Summary
Today, you have looked at several aspects of J2EE security. You've studied basic security terminology, including the difference between authentication and authorization.
You have seen how the J2EE specification doesn't specify the authentication schemes that must be used, but relies on a server to provide some form of authentication. The authenticated username is known as a J2EE principal.
J2EE authorization is based on roles defined for each EJB JAR or WAR in the application. Each authenticated principal can be mapped onto one or more roles.
J2EE uses declarative constraints to define authorization based on the roles defined in the application. Each method in an EJB can be authorized for all principals or a specific list of roles. Similarly, ...
Get Sams Teach Yourself J2EE™ in 21 Days, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
