We started this chapter discussing about the basic concepts of security and the difference between authentication and authorization.
Authentication is used to verify the identity of a user while authorization is used to check if the user has the rights to access a resource.
JBoss uses the PicketBox framework, sitting on top of Java Authentication and Authorization Service (JAAS) which secures all the Java EE technologies running in the application. The core section of the security subsystem is contained in the security-domain element, which performs all the required authorization and authentication checks.
Then, we took a close look at the login modules used to store the user credentials and their associated role. Each login module can be ...