I'm developing a Java application with an Angular front end and a Java-based backend that will connect to an SQL database for general data storage. In addition, I plan to include an internal encrypted database for securely storing user accounts and passwords. The application will be deployed on Linux (RHEL), Windows, and potentially macOS systems.
When the application is first installed on a user's machine, I need to securely retrieve a list of user accounts (with appropriate authorization), their passwords, and privilege sets (roles/permissions) from the system, similar to how Plesk or cPanel manage system user accounts for authentication into a web interface.
My questions are:
What is the best way to securely retrieve user accounts and their privilege sets during the application's installation process on different OSes (Linux, Windows, macOS)?
How can I ensure these accounts and privileges are securely stored in the internal encrypted database?
Are there any libraries or frameworks that would simplify this process, especially when dealing with multiple operating systems?
Any guidance or advice on how to approach this would be greatly appreciated. Thanks in advance!
I was thinking originally of having Java authenticate with the OS, however this defeats the purpose. I will just have during the setup process the user setup passwords, store them encrypted in some SQL database for authentication. This makes more sense as JAVA is typically running in a Virtual machine completely separate of the OS. This can also make it more secure, as if the OS gets breached, unless you have the passwords for the encrypted files, your data is safe.