Security is a fundamental element of any IT environment. You must be able to control access to your systems, also known as authentication, and manage access to resources based on the rights of users or groups. The latter process is also known as authorization. Additionally, in order to prevent disclosure of critical information to unauthorized individuals or systems, you have to use a protocol that provides encryption of the information.

After this short preamble, let's see how security is implemented in the application server. At the time of writing, release 7.0 of the application server ships with the Picketbox framework (http://picketbox.jboss.org/), which provides the authentication, authorization, ...