O'Reilly logo

Sams Teach Yourself J2EE™ in 21 Days by Peter Roxburgh, Andy Longshaw, Debbie Law, Dan Haywood, Martin Bond

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Summary

Today, you have looked at several aspects of J2EE security. You've studied basic security terminology, including the difference between authentication and authorization.

You have seen how the J2EE specification doesn't specify the authentication schemes that must be used but relies on a server to provide some form of authentication. The authenticated username is known as a J2EE principal.

J2EE authorization is based on roles defined for each EJB JAR or Web JAR in the application. Each authenticated principal can be mapped onto one or more roles.

J2EE uses declarative constraints to define authorization based on the roles defined in the application. Each method in an EJB can be authorized for all principals or a specific list of roles. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required