- JEE security handles roles for managing suitable access to appropriate resources by users and groups
- Authorization in JEE is of two forms, programmatic and declarative authorization
Declarative
- In declarative authorization, the security information is listed in deployment descriptors
- These deployment descriptors are accessed by application servers and determine whether a role is assigned to a user and also decides role is able to access a particular resource
Example code for Declarative Authorization
Programmatic
- Programmatic authorization is performed by using APIs and functions such as isUserInRole()
Example code for Programmatic Authorization
Cheng® 