ok;
 import java.util.Date;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
+import jakarta.ws.rs.core.MultivaluedMap;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.dto.DeviceCompleteRequest.Result;
 import com.authlete.common.types.User;
-import com.authlete.jaxrs.spi.DeviceCompleteRequestHandlerSpiAdapter;
+import com.authlete.jakarta.spi.DeviceCompleteRequestHandlerSpiAdapter;
 
 
 /**
- * Implementation of {@link com.authlete.jaxrs.spi.DeviceCompleteRequestHandlerSpi
+ * Implementation of {@link com.authlete.jakarta.spi.DeviceCompleteRequestHandlerSpi
  * DeviceCompleteRequestHandlerSpi} interface which needs to be given to the constructor
- * of {@link com.authlete.jaxrs.DeviceCompleteRequestHandler DeviceCompleteRequestHandler}.
+ * of {@link com.authlete.jakarta.DeviceCompleteRequestHandler DeviceCompleteRequestHandler}.
  *
  * @author Hideki Ikeda
  */
diff --git a/src/main/java/com/authlete/jaxrs/server/api/device/DeviceVerificationEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/device/DeviceVerificationEndpoint.java
index 4a66835..cb9f3ab 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/device/DeviceVerificationEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/device/DeviceVerificationEndpoint.java
@@ -20,22 +20,22 @@
 import static com.authlete.jaxrs.server.util.ResponseUtil.ok;
 import static com.authlete.jaxrs.server.util.ExceptionUtil.unauthorizedException;
 import java.util.Date;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriInfo;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpSession;
+import jakarta.ws.rs.Consumes;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.MultivaluedMap;
+import jakarta.ws.rs.core.Response;
+import jakarta.ws.rs.core.UriInfo;
 import org.glassfish.jersey.server.mvc.Viewable;
 import com.authlete.common.api.AuthleteApiFactory;
 import com.authlete.common.types.User;
-import com.authlete.jaxrs.BaseDeviceVerificationEndpoint;
-import com.authlete.jaxrs.DeviceVerificationPageModel;
+import com.authlete.jakarta.BaseDeviceVerificationEndpoint;
+import com.authlete.jakarta.DeviceVerificationPageModel;
 import com.authlete.jaxrs.server.db.UserDao;
 
 
diff --git a/src/main/java/com/authlete/jaxrs/server/api/device/DeviceVerificationRequestHandlerSpiImpl.java b/src/main/java/com/authlete/jaxrs/server/api/device/DeviceVerificationRequestHandlerSpiImpl.java
index b426aa8..9b2687e 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/device/DeviceVerificationRequestHandlerSpiImpl.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/device/DeviceVerificationRequestHandlerSpiImpl.java
@@ -21,14 +21,14 @@
 import static com.authlete.jaxrs.server.util.ResponseUtil.internalServerError;
 import static com.authlete.jaxrs.server.util.ResponseUtil.notFound;
 import static com.authlete.jaxrs.server.util.ResponseUtil.ok;
-import javax.servlet.http.HttpSession;
-import javax.ws.rs.core.Response;
+import jakarta.servlet.http.HttpSession;
+import jakarta.ws.rs.core.Response;
 import org.glassfish.jersey.server.mvc.Viewable;
 import com.authlete.common.dto.DeviceVerificationResponse;
 import com.authlete.common.types.User;
-import com.authlete.jaxrs.DeviceAuthorizationPageModel;
-import com.authlete.jaxrs.DeviceVerificationPageModel;
-import com.authlete.jaxrs.spi.DeviceVerificationRequestHandlerSpiAdapter;
+import com.authlete.jakarta.DeviceAuthorizationPageModel;
+import com.authlete.jakarta.DeviceVerificationPageModel;
+import com.authlete.jakarta.spi.DeviceVerificationRequestHandlerSpiAdapter;
 
