Java EE Development and Security

Java EE development refers to the standard in community-driven enterprise software developed using the Java Community Process.

Java EE security services provide a robust and easily configured security mechanism for authenticating users and authorizing access to application functions and associated data at different layers.

Security requirements in Java EE applications can be expressed using deployment descriptors.

Annotations (metadata) are used to specify information about security within a class file in Java EE security.

Components in Java EE applications are secured by the containers providing two kinds of security: declarative and programmatic security.

Declarative security in Java EE expresses an application component's security requirements using deployment descriptors, while programmatic security involves specifying security requirements in the code.

Annotations save you from having to write declarative information inside XML descriptors.

Programmatic security is useful when declarative security alone is not sufficient to express the security model of an application.

The web client requests the main application URL without authentication.

The web server returns a form for the web client to collect authentication data.

The web server consults the security policy to determine if the user is authorized to access restricted resources.

The web server returns the result of the original URL request.