Authorization, or access control, is the process of restricting operations to specific roles. In contrast with authentication, EJB authorization is completely application server independent. The EJB specification provides two kinds of authorization: declarative and programmatic. With declarative authorization all security checks are performed by the container. An EJB's security requirements are declared using annotations or deployment descriptors. With programmatic authorization security checks are hard-coded in the EJBs code using API calls. However, even with programmatic authorization the container is still responsible for authentication and for assigning roles to principals.
EJB 3 Developer Guide
By :
EJB 3 Developer Guide
By:
Overview of this book
Table of Contents (18 chapters)
EJB 3 Developer Guide
Credits
About the Author
About the Reviewers
Preface
Free Chapter
Introduction to the EJB 3 Architecture
Session Beans
Entities
Object/Relational Mapping
The Java Persistence Query Language
Entity Manager
Transactions
Messaging
EJB Timer Service
Interceptors
Implementing EJB 3 Web Services
EJB 3 Security
Annotations and Their Corresponding Packages
Customer Reviews