The name reflection is used to describe code which is able to inspect other code in the same system (or itself).
For example, say you have an object of an unknown type in Java, and you would like to call a 'doSomething' method on it if one exists. Java's static typing system isn't really designed to support this unless the object conforms to a known interface, but using reflection, your code can look at the object and find out if it has a method called 'doSomething' and then call it if you want to.
So, to give you a code example of this in Java (imagine the object in question is foo) :
Method method = foo.getClass().getMethod("doSomething", null);
method.invoke(foo, null);
One very common use case in Java is the usage with annotations. JUnit 4, for example, will use reflection to look through your classes for methods tagged with the @Test annotation, and will then call them when running the unit test.
There are some good reflection examples to get you started at http://docs.oracle.com/javase/tutorial/reflect/index.html
And finally, yes, the concepts are pretty much similar in other statically typed languages which support reflection (like C#). In dynamically typed languages, the use case described above is less necessary (since the compiler will allow any method to be called on any object, failing at runtime if it does not exist), but the second case of looking for methods which are marked or work in a certain way is still common.
Update from a comment:
The ability to inspect the code in the system and see object types is
not reflection, but rather Type Introspection. Reflection is then the
ability to make modifications at runtime by making use of
introspection. The distinction is necessary here as some languages
support introspection, but do not support reflection. One such example
is C++
There are several differences between HashMap and Hashtable in Java:
Hashtable is synchronized, whereas HashMap is not. This makes HashMap better for non-threaded applications, as unsynchronized Objects typically perform better than synchronized ones.
Hashtable does not allow null keys or values. HashMap allows one null key and any number of null values.
One of HashMap's subclasses is LinkedHashMap, so in the event that you'd want predictable iteration order (which is insertion order by default), you could easily swap out the HashMap for a LinkedHashMap. This wouldn't be as easy if you were using Hashtable.
Since synchronization is not an issue for you, I'd recommend HashMap. If synchronization becomes an issue, you may also look at ConcurrentHashMap.
Best Solution
Security is composed of following aspects:
Authentication: - this consists of checking the credentials of the user; most of the times this is implemented through login mechanism. Your task of creating login page is part of authentication.
Authorization: - application resources need to be protected from unauthorized access that means when ever user requests for protected resource, application need to ensure that user has appropriate access rights. This is generally done by assign roles to the user and putting request filters that verify the access rights of the user. This part is more critical and requires detailed design analysis. Just authenticating user is not enough, you need to ensure that protected resources are not accessed by those users who are not authorized for the same.
Transport layer security: - system architecture need to ensure that data being transfered over the network doesnot fall into hands of hackers or sniffers. SSL/TSL is used for achieving this
J2EE containers and frameworks like Spring security provide common functionalities for each of the security aspect.
What you are trying to develop is simple authentication mechanism. Application security is more demandind when it comes to access control i.e. authorization.
Also security need to scalable i.e. as business needs changes for integrating systems and security your system should be able to adapt to things like Single Sign On (SSO), LDAP authentication etc.
Though JAAS and container security is good enough for scaling but there are few restrictions with the same. For example you would need to depend on vendor specific configurations and adapters. Your application would declare security needs in deployment descriptors and server administrators need to configure security realms at server end.
I would recommend you to evaluate Spring Security (previously Acegi Security) framework. We have been using the same in many of our projects and found it to be robust, customizable and easy to implement. It comes with set of filters that intercept your request and provide access control. Framework can be used to validate users against various user repositories such as database, LADP servers, OS Security etc. It is extensible and can be integrated with SSO servers. It also provides useful taglibraries for controlling access to parts within JSP pages. Not only that this framework also provides method level security that can be imposed at class level through Spring AOP framework