Implementing security in Java EE applications
After seeing the most common security approaches of today's world, let's have a look into how security is implemented using Java EE.
Of all the Java versions, Java EE version 8 aimed to address security aspects. It contains a security API that simplifies and unifies the integration for developers.
Transparent security
In the simplest way, security in web applications can be implemented by proxy web servers, such as Apache or nginx. In that case, the security responsibilities are transparent to the application.
This is often the case if the enterprise application doesn't have to deal with users as domain entities.
Servlets
In order to secure web services offered by the Java EE application, usually security on the servlet layer is used. This is the case for all technology that is built on top of servlets such as JAX-RS. Security features are configured using the servlet deployment descriptor, that is, the web.xml
file.
This can happen in several ways...