Java Authentication Library

I am developing a server/client Java application where I need to authent开发者_JAVA百科icate the client before sending data, also I need to encrypt the sent data after authentication and to ensure its freshness

I am wondering what is the best library that I could use to do that?

---

Take a look at the security module in the Spring framework. Pretty much covers all the common authentication and authorisation services

---

Java Authentication and Authorization Service is a part of Java spec since SE 1.4. The API is fairly well-defined, but as it has been written with goal of covering every possible auth backend (including LDAP, smart card and similar stuff) it may bring too much functionality overhead.

Apache Shiro is one of libraries/frameworks that I am aware of, that build upon JAAS, abstracting it's concepts and making them generally easier to use. The second one is jGuard, but as of Dec 2013 it seems to not being maintained anymore.

---

You could integrate with an existing LDAP (or Active Directory) registry using OpenLDAP ( http://www.openldap.org/jldap/ ).

---

You could use Public Key Encryption and do client authentication based on certificates.
Check out JSSE of SUN on secure sockets

---

If you are not using Spring and you are using some off-the-shelf server framework, look there - most include authorization modules.