Not sure about encryption, but authentication and access control are discussed. This realizes as the web.xml DTD specification, which contains tags for declaring security constraints for web applications (or parts of them).
Thanks Lasse. Does J2EE1.3 spec said anything about userID/password management and user-securityRole mapping? I think web.xml only defines the security-role. [ October 09, 2002: Message edited by: Jane Smith ]