This rule flags Java code that has references to the javax.security.auth.message package.
The Java Authentication Service Provider Interface for Containers (JASPIC) API is supported in all WebSphere Application Server editions except Liberty Core. If your application is deployed to Liberty, you must enable the JASPIC feature. For Java EE 6 or 7, use the jaspic-1.1 feature. For Java EE 8, use the appSecurity-3.0 feature.
For more information on using JASPIC in Liberty, see Developing a custom JASPIC authentication provider for Liberty and Configuring a Java Authentication SPI for Containers (JASPIC) User Feature.