 
 /**
diff --git a/src/main/java/com/authlete/jaxrs/server/api/obb/AccountsEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/obb/AccountsEndpoint.java
index bca3538..b4587dc 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/obb/AccountsEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/obb/AccountsEndpoint.java
@@ -18,12 +18,12 @@
 
 
 import static com.authlete.common.util.FapiUtils.X_FAPI_INTERACTION_ID;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.GET;
-import javax.ws.rs.HeaderParam;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.Response;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.HeaderParam;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.api.AuthleteApiFactory;
 import com.authlete.common.dto.IntrospectionResponse;
diff --git a/src/main/java/com/authlete/jaxrs/server/api/obb/ConsentsEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/obb/ConsentsEndpoint.java
index 6fe861f..e696e4e 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/obb/ConsentsEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/obb/ConsentsEndpoint.java
@@ -18,17 +18,17 @@
 
 
 import static com.authlete.common.util.FapiUtils.X_FAPI_INTERACTION_ID;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.GET;
-import javax.ws.rs.HeaderParam;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.Consumes;
+import jakarta.ws.rs.DELETE;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.HeaderParam;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.PathParam;
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.api.AuthleteApiException;
 import com.authlete.common.api.AuthleteApiFactory;
diff --git a/src/main/java/com/authlete/jaxrs/server/api/obb/FAPI2BaseAccountsEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/obb/FAPI2BaseAccountsEndpoint.java
index e833b27..5a752b2 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/obb/FAPI2BaseAccountsEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/obb/FAPI2BaseAccountsEndpoint.java
@@ -26,12 +26,12 @@
 import com.authlete.jaxrs.server.obb.model.ResponseAccountList;
 import com.authlete.jaxrs.server.obb.util.ObbUtils;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.GET;
-import javax.ws.rs.HeaderParam;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.Response;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.HeaderParam;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.Response;
 
 import static com.authlete.common.util.FapiUtils.X_FAPI_INTERACTION_ID;
 
diff --git a/src/main/java/com/authlete/jaxrs/server/api/obb/ResourcesEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/obb/ResourcesEndpoint.java
index 2f4cfec..c81a705 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/obb/ResourcesEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/obb/ResourcesEndpoint.java
@@ -18,12 +18,12 @@
 
 
 import static com.authlete.common.util.FapiUtils.X_FAPI_INTERACTION_ID;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.GET;
-import javax.ws.rs.HeaderParam;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.Response;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.HeaderParam;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.api.AuthleteApiFactory;
 import com.authlete.common.dto.IntrospectionResponse;
diff --git a/src/main/java/com/authlete/jaxrs/server/api/vci/AbstractCredentialEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/vci/AbstractCredentialEndpoint.java
index 3e393b8..d2f5213 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/vci/AbstractCredentialEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/vci/AbstractCredentialEndpoint.java
@@ -21,8 +21,8 @@
 import java.util.LinkedHashMap;
 import java.util.Map;
 import java.util.stream.Collectors;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.WebApplicationException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.WebApplicationException;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.dto.CredentialIssuanceOrder;
 import com.authlete.common.dto.CredentialIssuerMetadataRequest;
@@ -31,7 +31,7 @@
 import com.authlete.common.dto.IntrospectionRequest;
 import com.authlete.common.dto.IntrospectionResponse;
 import com.authlete.common.types.ErrorCode;
-import com.authlete.jaxrs.BaseResourceEndpoint;
+import com.authlete.jakarta.BaseResourceEndpoint;
 import com.authlete.jaxrs.server.util.ExceptionUtil;
 import com.authlete.jaxrs.server.vc.InvalidCredentialRequestException;
 import com.authlete.jaxrs.server.vc.OrderContext;
diff --git a/src/main/java/com/authlete/jaxrs/server/api/vci/BatchCredentialEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/vci/BatchCredentialEndpoint.java
index 81d8d0c..9f705bd 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/vci/BatchCredentialEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/vci/BatchCredentialEndpoint.java
@@ -18,17 +18,17 @@
 
 
 import java.util.Map;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.HeaderParam;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.Consumes;
+import jakarta.ws.rs.HeaderParam;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.QueryParam;
+import jakarta.ws.rs.WebApplicationException;
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.HttpHeaders;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.api.AuthleteApiFactory;
 import com.authlete.common.dto.CredentialBatchIssueRequest;
diff --git a/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialEndpoint.java
index f5252e7..3872cf5 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialEndpoint.java
@@ -18,17 +18,17 @@
 
 
 import java.util.Map;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.HeaderParam;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.Consumes;
+import jakarta.ws.rs.HeaderParam;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.QueryParam;
+import jakarta.ws.rs.WebApplicationException;
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.HttpHeaders;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.api.AuthleteApiFactory;
 import com.authlete.common.dto.CredentialIssuanceOrder;
diff --git a/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialJWKSetEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialJWKSetEndpoint.java
index 0323a2e..f3e2e5e 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialJWKSetEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialJWKSetEndpoint.java
@@ -17,10 +17,10 @@
 package com.authlete.jaxrs.server.api.vci;
 
