Security is a wide ranging topic which operates on many levels and covers many technologies. The technologies involved include networks, operating systems, database systems, and application servers as well as manual procedures.
Application level security in the context of Java EE applications is provided by web and EJB containers. Since this is a book about EJB 3, most of this chapter will be concerned with EJB container security. However, as EJBs are often invoked from the web-tier we will take a brief look at web container security later in this chapter.
In this chapter we will cover the following topics:
Java EE container security
Authentication
GlassFish authentication
Authenticating an EJB client
Declarative and programmatic EJB authorization
Web-tier authentication and authorization