7.2. J2EE Platform Security Model
The J2EE platform container provides a set of security-related system services to its applications and clients. These built-in container services simplify application development because they remove the need for the application developer to write the security portion of the application logic.
Security on the J2EE platform is primarily declarative and is specified externally from the application code. Declarative security mechanisms used in an application are expressed via a declarative syntax in a configuration document called a deployment descriptor. The declarative security model has the advantage of enabling you to easily change these declarative settings to match security policy.
Declarative references in ...