What is the best practice for implementing security in J2EE?

Discussions

EJB design: What is the best practice for implementing security in J2EE?

  1. Hello,

    I am looking to implement the standard J2EE security in our system. We have a user database already installed in Oracle. I would like to use this for the security layer instead of moving everything to LDAP or another location? Any suggestions?

    Regards,
    -Stephen
  2. Chapter 9 of the J2EE blueprints addresses security best practices. You can download this from http://java.sun.com/j2ee/blueprints/index.html
  3. If you mean using the existing user database for authentication then authentication is not specified in the EJB specs. App server dependent.