Security is a very important aspect in web application development and deployment. This is especially true because web applications are accessible to anyone with a browser and Internet access. Securing an application can be done declaratively or programmatically. The following four issues are the cornerstones of web security: authentication, authorization, confidentiality and data integrity.
Authentication is to do with verifying the identity of a web entity, especially a user trying to access an application. You normally authenticate a user by asking the user for a user name and password.
Authorization is normally done after authentication is successful and is concerned with the access level an authenticated user ...