Securing Java EE Applications

Java EE applications are made up of components that can be deployed into different containers. These components are used to build a multi-tier enterprise applications. Security services are provided by the component container and can be implemented using declarative or programmatic techniques. Java EE security services provide a robust and easily configured security mechanism for authenticating users and authorizing access to application functions and associated data. Java EE security services are separate from the security mechanisms of the operating system.

The ways to implement Java EE security services are discussed in a general way in Securing Containers (page 866). This chapter provides more detail and a few examples that explore these security services as they relate to Java EE components. Java EE security services can be implemented in the following ways:

Some of the material in this chapter assumes that you have read Chapter 28, "Introduction to Security in Java EE", therefore we recommend that you explore that chapter before beginning this one.

This chapter includes the following topics:

Other chapters that discuss security include the following: