I have a simple
JEE application which is deployed to
JBoss 5.1.0.GA. The application consists of EJB3 entities, session beans and
servlets and later, will include Web Services.
I would like to begin working out how to apply security to the application, but I'm not sure where to start.
I've been pawing over all the documentation available for JBoss (as well as JEE), but I'm not sure what it is I want to look at.
Based on the JEE documentation, I know how to secure the resources in the application to particular roles. I believe I just need to map my runtime users to the application roles.
Do I then just need to build a Login Module (is that the right term?) and configure JBoss AS to use it?
I was not able to find any information on creating a Login Module and configuring JBoss AS. Can you please provide me with a pointer?
Is this JAAS, or is there a newer/better technology available for doing this?
Using this, is it possible to maintain my list of users and roles in my application database, such that it can be updated dynamically?
Thank you for any pointers.