Java Security Architecture

I am using ActiveMQ to connect a number of application modules written in Java.

I eventually would have a web interface for the application, developed in开发者_如何学编程 either Grails, Struts2, or Rails.

My 2 main concerns are:

1. to have an external security module that is not bound to the Web Framework in use.
2. to have an independent security db

Any recommendations for this Architecture?

You should place all your components within a secured firewall. Then you wouldn't need to worry about any kind of security for ActiveMQ. If not a firewall, you should have a way to whitelist your components so only you can connect to them.

For the database, I recommend having one user that read data and one user that writes data. Separating this permissions will be a closer step to someone deleting you data.

You need to secure both parts of your application. For the first part go with Amir Raminfar's answer, and insure that your running on secure servers. Also make sure to use what ever security features are built into MQ to allow the components to communicate securely. For Web Security there is no good way I know of to have a framework agnostic security setup. An option for you may be Spring Security You should be able to integrate it with Struts and there is a Grails Plugin This should make it easier to do security in a relatively common way whether you use Struts or Grails but you will probably not be able to easily use Spring Security from Ruby.