Security is a key element of any enterprise application. You must be able to control and restrict who is permitted to access your applications and what operations users may perform.

The Java Enterprise Edition (Java EE) specification defines a simple, role-based security model for Enterprise Java Beans (EJBs) and web components. The implementation of JBoss security is delivered by the PicketBox framework (formerly known as the JBoss security), which provides authentication, authorization, auditing, and mapping capabilities to Java applications.

As the number of topics concerned with security requires a book in its own right, this chapter will focus on the topics that are of interest to the majority of administrators and developers. We will cover the following topics in detail: