J2EE security?

[aplusc]

Could somebody please recommend a security framrework for J2EE applications (JSP's, servlets) that fits into the following criteria:

1. Server independent and portable (can be easily moved from one app server to another).

2. Uses a relational database for the backend. Users, groups, access lists, would be stored in database tables and can be accessed through regular SQL if needed.

3. Free/Open Source would be a big plus.

 

[sigrney]

Wrap your database logic up in a set of EJB and use the best, open-spurce (free) J2EE app server out there:

One word says it all- JBoss (

http://jboss.org)

See this link for a discussion of setting up security:

http://jboss.org/faq.jsp#FAQ-ADMIN-SECURITY