Role-Based Security
One of the challenges you often face in developing a distributed, multi-user application is how to handle security.
The authentication mechanism in the J2EE specification uses a technique called role-based security. The idea is that rather than restricting resources at the user level, you create groups of users called roles and restrict the resources by role. A single user can have more than one role. For example, a company might have employees and contractors, so you might have an application that permits different operations depending on whether you are an employee or a contractor. You might also have a manager role. If a contractor happens to be a manager, he would have two roles—contractor and manager.
There are no predefined ...
Get Special Edition Using Java™ 2 Enterprise Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
