💖Declarative vs Programmatic Authentication

  • Sometimes, declarative security alone is not sufficient; in such cases, programmatic security enhances security by giving complex, dynamic rules and policies for application components
  • In programmatic security, business methods that are invoked help J2EE container to determine whether a caller should be given privileges or not, i.e., access or denial of permissions to a resource
  • Enhanced security can be provided by programmatic mechanism supplementing declarative security for role membership and user identity
  • J2EE container services provide application tiers and components with authentication and authorization facilities identifying service providers and callers
  • J2EE container services support declarative and programmatic authentication
  • Rules and permissions play a key role in declarative security model defined in the deployment descriptor document that is bundled with application component
  • These rules and permission are assigned by application deployer according to deployment descriptor