After seeing the most common security approaches of today's world, let's have a look into how security is implemented using Java EE.
Of all the Java versions, Java EE version 8 aimed to address security aspects. It contains a security API that simplifies and unifies the integration for developers.
In the simplest way, security in web applications can be implemented by proxy web servers, such as Apache or nginx. In that case, the security responsibilities are transparent to the application.
This is often the case if the enterprise application doesn't have to deal with users as domain entities.
In order to secure web services offered by the Java EE application, usually security on the servlet layer is used. This is the case for all technology that is built on top of servlets such as JAX-RS. Security features are configured using the servlet deployment descriptor, that is, the web.xml
file.
This can happen in several ways...