Doubts about J2EE [closed]


I am learning to work on the J2EE platform, and a series of questions have arisen, I would like a less technical response than in the documentation Oracle offers.

As a development environment selection I am using NetBeans , for its many wizards , to develop code and as an application server I am using Jboss .

The question I have is about the subject of security in J2EE applications . I have read that this topic is "delegated" to the application server by configuring what in the Jboss documentation it calls "realms" and that there are several configurations.

I've been programming php and normally the subject of security was very customizable and flexible.

My question is the following, can you make a security based on ACLs , as "users - groups - permissions"

asked by Rak 02.11.2016 в 13:44

4 answers


The security you mention of JBoss is more for the administrative part, where you configure parameters of the contained applications.

For ACLs in your application, you can use Spring Security. Surely there are other alternatives and it is entirely possible that some containers offer their own solution to this problem.

answered by 11.11.2016 в 18:52

Hello, no, server security is also used in applications since realms are used for everything and have everything integrated, only this configuration, being a server, each vendor makes its own implementation and with little documentation, there are no examples. Internet however is the best since there is already that allows you to do things like SSO and other things between applications are however nothing prevents you from doing yours using java filters

answered by 13.12.2016 в 01:01

Where I currently work, we use Spring Security, and it gives you the possibility to do what you require as user groups, etc. Regarding the server, we use GlashFish which we have not had any problem so I recommend it, the only thing I do not use is NetBeans, I occupy IntelliJ.

answered by 11.11.2016 в 21:00

I recommend using LDAP.

P.e see this:


You can do an LDAP test with "apache directory studio" and "apache directory".


Good luck ...:)

answered by 04.04.2017 в 15:25