I am developing a Portal application and using jboss portal for this purpose. My current application authenticates the user from jboss DB, using the j_security_check servlet with username and password as POST parameters.
Now, if I use firebug or any HTTP monitor, then I can see the username and password, which is a security issue.
What is the better and secure way of authentication in jboss?
Securing web applications is a vast subject. It entirely depends on your needs.
From your post, what you want (to start with) is a secure communication. You can use SSL with JBoss to ensure a secure channel. I recommend you to take a look at the JBoss security documentation. I am sure you will have more concrete doubts / concerns when you start working with it - then we will try to help :)
I found a very good source of JBoss information JBoss in Action. It refers to JBoss 5 so many areas might be outdated, but other would still apply. I am using JBoss 6 and has been of great help.
