views:

51

answers:

2

I'm looking for a servlet filter library that helps me secure our web service against unauthorized usage and DDoS.

We have "authorized clients" for our web service, so ideally the filter would help detect clients that aren't authorized or behave improperly, or detect multiple people using the same account. Also we need a way to prevent DoS'ing of our various services since we have an open-account policy -- limiting the number of simultaneous connections for a user, etc.

We've looked at the Tomcat LockOutFilter and such but those are fairly primitive and only prevent against one sort of attack.

Of course there are many application-specific components of the solution, but I was wondering if someone had written up a general solution as a starting point.

A: 

If you are using Spring then Acegi security is pretty complete.
Here is a series of tutorial articles.
It looks like you might be able to run this without needing Spring everywhere, See here.

Romain Hippeau
+1  A: 

Apache Shiro is an interesting security solution (it was called jSecurity before joining Apache.org). I find their source code much easier to understand and tweak for my needs, and also to integrate it.

A. Ionescu