There are VERY good options. The
J2EE standard specifies a Container-Managed security system that handles both user authentication (login) and authorization of selected services via Role-Based Access Control (RBAC). It's handled by configuring web.xml and by server-specific Realm configuration. Plus, there are methods in the J2EE API that leverage this subsystem.
You don't have to write any login code of your own at all - the container manages the process automatically. And, unlike about 95% of all the user-designed login systems I've encountered over the years, it has been subjected to professional
testing and is a well-documented standard. It's also fully implemented in all J2EE and JEE standards-compliant appservers, even the minimalist ones such as
Tomcat.
The secret of how to be miserable is to constantly expect things are going to happen the way that they are "supposed" to happen.
You can have faith, which carries the understanding that you may be disappointed. Then there's being a willfully-blind idiot, which virtually guarantees it.