Jeanne Boyarsky wrote:Amit,
EJB has a "deployment descriptor" which is an XML file. Among other things this XML file contains security roles for which roles can access an EJB - or specific methods on one. The EAR sets up what the roles mean - they can map to LDAP, specific users, etc.
thank you jeanne.
but this roll setting we can do with web.xml also right? so where is the difference actually?
one again i know this must sound a dumb question but please reply.