posted 15 years ago
i think yes: the declarative authorization improves maintainability, because there is less code and all the work is done by tested application server.
the programmatic security can become difficult to maintain because of duplicated code and nonuniform implementation styles.
However declarative security may not be sufficient is some situation!
GiUsEpPe (SCJP, SCWCD, SCBCD, IBM OOAD, SCEA/OCMJEA 5)