In an application server such as GlassFish or JBoss we could solve this using the standard security mechanisms. To do this, just create a connection pool , a JDBC realm and implement form authentication .
Form:
<form method="POST" action="j_security_check">
<input type="text" name="j_username">
<input type="password" name="j_password">
</form>
Example of web.xml
<login-config>
<auth-method>FORM</auth-method>
<realm-name>jdbcRealm</realm-name>
<form-login-config>
<form-login-page>/login.xhtml</form-login-page>
<form-error-page>/login.xhtml</form-error-page>
</form-login-config>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Pages</web-resource-name>
<description/>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ADMINS</role-name>
</auth-constraint>
</security-constraint>
That said, this authentication template may not be enough. Frameworks such as Spring Security and Apache Shiro are commonly used in Web applications to provide more complete and flexible authentication and authorization implementations.