Reputation: 1694
Advice on implementing security aspect of Java EE web application
Simple question on which security type to use.
Using: Java EE, EJB, JPA, TomEE, MVC-Servlets + JSP, MySQL
I am working on a simple web app, and would like to implement "security part". This is my first bigger Java EE project, and I would like to ask for advice on implementing security.
I am storing informations about users in mysql database (table user, some fields: username, password, user_type...).
Reading about security in Java EE on the net, there are many new concepts I am not yet familiar with: JAAS, declarative security, programmatic security, form based authentication, BASIC authentication, JASPIC ...(I am aware what are authentication and authorization).
Because, i don't have much time, i am asking for simple advice which of these concepts should I focus on to implement security in my app? Requirement is that user authentication should be implemented with username and password, and authorization with session tracking.
Basicly, what is the appropriate approach to implementing security for these requirements?
Appreciate any advice.
Upvotes: 0
Views: 269
Answers (1)
Reputation: 13566
You can go for form based security. It will enable you to authenticate and authorize users based on their usernames and roles as defined in database. Learn how to configure JAAS with jBoss 7 and mysql and configure jdbcrealm with tomcat and mysql
Upvotes: 1
Related Questions
- How to secure my java web application?
- How do I do security in JSF?
- Need help to understand and implement basic web app security
- How to secure links in your JSP web application?
- Servlet declarative security
- Java Web Application Security Idea
- security functions
- Security for the login page (using Servlet/JSP)
- Securing a web application
- Ensuring Users are Authenticated in Java Web App