I want to implement role based authorization and identity in my web services. i it's the first time i try to do this with j2ee. i am running jboss 6.4 nad j2ee 7. what i a, trying to understand :
1- how to implement role based security. My web services will expose methods with certain security levels that are to be available to certain roles.
2- how to authenticate users of my web services given that the front end is HTML5 JS (mostly react and some pure JS)
3- how to throw encryption of soap envelopes and https in the mix
4- if i have a users DB, what type of security mechanisms or frameworks can i use in j2ee to enable role based security.
I appreciate if someone could give an example or point me to somewhere where i can read preferably sample code
JBoss runs good with Picketlink. This framework can give you all security features you're looking for.