Adam Bien's Weblog

« The EJB Overhead--Sc... | Main | Developing Java Apps... »
Friday Feb 01, 2013

Java EE Authentication and Authorization--A Free Article

Java EE authentication and authorization is more powerful and easier to use than expected. The recent Java Magazine article Secure Java EE Authentication covers Java EE security principles, dynamic and static authentication, as well as extension possibilities.

See also wisdomator--a companion, maven 3 sample application.

Thanks for reading! Feedback is, as always, highly appreciated!

Btw. there is also an Java Magazine iOS App.

See you at Java EE Workshops at MUC Airport!

Posted at 01:00PM Feb 01, 2013 by Adam Bien in Real World Java EE Patterns - Rethinking Best Practices |  Comments[3]  | Views/Hits: 4550


NEW Workshop: "JPA, NoSQL, Caching, Grids and Distributed Caches with Java EE 7", May 7th, 2013, Airport Munich

A book about rethinking Java EE Patterns

Comments:

Very good article. Thank you

The Only thing that is frustrating about JAAS is that roles are hard coded inside application code wich make it not suitable for a wide range of cases.

Posted by faissal on February 24, 2013 at 12:39 AM CET #

@faissal: in the article Adam describes how to programmatically handle the role authorization using ProgrammaticallySecuredWisdomStorage, no necessity to hard coding the role inside application...

Posted by tex on March 07, 2013 at 01:32 AM CET #

Many thanks Adam, very good article !

What if I want BASIC auth accessing a restful resource and FORM based auth accessing html pages ?

Must I break the project in 2 parts and handle 2 separate contexts where the first has BASIC auth (restful resource) and the second has FORM based auth (html pages) ?

Many thanks in advance...

Posted by tex on March 07, 2013 at 01:44 AM CET #

Post a Comment:
  • HTML Syntax: NOT allowed
Number of posts: 1063
Number of comments: 4635
Yesterday's hits: 12267
Today's hits: 352
Post reads / hour: 528
Top posts:
  1. Java EE or .NET - An Almost Unbiased Opinion : Adam Bien's Weblog
    76555
  2. Enterprise JavaFX - Dashboard, WebView and DataBinding--Free Article : Adam[...]
    70653
  3. JPA/EJB3 killed the DAO : Adam Bien's Weblog
    67911
  4. Mozilla Firefox 1.5.0 is the most used browser - at least on my blog : Adam[...]
    66534
  5. Contexts and Dependency Injection in Java EE 6 - Free Article : Adam Bien's[...]
    56638
  6. CDI With Or Without EJB 3.1 : Adam Bien's Weblog
    50277
  7. Lightweight Java EE Architectures-- A Free DevCast : Adam Bien's Weblog
    47636
  8. Using Netbeans v6.1 as a HTML Editor : Adam Bien's Weblog
    38865
  9. Generic CRUD Service aka DAO - EJB 3.1/0 Code - Only If You Really Needed :[...]
    29407
  10. Code Hard! (with Java) : Adam Bien's Weblog
    25854
Trending (last hour):
  1. Enterprise JavaFX - Dashboard, WebView and DataBinding--Free Article : Adam[...]
    15
  2. Mozilla Firefox 1.5.0 is the most used browser - at least on my blog : Adam[...]
    12
  3. JPA/EJB3 killed the DAO : Adam Bien's Weblog
    8
  4. Essential Vaadin 7 / Java EE Maven 3 POM : Adam Bien's Weblog
    7
  5. Interview With Mission Impossible Java Hacker--Fabiane Nardon : Adam Bien's[...]
    6

about.adam-bien.com
realworldpatterns.com


Real World Java EE Patterns Rethinking Best Practices
Order from amazon.de
Order from amazon.com

