Security Responsibilities
The goal of security in the J2EE architecture is to reduce the effort required by the EJB developer to secure the application by allowing greater coverage from more qualified EJB roles. The EJB container provides the implementation of the security infrastructure, whereas the deployer and the system administrator define the security policies. This eliminates any hard-coded security in the EJB code, and allows portability across multiple EJB servers that use different security mechanisms.
The application assembler (which could be the same party as the EJB developer) defines the security roles for an application composed of one or more EJBs, JSPs, and/or servlets. The assembler defines (declaratively in the deployment descriptor) ...
Get Sams Teach Yourself EJB in 21 Days now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
