Security for RESTful web application username and password reside in database?

Question

I want to provide security for my Web application.Already i provide it for Basic authentication .But now i want to provide UI to add user,privilege option to user.I google it lot but not having idea.Please some one help me to do this.Any documentation ,articles also helpful for me.

BASIC Authentication descriptor :-

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
id="WebApp_ID" version="3.1">
<display-name>JerseyAuthentication</display-name>
<welcome-file-list>
    <welcome-file>login.html</welcome-file>
</welcome-file-list>
<servlet>
    <servlet-name>Application</servlet-name>
    <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
    <init-param>
        <param-name>jersey.config.server.provider.packages</param-name>
        <param-value>org.student.resource</param-value>
    </init-param>
    <init-param>
        <param-name>jersey.config.server.provider.classnames</param-name>
        <param-value>org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>Application</servlet-name>
    <url-pattern>/*</url-pattern>
</servlet-mapping>
<security-constraint>
    <web-resource-collection>
        <web-resource-name>admin</web-resource-name>
        <url-pattern>/admin/*</url-pattern>
        <url-pattern>/user/*</url-pattern>
        <url-pattern>/others/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
        <http-method>PUT</http-method>
        <http-method>DELETE</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>admin</role-name>
    </auth-constraint>
  </security-constraint>
   <security-constraint>
    <web-resource-collection>
        <web-resource-name>user</web-resource-name>
        <url-pattern>/user/*</url-pattern>
        <http-method>GET</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>user</role-name>
    </auth-constraint>
</security-constraint>
<security-constraint>
    <web-resource-collection>
        <web-resource-name>others</web-resource-name>
        <url-pattern>/others/*</url-pattern>
        <http-method>GET</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>others</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>my-default-realm</realm-name>
</login-config>
<security-role>
    <role-name>admin</role-name>
</security-role>
<security-role>
    <role-name>user</role-name>
</security-role>
<security-role>
    <role-name>others</role-name>
</security-role>
</web-app>

tomcat-users.xml :-

 <tomcat-users >
  <user username="Murugesan" password="secret" roles="admin" />
  <user username="peeskillet"  password="superSecret" roles="user"  />
 </tomcat-users>