Spring security in JavaEE or other sane authentication and authorization methods.
posted 2 years ago
First of all, can I use Spring security in a JavaEE and do you have any experience with it?
I'm new to JavaEE and wanted to create a simple WebApp with JSF, CDI, JPA and EJBs and create multiple restricted pages for different roles/groups.
My problem is, that JAAS doesn't support salting of the password nativly nor does it support PBKDF2.
Where as that can easily done with Spring security.
PS: I wan't to use JDBC authentification -> I have a field for the encrypted password, salt and role_id and a table with the roles.