I am learning to work on the J2EE platform, and a series of questions have arisen, I would like a less technical response than in the documentation Oracle offers.
As a development environment selection I am using NetBeans , for its many wizards , to develop code and as an application server I am using Jboss .
The question I have is about the subject of security in J2EE applications . I have read that this topic is "delegated" to the application server by configuring what in the Jboss documentation it calls "realms" and that there are several configurations.
I've been programming php and normally the subject of security was very customizable and flexible.
My question is the following, can you make a security based on ACLs , as "users - groups - permissions"