Security is an important part of the J2EE and EJB specifications, although many EJB developers argue that there is much more that the specifications need to account for from a security perspective. The J2EE 1.3 and EJB 2.0 Specifications are better than the previous versions when it comes to specifying standards for dealing with security issues. Three main security goals are set for the EJB architecture:
Lessen the burden placed on the bean provider for dealing with security issues.
Allow the EJB applications to be portable across different vendor’s servers and allow the different vendors to use different security mechanisms.
Allow support for security policies to be set by the deployer or assembler ...