I am planning to have same structure for web and swing client.Both will connect web tier and then talk with EJB tier. So in documentation ,or diagram how i can handle security.Any SCEA can help me Please....!!!
Hi Try using delerative security;I'm assuming you are implementing Session Facade to prevent direct access to the business logic layer. In web.xml identify the methods that a particular role can access. I am also assuming that the user has been authenticated and authorized to used the application to start with. Cheers