What options do I have to enforce authentication/authorization in a java web app ? From my research, there's:
- JAAS
- JNDI
- Spring security
Any others ? Does JEE5 or JEE6 have anything new ?
Asked
Active
Viewed 556 times
0
-
Which granularity do you want for authorization? Restrict access to some URL / method invocation for given user / role is enough for you? Or you want restrict access to domain objects (access control lists)? – Maksym Demidas Jan 23 '13 at 14:06
-
I want to be able to group users into groups; then prevent/allow groups to access URLs. – canadadry Jan 23 '13 at 14:11
-
Do you use already Spring Framework in this application? – Maksym Demidas Jan 23 '13 at 14:23
2 Answers
0
See Securing Web Applications chapiter for JEE6. Also you can consider Apache Shiro as alternative for Spring Security. If you already use Spring Framework then just go with Spring Security.
Maksym Demidas
- 7,707
- 1
- 29
- 36
0
if you do not want to implement the identity-provider by yourself, you can consider using OpenID. This way, you can use any OpenID provider to provide the authentication/authorization.
In addition, you can consider OAuth2.
Do not mix between the two, there are many posts here that can explain the differences...
