Vladimir
Vladimir

Reputation: 1694

Advice on implementing security aspect of Java EE web application

Simple question on which security type to use. Using: Java EE, EJB, JPA, TomEE, MVC-Servlets + JSP, MySQL

I am working on a simple web app, and would like to implement "security part". This is my first bigger Java EE project, and I would like to ask for advice on implementing security. I am storing informations about users in mysql database (table user, some fields: username, password, user_type...).

Reading about security in Java EE on the net, there are many new concepts I am not yet familiar with: JAAS, declarative security, programmatic security, form based authentication, BASIC authentication, JASPIC ...(I am aware what are authentication and authorization).

Because, i don't have much time, i am asking for simple advice which of these concepts should I focus on to implement security in my app? Requirement is that user authentication should be implemented with username and password, and authorization with session tracking.

Basicly, what is the appropriate approach to implementing security for these requirements?

Appreciate any advice.

Upvotes: 0

Views: 269

Answers (1)

Prasad Kharkar
Prasad Kharkar

Reputation: 13566

You can go for form based security. It will enable you to authenticate and authorize users based on their usernames and roles as defined in database. Learn how to configure JAAS with jBoss 7 and mysql and configure jdbcrealm with tomcat and mysql

Upvotes: 1

Related Questions