 
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Response;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.WebApplicationException;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.api.AuthleteApiFactory;
 import com.authlete.common.dto.CredentialIssuerJwksRequest;
diff --git a/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialJwtIssuerEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialJwtIssuerEndpoint.java
index 6f9ab58..6a313a4 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialJwtIssuerEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialJwtIssuerEndpoint.java
@@ -17,13 +17,13 @@
 package com.authlete.jaxrs.server.api.vci;
 
 
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.Response;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.api.AuthleteApiFactory;
 import com.authlete.common.dto.CredentialJwtIssuerMetadataRequest;
-import com.authlete.jaxrs.BaseCredentialJwtIssuerMetadataEndpoint;
+import com.authlete.jakarta.BaseCredentialJwtIssuerMetadataEndpoint;
 
 
 @Path("/.well-known/{path : jwt-issuer|jwt-vc-issuer}")
diff --git a/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialMetadataEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialMetadataEndpoint.java
index 2b6491e..09d446b 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialMetadataEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialMetadataEndpoint.java
@@ -17,13 +17,13 @@
 package com.authlete.jaxrs.server.api.vci;
 
 
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.Response;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.api.AuthleteApiFactory;
 import com.authlete.common.dto.CredentialIssuerMetadataRequest;
-import com.authlete.jaxrs.BaseCredentialIssuerMetadataEndpoint;
+import com.authlete.jakarta.BaseCredentialIssuerMetadataEndpoint;
 
 
 @Path("/.well-known/openid-credential-issuer")
diff --git a/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialNonceEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialNonceEndpoint.java
index 39683fb..e0acc99 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialNonceEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialNonceEndpoint.java
@@ -17,13 +17,13 @@
 package com.authlete.jaxrs.server.api.vci;
 
 
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.Response;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.api.AuthleteApiFactory;
 import com.authlete.common.dto.CredentialNonceRequest;
-import com.authlete.jaxrs.BaseCredentialNonceEndpoint;
+import com.authlete.jakarta.BaseCredentialNonceEndpoint;
 
 
 /**
diff --git a/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialOfferEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialOfferEndpoint.java
index 6ba2029..ba56042 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialOfferEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialOfferEndpoint.java
@@ -17,13 +17,13 @@
 package com.authlete.jaxrs.server.api.vci;
 
 
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.core.Response;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.PathParam;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApiFactory;
 import com.authlete.common.dto.CredentialOfferInfoRequest;
-import com.authlete.jaxrs.BaseCredentialOfferUriEndpoint;
+import com.authlete.jakarta.BaseCredentialOfferUriEndpoint;
 
 
 @Path("/api/offer/{identifier}")
diff --git a/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialOfferIssueEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialOfferIssueEndpoint.java
index b6a129f..a4a093a 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialOfferIssueEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialOfferIssueEndpoint.java
@@ -18,23 +18,23 @@
 
 
 import java.util.Map;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpSession;
+import jakarta.ws.rs.Consumes;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.MultivaluedMap;
+import jakarta.ws.rs.core.Response;
 import org.glassfish.jersey.server.mvc.Viewable;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.api.AuthleteApiFactory;
 import com.authlete.common.dto.CredentialOfferCreateRequest;
 import com.authlete.common.dto.CredentialOfferCreateResponse;
 import com.authlete.common.types.User;
-import com.authlete.jaxrs.BaseEndpoint;
+import com.authlete.jakarta.BaseEndpoint;
 import com.authlete.jaxrs.server.util.ExceptionUtil;
 import com.authlete.jaxrs.server.util.ProcessingUtil;
 
