Approaching the Java security API
Java EE security services provide a robust and easily configurable security mechanism to authenticate users and authorize access to application functions and the associated data. To better understand the topics related to security, we should first lay out some basic definitions:
- Authentication: This is the process by which you can verify who is currently executing an application, regardless of whether it is an EJB or a servlet (and so on). Authentication is usually performed by means of a
Loginmodule contained in a web/standalone application. The Java EE specification provides only general requirements that must be met by all compliant containers. This means that every application server provides its own authentication mechanisms, which is a problem when it comes to portability of applications and their configuration. - Authorization: This is the process by which you can verify if a user has the right (permission) to access system resources or invoke certain...
