We began this chapter discussing the basic concepts of security and the difference between authentication and authorization.
Authentication is used to verify the identity of a user, while authorization is used to check if the user has the rights to access a particular resource.
WildFly uses the PicketBox framework. PicketBox sits at the top of the Java Authentication and Authorization Service (JAAS) and secures all the Java EE technologies running in the application. The core section of the security subsystem is contained in the security-domain element, which performs all the required authorization and authentication checks.
We then took a look at some of the login modules used to check user credentials against different datastores. Each login module can be used by enterprise applications in either a programmatic or a declarative way. While programmatic security can provide a fine-grained security model, you should consider using declarative security, which allows a clean separation...