I come from an ASP.NET background. In ASP.NET, there is built-in support for users and roles. My question is, does JSP have anything similar or is everything built from scratch? I have not been able to find a good resource to answer this application structure type of question.
+2
A:
The Servlet API supports user/role based authentication and security. Tomcat (among others) includes built in support for authenticating using a variety of sources: xml file, database, LDAP, etc.
Asaph
2009-09-23 14:07:52
+1
A:
You could also consider using Spring MVC as a fairly lightweight web framework over JSP. Spring has a very capable authentication & authorization model (right down to method level on objects) using Spring Security (was Acegi) interceptors which can use the sorts of sources that Asaph talks about. You don't need to use Spring MVC in order to use Spring Security if you don't want to.
If you're going to be running your JSPs in a full J2EE server like JBoss, WebLogic or WebSphere there are a whole load of security options that come with such containers incl. integration with AD users and groups.
Trevor Tippins
2009-09-23 23:55:15