Java EE security- looking for guidance
I'm fairly new to the Java/web side of things (started about 2 years ago). My current project has me responsible for all aspects of a large application. My boss is requesting that I begin looking at how to implement security into our application and to be honest I'm having a hard time with were to start. We are planning to use Java EE in Eclipse with Wildfly 8 as our AS (Application Server). For starters I know he will want us to implement login/access control, and eventually we will probably need to do some secure data transmission.
I understand with Java SE I would utilize a plugin like JAAS, but I've read with J2EE there are modules built in to allow for Application/Transport/Message Layer security. But I have not been able to find any good article walking through how to implement these, which ones are best/necessary for various tasks. I'm also confused as to whether my 'security code' is suppose to reside in my Java code or on the AS, as I've found it mentioned several times the AS will handle your security. I've mostly been reading the Java EE 7 document at Oracle, but I feel it requires more familiarity with Java then I have.
If anyone could point me to some good articles, or better yet a nice hello world with security example it would be greatly appreciated. I have found one or two but they seemed to be very specific to netbeans/glassfish and I'm not sure how to translate those over to Eclipse and Wildfly.
Re: Java EE security- looking for guidance
You probably know more than I do, but have you looked into Spring Security? Spring Security