This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
If I'm understanding your question right you want to know how to create users and groups for J2EE security for securing your EJB's, right? WebSphere uses any number of User Registries to store and look up this kind of information. The most common type of User Registry is an LDAP directory, but WebSphere will use the operating system's user lists in either Windows or Unix, or you can build a custom registry yourself. Kyle
If you plan a swing client and websphere, then I assume you don't have a web component. You have a business tier with EJBs. You could start by learning about the assembly-descriptor section of the ejb-jar deployment descriptor. Monson-Haefel's EJBs or Roman's Mastering EJB 2.0 should give you a good understanding.