Reputation: 1694
Simple question on which security type to use.
Using: Java EE, EJB, JPA, TomEE, MVC-Servlets + JSP, MySQL
I am working on a simple web app, and would like to implement "security part". This is my first bigger Java EE
project, and I would like to ask for advice on implementing security.
I am storing informations about users in mysql
database (table user
, some fields: username, password, user_type
...).
Reading about security in Java EE
on the net, there are many new concepts I am not yet familiar with: JAAS, declarative security, programmatic security, form based authentication, BASIC authentication, JASPIC
...(I am aware what are authentication and authorization).
Because, i don't have much time, i am asking for simple advice which of these concepts should I focus on to implement security in my app? Requirement is that user authentication should be implemented with username and password, and authorization with session tracking.
Basicly, what is the appropriate approach to implementing security for these requirements?
Appreciate any advice.
Upvotes: 0
Views: 269
Reputation: 13566
You can go for form based security. It will enable you to authenticate and authorize users based on their usernames and roles as defined in database. Learn how to configure JAAS with jBoss 7 and mysql and configure jdbcrealm with tomcat and mysql
Upvotes: 1