I'm planning to use J2EE to implement a web site that requires users to register or log in to their accounts before they can use the site. I tried implementing the login & registration methods myself, but came to realize that 1) this same code must have already been written many times, 2) creating good registration and method script isn't simple, since there are many special cases related to security. Here are a few of the special cases:
-IP addresses attempting to login should be recorded, and temporarily disabled following too many unsuccessful attempts.
-Usernames and passwords must be well-formed and able to withstand dictionary-based attacks.
-The rate of registrations from a single ip address must be limited.
-Ideally, a users would have to mirror the letters displayed in a jpeg in order to register for a new account.
If it matters, I was planning to use JBoss, MySQL, Apache, and Debian Linux.
QUESTION: How can I avoid having to write registration and login methods? Are there existing classes I can use, or are there entire frameworks that run on top of J2EE that provide registration/login functionality? How would a professional J2EE programmer build such a site?
Thank you very much!