Hi all, I want to implement role based authorization and identity in my web services. i it's the first time i try to do this with j2ee. i am running jboss 6.4 nad j2ee 7. what i a, trying to understand :

1- how to implement role based security. My web services will expose methods with certain security levels that are to be available to certain roles.

2- how to authenticate users of my web services given that the front end is HTML5 JS (mostly react and some pure JS)

3- how to throw encryption of soap envelopes and https in the mix

4- if i have a users DB, what type of security mechanisms or frameworks can i use in j2ee to enable role based security.

I appreciate if someone could give an example or point me to somewhere where i can read preferably sample code

Thanks.