As in other Java enterprise applications, there are two main aspects to the securing of an EJB-based enterprise application; namely, the way the code is written and the EAR deployment configuration. As WAS ND v7 supports the EJB 3.0 API (without the need for a special feature pack) this chapter will focus on some of the new aspects introduced by that version. Throughout this chapter, when the term EJB appears, it refers to version three of the API.
The EJB 3.0 API introduced the concept of annotations for conveying security configuration information. Therefore, the chapter will use this technique to show how security can be defined and enforced. In essence, there are two security mechanisms: declarative security and programmatic security.