How can I use the J2EE container to manage my user authentication?

I have a J2EE web application inside of Tomcat that I am writing.

For user login, I have stored salted password 开发者_如何学Gohashes inside of MySQL. To login, a user provides a password, it is hashed and compared to the database password. This seems OK to me, but I have heard that the container (Tomcat) provides some user authentication services.

I have looked into it a little bit, but all I can find is how to add user accounts by hand to the system. However, I would like for users to register and the container to handle the dynamic changes.

Is there a way to dynamically modify the user account list to allow people to register on the fly using the J2EE container?

If you are using Tomcat you may be interested on the JDBCRealm of which, there may be custom implementations floating around if you want to extend it. Although Tomcat is not a full blown J2EE container, you may want to read an overview of Defining Security Requirements for Web Applications for a more standard approach that works on any J2EE container.