Hi, I am working on a project and am very new to the security API. I dont have any idea about security in JAVA. My project contains servlets, jsp's, ejb's and a database managed by IBM DB2. Could you please suggest a good resource, book or online tutorial which could help me to progress. I need to develop authentication using usernames and passwords, authorization for different types of users with different roles and other security related issues I may need to implement. I would prefer a resource which uses EJB 3.0(if at all it uses it) as I an SCBCD 5 certified. I tried the doc tutorials and guides available on java.sun.com but I found them really confusing. Please suggest something easy yet very helpful.
The http://faq.javaranch.com/java/SecurityFaq links to introductory material about JAAS, including two recent JavaRanch Journal articles (whose author hangs out here at the ranch, ready to answer questions).
Note that most web apps don't use JAAS, but the servlet security that's built into the servlet API (which gets defined in the web.xml file). [ August 11, 2008: Message edited by: Ulf Dittmer ]