I need to do user authentication and set permissions for many services on my webapp. Currently, I am using a simple custom made framework to authenticate users. Now, I need to have roles, email confirmation of new users, page and services permissions etc.
I would like to hear the suggestions, experiences (good or bad) on any framework for user authentication.
Note that I need to develop on top of a simple servlet container so an application server is not a solution here.
If cost is no issue, take a look at IBM's PolicyDirector (formerly a Tivoli product?) or Entegrity's AssureAccess. I have not used either product, and I'm sure there are more commercial authentication frameworks out there as well. So, I cant comment on their ease-of-use etc.
If cost is an issue, my suggestion would be to use LDAP as an authentication solution. You will still have to roll out your own solution for role based authorization and notification.
We used the LDAP SDK from Netscape to develop an authentication scheme which works nicely. It has built in authentication methods and a host of other features. Go to http://netscape.zdnet.com/framer/hud0022460/www.zdnet.com/devhead/filters/0,9429,2133223,00.html
Can´t find it. What´s the name?