Security in Web Applications and Components
The Web security features of J2EE use the same model as that used for EJB security. Security is implemented using declarations in the deployment descriptor and programming in the Web pages. Authorization is enforced using roles and principals in the same manner as EJB security.
The key concepts for the Web security model are
Single login-- A client is only required to authenticate itself once to access all Web pages in a security realm provided by the Web server.
Spanning of multiple applications-- An authenticated client should be able to use Web pages from different Web applications without having to log in for each application.
Association with a session-- The security credentials must be associated ...
Get Sams Teach Yourself J2EE™ in 21 Days, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.