moving this to the Security forum -- please post replies there.
posted 11 years ago
If you look at the web.xml property standards, you will see that there are parameters for setting security, like who can access a webapp. In a J2EE server, you can control access to EJBs and EJB methods. These parameters only work, if there is a JASS security system loaded.
JASS is an interface, where the actual user and role information comes from depends upon the implementation of JASS.