2

I am new to Java EE, so to learn Java EE (EJB+CDI+either Zkoss/JSF 2.0) I am trying to build a sample application.

In this application I don't want to use any spring-security related stuff. I do want the Authentication+Authorization mix which is provided by Spring Security. Further more I want to have tags which might help me on the view part as well.

I tried searching on the Internet for this. I found something called Apache Shiro. I don't want to use any other framework.

Can anyone please provide any necessary guide lines that how can I achieve this using the Java EE stack? Is there any specification? Or how can I implement it if I have to write my custom code? Any examples that you guys have come accross would be great if you guys share.

Arjan Tijms
  • 37,782
  • 12
  • 108
  • 140
Bilbo Baggins
  • 2,899
  • 10
  • 52
  • 77

2 Answers2

2

I strongly recommend PicketLink for your JavaEE application. It's CDI-managed (so you don't need Spring or other heavy-weight framework), has a big pack of tutorials and quite simple for beginners.

UPD: It's JBoss dependent.

Everv0id
  • 1,862
  • 3
  • 25
  • 47
0

You should use JAAS if you don't want to use any framework. You will have to research about JAAS. You can look at http://docs.oracle.com/javase/7/docs/technotes/guides/security/jaas/JAASRefGuide.html

muasif80
  • 5,586
  • 4
  • 32
  • 45
  • 1
    JAAS is not the universal framework you probably think it is. See http://arjan-tijms.omnifaces.org/2014/02/jaas-in-java-ee-is-not-universal.html – Arjan Tijms Mar 18 '15 at 21:38