I'd recommend taking a look at Apache Shiro: http://shiro.apache.org/

我建议看看 Apache Shiro：http: //shiro.apache.org/

It handles the security portion of your application and gives you a great deal of flexibility in how to secure things. For example, you can add an annotation to secure individual methods (for example: you can't run this method unless you are an admin), individual pages (for example: you can't load this page unless you are an admin), and URL patterns (you must be admin to access anything containing /admin/* in the url).

它处理应用程序的安全部分，并在如何保护事物方面提供很大的灵活性。例如，您可以添加注释以保护单个方法（例如：除非您是管理员，否则无法运行此方法）、单个页面（例如：除非您是管理员，否则无法加载此页面），和 URL 模式（您必须是管理员才能访问 url 中包含 /admin/* 的任何内容）。

Give how complex it can be do to security right, Shiro is very simple to use. It may take just a bit to get your head around some of the concepts initially, but Shiro does a very good job of hiding as much of the complexity as possible. Also the user list is very responsive and extremely helpful.

考虑到安全性可以做到多么复杂，Shiro 使用起来非常简单。最初可能需要一点时间来理解一些概念，但 Shiro 做得非常好，尽可能多地隐藏了复杂性。此外，用户列表非常敏感且非常有帮助。

If you use Tapestry, you might look at http://tynamo.org/tapestry-security+guideIt makes it very easy to get Shiro up and running in a Tapestry application and gives you some easy to use tags to use in your templates.

如果您使用 Tapestry，您可以查看http://tynamo.org/tapestry-security+guide它使在 Tapestry 应用程序中启动和运行 Shiro 变得非常容易，并为您提供了一些易于使用的标签以在您的模板中使用.

Shiro isn't going to give you OpenID, OAuth or Facebook integration out of the box, but chances are high you will need to customize that part to your application. I believe there is some work being done to help integrate functions that will help enable these types of authentication into the framework.

Shiro 不会为您提供开箱即用的 OpenID、OAuth 或 Facebook 集成，但您很有可能需要为您的应用程序定制该部分。我相信正在做一些工作来帮助集成功能，这些功能将有助于将这些类型的身份验证纳入框架。

Some of the frameworks that build on Shiro may offer more of what you are looking for. For example, http://tynamo.org/tynamo-federatedaccounts+guidewill give you more support for federated logins in a tapestry application. It is still in the early stages, but might be working looking at if you are using Tapestry. Even if it doesn't do exactly what you need, it might provide some good examples to look at.

一些构建在 Shiro 上的框架可能会提供更多您正在寻找的东西。例如，http://tynamo.org/tynamo-federatedaccounts+guide将为您提供更多对挂毯应用程序中的联合登录的支持。它仍处于早期阶段，但如果您正在使用 Tapestry，它可能会起作用。即使它不能完全满足您的需求，它也可能提供一些很好的示例供您参考。

You also might be interested in: http://static.springsource.org/spring-security/site/

您可能还对以下内容感兴趣：http: //static.springsource.org/spring-security/site/

As a side note: In addition to security there are probably a bunch of other technologies that you will need in a typical web project. You may need security, persistence, basic user management, etc. If you create many web applications, it might be worth creating a maven archetype that lets you quickly get a new basic application up and running so you can start coding with all the initial structure already in place. AppFuse tries to do this, but it aims more at allowing you many different choices when it comes to web frameworks. If you know what technology you are going to use, having a startup app that is customized for your needs can be a huge timesaver.

附带说明：除了安全性之外，在典型的 Web 项目中可能还需要许多其他技术。您可能需要安全性、持久性、基本用户管理等。如果您创建了许多 Web 应用程序，那么创建一个 maven 原型可能是值得的，它可以让您快速启动并运行一个新的基本应用程序，以便您可以开始使用所有初始结构进行编码已经到位。AppFuse 试图做到这一点，但它更多地是为了让您在 Web 框架方面有许多不同的选择。如果您知道要使用什么技术，那么拥有一个根据您的需求定制的启动应用程序可以节省大量时间。

I'd look at Apache Shiro or Spring Security.

我会看看 Apache Shiro 或 Spring Security。