In this chapter, we covered the new Security API introduced in Java EE 8. We covered how we can access different types of identity stores to retrieve user credentials, such as relational databases or LDAP databases. We also covered how the security API provides the ability to integrate with custom identity stores, in case we need to access one that is not directly supported.

Additionally, we saw how we can use different authentication mechanisms to allow access to our secured Java EE applications. This included how to implement the basic authentication mechanism provided by all web browsers, as well as how to implement form-based authentication mechanisms, where we provide custom HTML pages used for authentication. Additionally, we saw how we can use the custom form authentication mechanism provided by the security API so that we can integrate our application security with a web framework such as JSF.