diff --git a/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialOfferPageModel.java b/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialOfferPageModel.java
index 692a58f..941a0ba 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialOfferPageModel.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/vci/CredentialOfferPageModel.java
@@ -27,7 +27,7 @@
 import com.authlete.common.dto.CredentialOfferCreateRequest;
 import com.authlete.common.dto.CredentialOfferInfo;
 import com.authlete.common.types.User;
-import com.authlete.jaxrs.AuthorizationPageModel;
+import com.authlete.jakarta.AuthorizationPageModel;
 import com.authlete.jaxrs.server.util.ExceptionUtil;
 import com.authlete.jaxrs.server.util.ProcessingUtil;
 import com.google.gson.Gson;
diff --git a/src/main/java/com/authlete/jaxrs/server/api/vci/DeferredCredentialEndpoint.java b/src/main/java/com/authlete/jaxrs/server/api/vci/DeferredCredentialEndpoint.java
index fdd1748..e470dd2 100644
--- a/src/main/java/com/authlete/jaxrs/server/api/vci/DeferredCredentialEndpoint.java
+++ b/src/main/java/com/authlete/jaxrs/server/api/vci/DeferredCredentialEndpoint.java
@@ -18,16 +18,16 @@
 
 
 import java.util.Map;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.HeaderParam;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.Consumes;
+import jakarta.ws.rs.HeaderParam;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.WebApplicationException;
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.HttpHeaders;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.api.AuthleteApiFactory;
 import com.authlete.common.dto.CredentialDeferredIssueRequest;
diff --git a/src/main/java/com/authlete/jaxrs/server/core/AppContextListener.java b/src/main/java/com/authlete/jaxrs/server/core/AppContextListener.java
index c33b996..14038ee 100644
--- a/src/main/java/com/authlete/jaxrs/server/core/AppContextListener.java
+++ b/src/main/java/com/authlete/jaxrs/server/core/AppContextListener.java
@@ -19,8 +19,8 @@
 
 import java.security.Provider;
 import java.security.Security;
-import javax.servlet.ServletContextEvent;
-import javax.servlet.ServletContextListener;
+import jakarta.servlet.ServletContextEvent;
+import jakarta.servlet.ServletContextListener;
 import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton;
 
 
diff --git a/src/main/java/com/authlete/jaxrs/server/core/SessionTracker.java b/src/main/java/com/authlete/jaxrs/server/core/SessionTracker.java
index 1bf704c..5358936 100644
--- a/src/main/java/com/authlete/jaxrs/server/core/SessionTracker.java
+++ b/src/main/java/com/authlete/jaxrs/server/core/SessionTracker.java
@@ -3,9 +3,9 @@
 
 import java.util.HashSet;
 import java.util.Set;
-import javax.servlet.annotation.WebListener;
-import javax.servlet.http.HttpSessionEvent;
-import javax.servlet.http.HttpSessionListener;
+import jakarta.servlet.annotation.WebListener;
+import jakarta.servlet.http.HttpSessionEvent;
+import jakarta.servlet.http.HttpSessionListener;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
diff --git a/src/main/java/com/authlete/jaxrs/server/decorator/FapiInteractionIdResponseFilter.java b/src/main/java/com/authlete/jaxrs/server/decorator/FapiInteractionIdResponseFilter.java
index aaae138..ba23c93 100644
--- a/src/main/java/com/authlete/jaxrs/server/decorator/FapiInteractionIdResponseFilter.java
+++ b/src/main/java/com/authlete/jaxrs/server/decorator/FapiInteractionIdResponseFilter.java
@@ -19,11 +19,11 @@
 
 import java.io.IOException;
 import java.util.UUID;
-import javax.annotation.Priority;
-import javax.ws.rs.container.ContainerRequestContext;
-import javax.ws.rs.container.ContainerResponseContext;
-import javax.ws.rs.container.ContainerResponseFilter;
-import javax.ws.rs.ext.Provider;
+import jakarta.annotation.Priority;
+import jakarta.ws.rs.container.ContainerRequestContext;
+import jakarta.ws.rs.container.ContainerResponseContext;
+import jakarta.ws.rs.container.ContainerResponseFilter;
+import jakarta.ws.rs.ext.Provider;
 import com.authlete.jaxrs.server.http.CustomHttpHeaders;
 import com.authlete.jaxrs.server.http.RequestUtility;
 
diff --git a/src/main/java/com/authlete/jaxrs/server/http/RequestUtility.java b/src/main/java/com/authlete/jaxrs/server/http/RequestUtility.java
index bc88029..80b806c 100644
--- a/src/main/java/com/authlete/jaxrs/server/http/RequestUtility.java
+++ b/src/main/java/com/authlete/jaxrs/server/http/RequestUtility.java
@@ -17,7 +17,7 @@
 package com.authlete.jaxrs.server.http;
 
