For part 2, I need to provide user authentication. The way things are looking in my design, my application will not have direct access to any database. it seems that the best way to authenticate users would be checking against one of the systems I'm integrating with, via RMI or a WebService. . A custom authenticator has always been problematic in
Java EE, normally requiring a custom "Provider" using the SPI of an app server, with all of the portability issues it entails.
Reading around, it seems that JASPIC can allow to create a vendor neutral solution for this problem.
Does this seem like over complicating the issue or a sensible solution?