1. The user enter the id and password in a Jsp. 2. jsp directed the request to a servlet 3. Servlet create an instance of session bean and call one of its method "validate user" 4. Validate user method is creating an instance of "User Entity bean" for verification and returns true or false.
My question is " is there any other alternative to Entity bean (other than Hibernate) to verify user e.g Can I do it writing JDBC code? if yes , where should i write the JDBC code, in another session bean or in a simple DAO Java class?
Yes you can use anything that can access a database or even some other means, if the data isn't in a database.
If you use JDBC, I would definitely put it in a seperate DAO POJO Java class.
For another example, say you used JBoss and Tomcat, with JBoss you can create a Security Domain that uses a simple properties file, database, or LDAP, then have your WebApp use that Security Domain and you are set.