 
-import javax.ws.rs.container.ContainerRequestContext;
+import jakarta.ws.rs.container.ContainerRequestContext;
 
 
 public class RequestUtility
diff --git a/src/main/java/com/authlete/jaxrs/server/obb/util/ObbUtils.java b/src/main/java/com/authlete/jaxrs/server/obb/util/ObbUtils.java
index 81ef3da..d05992a 100644
--- a/src/main/java/com/authlete/jaxrs/server/obb/util/ObbUtils.java
+++ b/src/main/java/com/authlete/jaxrs/server/obb/util/ObbUtils.java
@@ -21,13 +21,13 @@
 import java.util.Date;
 import java.util.Map;
 import java.util.TimeZone;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.Response.ResponseBuilder;
-import javax.ws.rs.core.Response.Status;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.WebApplicationException;
+import jakarta.ws.rs.core.HttpHeaders;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
+import jakarta.ws.rs.core.Response.ResponseBuilder;
+import jakarta.ws.rs.core.Response.Status;
 import com.authlete.common.api.AuthleteApi;
 import com.authlete.common.api.AuthleteApiException;
 import com.authlete.common.dto.Client;
@@ -40,7 +40,7 @@
 import com.authlete.common.web.DpopToken;
 import com.authlete.jaxrs.server.api.OBBCertValidator;
 import com.authlete.jaxrs.server.obb.model.ResponseError;
-import com.authlete.jaxrs.util.CertificateUtils;
+import com.authlete.jakarta.util.CertificateUtils;
 import com.nimbusds.jwt.SignedJWT;
 
 
diff --git a/src/main/java/com/authlete/jaxrs/server/util/CertValidator.java b/src/main/java/com/authlete/jaxrs/server/util/CertValidator.java
index 2faf239..4e59f41 100644
--- a/src/main/java/com/authlete/jaxrs/server/util/CertValidator.java
+++ b/src/main/java/com/authlete/jaxrs/server/util/CertValidator.java
@@ -40,8 +40,8 @@
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
-import javax.servlet.http.HttpServletRequest;
-import com.authlete.jaxrs.util.CertificateUtils;
+import jakarta.servlet.http.HttpServletRequest;
+import com.authlete.jakarta.util.CertificateUtils;
 
 
 public class CertValidator
diff --git a/src/main/java/com/authlete/jaxrs/server/util/ExceptionUtil.java b/src/main/java/com/authlete/jaxrs/server/util/ExceptionUtil.java
index d28cab0..b2668c0 100644
--- a/src/main/java/com/authlete/jaxrs/server/util/ExceptionUtil.java
+++ b/src/main/java/com/authlete/jaxrs/server/util/ExceptionUtil.java
@@ -26,7 +26,7 @@
 import static com.authlete.jaxrs.server.util.ResponseUtil.notFound;
 import static com.authlete.jaxrs.server.util.ResponseUtil.unauthorized;
 import java.util.Map;
-import javax.ws.rs.WebApplicationException;
+import jakarta.ws.rs.WebApplicationException;
 import org.glassfish.jersey.server.mvc.Viewable;
 
 
diff --git a/src/main/java/com/authlete/jaxrs/server/util/ProcessingUtil.java b/src/main/java/com/authlete/jaxrs/server/util/ProcessingUtil.java
index bad128f..ff1adf9 100644
--- a/src/main/java/com/authlete/jaxrs/server/util/ProcessingUtil.java
+++ b/src/main/java/com/authlete/jaxrs/server/util/ProcessingUtil.java
@@ -5,9 +5,9 @@
 import java.util.Date;
 import java.util.Map;
 import java.util.stream.Collectors;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-import javax.ws.rs.core.MultivaluedMap;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpSession;
+import jakarta.ws.rs.core.MultivaluedMap;
 import com.authlete.common.types.User;
 import com.authlete.jaxrs.server.db.UserDao;
 
