An enterprise solution has come to be considered incomplete if the applications it enables cannot be accessed over the Web. Along with the advantages of Web enablement of enterprise applications comes the inherent vulnerability of security breaches into an enterprise system. Security must be considered from the design through deployment and administration. This chapter describes the security policies and features defined for use by J2EE Web modules, which assemble Java servlets and JSP files, as well as static content, such as HTML pages, into a single deployable unit (see Section 3.2.2 on page 59).

The sections in this chapter use concrete examples to illustrate how the security policy can be declaratively specified ...