I plan to create a Java EE application in which, obviously, there will be users, groups and rights.
As this application is all new, I'll use Java EE 6 and EJB security annotations : @RolesAllowed, @DeclareRoles, ...
In this context, I'm looking for a way to implement simply the users/groups/roles management. So, is there any lib I could plug in my webapp that would allow me to create users, groups and assign them roles ? Or will i have to do all that job by myself ?
EDIT From what I've discovered, this can be achieved using a JDBC Realm. More specifically, using as an example Flexible JDBC Realm, all I have to do is to declare Users/Groups in my application, then bind them to that realm. Am I right ?
Turned out there is no real JavaEE spec for that : if the realm definition is covered by JavaEE spec, most of the realm code is specific to both application server and underlying storage system.