diff --git a/src/main/java/com/authlete/jaxrs/server/util/ResponseUtil.java b/src/main/java/com/authlete/jaxrs/server/util/ResponseUtil.java
index bfaf1fa..cbb9e01 100644
--- a/src/main/java/com/authlete/jaxrs/server/util/ResponseUtil.java
+++ b/src/main/java/com/authlete/jaxrs/server/util/ResponseUtil.java
@@ -18,11 +18,11 @@
 
 
 import java.util.Map;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.Response.ResponseBuilder;
-import javax.ws.rs.core.Response.Status;
+import jakarta.ws.rs.core.HttpHeaders;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
+import jakarta.ws.rs.core.Response.ResponseBuilder;
+import jakarta.ws.rs.core.Response.Status;
 import org.glassfish.jersey.server.mvc.Viewable;
 
 
diff --git a/src/main/webapp/WEB-INF/template/authorization.jsp b/src/main/webapp/WEB-INF/template/authorization.jsp
index bacbc0c..bcfbf14 100644
--- a/src/main/webapp/WEB-INF/template/authorization.jsp
+++ b/src/main/webapp/WEB-INF/template/authorization.jsp
@@ -20,7 +20,7 @@
 <!--
 <%@ page contentType="text/html;charset=UTF-8" %>
 <%@ page pageEncoding="UTF-8" %>
-<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+<%@ taglib prefix="c" uri="jakarta.tags.core" %>
 <% response.setHeader("Cache-Control", "no-store"); %>
 -->
 <html>
diff --git a/src/main/webapp/WEB-INF/template/credential-offer.jsp b/src/main/webapp/WEB-INF/template/credential-offer.jsp
index 7fe125d..c721477 100644
--- a/src/main/webapp/WEB-INF/template/credential-offer.jsp
+++ b/src/main/webapp/WEB-INF/template/credential-offer.jsp
@@ -20,7 +20,7 @@
 <!--
 <%@ page contentType="text/html;charset=UTF-8" %>
 <%@ page pageEncoding="UTF-8" %>
-<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+<%@ taglib prefix="c" uri="jakarta.tags.core" %>
 <% response.setHeader("Cache-Control", "no-store"); %>
 -->
 <html>
diff --git a/src/main/webapp/WEB-INF/template/device/authorization.jsp b/src/main/webapp/WEB-INF/template/device/authorization.jsp
index eed3345..9e8c872 100644
--- a/src/main/webapp/WEB-INF/template/device/authorization.jsp
+++ b/src/main/webapp/WEB-INF/template/device/authorization.jsp
@@ -20,7 +20,7 @@
 <!--
 <%@ page contentType="text/html;charset=UTF-8" %>
 <%@ page pageEncoding="UTF-8" %>
-<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+<%@ taglib prefix="c" uri="jakarta.tags.core" %>
 <% response.setHeader("Cache-Control", "no-store"); %>
 -->
 <html>
diff --git a/src/main/webapp/WEB-INF/template/device/verification.jsp b/src/main/webapp/WEB-INF/template/device/verification.jsp
index 9a88acb..3a17c8f 100644
--- a/src/main/webapp/WEB-INF/template/device/verification.jsp
+++ b/src/main/webapp/WEB-INF/template/device/verification.jsp
@@ -20,7 +20,7 @@
 <!--
 <%@ page contentType="text/html;charset=UTF-8" %>
 <%@ page pageEncoding="UTF-8" %>
-<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+<%@ taglib prefix="c" uri="jakarta.tags.core" %>
 <% response.setHeader("Cache-Control", "no-store"); %>
 -->
 <html>
diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml
index d49297d..cef23f6 100644
--- a/src/main/webapp/WEB-INF/web.xml
+++ b/src/main/webapp/WEB-INF/web.xml
@@ -1,12 +1,11 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <web-app
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xmlns="http://java.sun.com/xml/ns/javaee"
-  xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
-  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+  xmlns="https://jakarta.ee/xml/ns/jakartaee"
+  xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_6_0.xsd"
   metadata-complete="true"
   id="java-oauth-server"
-  version="3.0">
+  version="6.0">
 
   <listener>
     <listener-class>com.authlete.jaxrs.server.core.AppContextListener</listener-class>