...the last 150 posts
AJAX, SOAP, NoSQL, EJB--All Wrong Acronyms
Maven: Lifecycle Hooks Lead To Infrequent Integrations
Real World Java EE - Devoxx 2012 Session is Online
Essential Vaadin 7 / Java EE Maven 3 POM
A Minimalistic POM For JavaEE 6/7
Exceptions Are Objects
1h With Enterprise JavaFX 8--JAX 2013 Session [German]
Dependency Injection …and there is no magic
The Raise Of Anti-Cloud Devices
Events: Enterprise JavaFX 8, Vaadin 7, Pragmatic JavaEE, Distributed Persistence and JavaOne
Dependency Injection, Inversion of Control and Convention over Configuration ...with JavaFX 8
Which Java Web Framework To Choose? The Client- vs. Server-Centric Story
Configuring Default Goal In Maven 3
JAX-RS 2.0 and Java EE 7--A Free Article
Java EE / FX Workshops, Sessions and Talks
How To Deal With Transaction Isolation Levels?
Why Not One Application Per Server / Domain?
The Master of 33degree--Interview With Grzegorz Duda
The Most Interesting NetBeans Release is Out: 7.3
Java Is The Most Popular Language (#1) In February 2013
Markdown Plugin For NetBeans 7
Modular Java EE Workshops--Interview, Podcast and A Compilable Agenda
Developing Java Apps for iOS--Codenameone, An Interview
Java EE Authentication and Authorization--A Free Article
The EJB Overhead--Screencast
Data Access Object--Reader's Questions
Useful NetBeans Shortcuts--Show Clipboard History
Roadmap To JDK 1.8
In Case Dozer Or BeanUtils Are Working Well You Have A Problem
The Java (EE) Start To 2013--Q1 Sessions, Events, Workshops
The Obvious But Ignored Way To Save Money (And Increase Productivity)
Temporary "junk" Packages Are A Best Practice
Util Packages Are Evil
Useful NetBeans Shortcuts--Go to JUnit Test
130.000 HTTP Sessions With -Xmx512m--A Scalability PoC
Lazy Loading Entities In Views Challenge--Reader's Question And Answer
Probably The Last (and Free) Java EE JUG Event This Year--Rethinking Java EE Reloaded
EJBs? Still Interesting In Java EE 7--5 Mins About Lifecycle
Listing Directory Contents with JDK 1.7 and NIO.2
Maven Ivory Towers, Configuration And Java EE Productivity--Or A Day At Devoxx 2012
SAP's NetWeaver Cloud Application Server Is Java EE 6 Web Profile Certified
NightHacking With Java FX and Java EE [Screencast]
TomEE Maven Alien--Sample Project For Maven 3, Arquillian and TomEE
@Inject vs. @EJB
Interview In The "Java Spotlight Episode 107" Podcast
Code Coverage Is Perfect …For Code Deletion
Java EE Patterns Book On Kindle--Don't Buy It Lend It (For Free)
10 Useful Java EE Tools
Java EE AirHacks MUC Afterglow
Endless Loops In Unsychronized WeakHashMap
My (Adam Bien) JavaOne Session Videos and Resources
If The Kindle Previewer Won't Start
Project connectorZ--Lean JCA 1.6 File Store
Java EE For Grownups, Airhacks, JDD and Devoxx--Some Java EE Events
Simplest Possible JAX-RS with Maven--In 3 Minutes
CloudVM From Waratek--An Interesting Product
LightFish "JavaOne" Edition--New Features
JavaOne 2012 Announcements And Surprises
JavaOne 2012, First Feedback and The Strange Thing
Real World Java EE Patterns-Rethinking Best Practices Book Available On Amazon
Project connectorZ--Lean JCA 1.6 Connector Implementations
Lightweight Java EE Screencast
Install JavaFX Application …From Apple's Mac App Store
Java Home in Maven 3
An Article About Java EE Connector Architectures 1.6 (JCA 1.6)
My JavaOne 2012 and Community Day Activities (=Java Vacations)
NetBeans--Future, Productivity and Fun. Interview With Oracle Product Manager For NetBeans: Geertjan Wielenga
Java EE--Or Who Cares About WebContainers? [GeeCON Session / Video]
How To Discover All Deployed Beans
Conveniently, Transactionally and Legally Starting Runnables …With Java EE 6
Real World Java EE 6 Patterns--Rethinking Best Practices Reloaded
Enterprise Java 2.0--A TechTalk Session
Enterprise Java 2.0, Swiss Army Knife and AirHacking -- Late Summer Java EE Events
Deployment of Enterprise Java FX Applications - A Free Article
Does CDI Injection Of SessionScoped Beans Into A Servlet Work?
Vaadin Java EE (No XML) Integration
Mocking Without Interfaces [Screencast]
Lightweight Java EE Architectures-- A Free DevCast
How To Enforce Step-By-Step Execution--A Swing Hack
(Easy) Threading and Concurrency In Java EE 6 -- A Free Article
Enterprise JavaFX - Dashboard, WebView and DataBinding--Free Article
Is in an EJB injected EntityManager thread-safe?
Summits, Jugs and AirHacks--Upcoming Java EE Events
LightFish--Now With HTTPs and Authentication Support
Why Not Private Visibility For Injected Fields [Screencast]
The Enterprise Side of JavaFX--A Free Article about LightFish
My Java EE / Java FX JavaOne 2012 Sessions
A List of Useful Java EE 6 PDF Specifications
Pretty Printing Java Source As HTML
Java EE and How to Specify The Unconventional With Convention Over Configuration [Free Article]
Summer Java EE Workshops
Great Simplification With EJB [ Screencast ]
Java SE Development Kit 7 (JDK)--Released For Mac OS X
Are Servlets Thread Safe and What Is The SingleThreadModel?
A Great Set of Java EE Examples For Tomcat On Steroids (aka TomEE)
Transparent Windows (Stage) With Java FX 2
…And The Programming Language #1 is not Java, but...
Arquillian Configuration For Embedded GlassFish 3.1.2 and Maven 3
Building Java FX 2 Libraries From Source With Maven 3
Enabling Remote Administration For Glassfish
...the last 10 comments

Adam Bien wrote:

@Lachlan,

You comment is obviously a spam. But: in this context it was funny and so I approved it :-)

thanks!,

adam

[...]

Lachlan Molineux wrote:

Tea tree soap is a fantastic soap I use it. After using this soap remove my spot and darkness.



Solamalai wrote:

Thanks a lot... No one else recommended this (or encountered this issue).



Victor Franca wrote:

@Adam, I have been developing java programs for almost 10 years. But i have to say thank you. I could realize an enormous improvement of my skils [...]

Angga wrote:

Hi Adam,

Yap I understand, lets say I want to configure url pattern or maybe JEE security, etc through @WebServlet. Should I just use the[...]

Brooke wrote:

@Adam thanks for your reply.

I tried under the latest Dev version of Glassfish (Glassfish 4.0.b87) and I received that error. I don't do[...]

Adam Bien wrote:

@Brooke,

"Can this JEE 7 code be run under any current application servers?"

The code could run on any application ser[...]

Adam Bien wrote:

@Joe,

I used "CompositeValidationExceptions" for that. See Page 284 in http://realworldpatterns.com. See GenericDTO pattern (so[...]

Adam Bien wrote:

@Brooke,

I wrote the app first, then the article. It worked for sure. No idea whether it will work now.

Will check that.

[...]

Adam Bien wrote:

@Victor,

thanks for watching! I would really like to deliver more sessions, but I have to work between the gigs :-)

I'm not a pr[...]

Links

License
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 2.0 License.