Sams Teach Yourself J2EE™ in 21 Days

Security in Web Applications and Components

The Web security features of J2EE use the same model as the EJB security. Security is implemented using declarations in the deployment descriptor and programming in the Web pages. Authorization is enforced using roles and principals in the same manner as EJB security.

The key concepts for the Web security model are

Single login— A client is only required to authenticate itself once to access all Web pages in the same realm. The Web server defines security realms, and the deployer decides to which realm each Web application belongs. Each realm can use a different authentication mechanism (effectively, a different collection of usernames).
Spans multiple applications— An authenticated client should be ...

Get Sams Teach Yourself J2EE™ in 21 Days now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Sams Teach Yourself J2EE™ in 21 Days by Martin Bond, Dan Haywood, Debbie Law, Andy Longshaw, Peter Roxburgh

Security in Web Applications and Components

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly