The people themselves (using the application) need to be educated enough to not do idiotic things like leaving browsers open and unattended and such. The biggest security hole you have is the people with authorization using the system.
Of course that shouldn't really be your concern, you should be dealing with the software part of security which is a lot more straightforward (use proper authentication techniques, apply encryption, etc.). Your question doesn't really have anything to do with Java programming.
> It seems simple so I ask should I be concerned with any other methods?
They steal your login information. Or you just give it to them because they seem legitimate. Or someone at your company does so.
They break into or just walk into the physical location of the server, and start messing with it. Or put it on a dolly and roll it out the door and mess with it at their leisure at some other location.
The client leaves the machine logged in for "just a second" as they run an errand and someone messes with the app.
They reconfigure the app to use their database not yours.
They steal the code, analyze it, and find a hole.