security of servlets

when you say security of j2ee what does it exactly means. What does a web developer should take care when developing a web app?

I think in general, security concerns come about when logging in, validating permissible actions (for a user), updating user information, etc. there's an inherent cost to security, though, so its use should be limited to only that which is necessary.

hi Mery,
Security in Web context has many angles by its own. There are issues related to access to a resourse by the end user. For eg. If u have a JSP page then whoch users or roles are allowed to access it. From which page the access could be allowed. Alo u can have some parts in that JSP page which could be accessible by certain users and not accesible by certain users.
And this can be achieved by many ways.
Regards
Mann

There are several issues, as some posts list out, it includes:
1. Authorization
2. Authentication
3. Confidentiality
4. Data Integrity
5. Non-reputitation services
For static contents, you should make sure that your site is not under attack, so that contents have been changed. For dynamic contents, you need to make sure that the content during transmission is not be changed. This is the Data Integrity.
You also need to identify the users by login, which is part of authentication. If there are some super users, like VIP users or system admin, they may carry out addition functions by Authorization.
You may also need to send some data which is not visible by unrelated parties, thus, you need encryption to perform confidentiality.
For online purchase, if a user buys something. He cannot say that the transaction does not request by him, thus you need non-reputiation services. This can be archived by digital signature.
There are more issues, but the above are the most common cases.
Nick