16.3. The EJB security API

The EJB security model is a subset of the J2EE security model, which also includes support for Web components (JSPs and servlets). It is technically an authorization model, since it is concerned with the granting or denial of access to clients that have already been authenticated by the container; authentication is assumed to have happened before any substantive interaction with the system has occurred. This model is intended to isolate the application developer from the technicalities of transport layer security and authentication, allowing better attention to the needs of the application. To recap, the EJB security model, as part of the J2EE model, has the following main features.

  • It centers on the concept of roles ...

Get Applied Enterprise JavaBeans™ Technology now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.