For more information about security in Java EE applications, see:
Java EE 5 Specification:
The Sun Java System Application Server 9.1 Developer’s Guide includes security information for application developers.
The Sun Java System Application Server 9.1 Administration Guide includes information on setting security settings for the Application Server.
The Sun Java System Application Server 9.1 Application Deployment Guide includes information on security settings in the deployment descriptors specific to the Application Server.
EJB 3.0 Specification (JSR-220):
Web Services for Java EE (JSR-109):
Java Platform, Standard Edition 6 security information:
http://java.sun.com/javase/6/docs/technotes/guides/security/
Java Servlet Specification, Version 2.5:
JSR 175: A Metadata Facility for the Java Programming Language:
JSR 181: Web Services Metadata for the Java Platform:
JSR 250: Common Annotations for the Java Platform:
The Java SE discussion of annotations:
http://java.sun.com/javase/6/docs/technotes/guides/language/annotations.html
The API specification for Java Authorization Contract for Containers:
Information on SSL specifications:
Chapter 24 of the CORBA/IIOP specification, Secure Interoperability:
Java Authentication and Authorization Service (JAAS) in Java Platform, Standard Edition:
http://java.sun.com/developer/technicalArticles/Security/jaasv2/index.html
Java Authentication and Authorization Service (JAAS) Reference Guide:
http://java.sun.com/javase/6/docs/technotes/guides/security/jaas/JAASRefGuide.html
Java Authentication and Authorization Service (JAAS): LoginModule Developer’s Guide:
http://java.sun.com/javase/6/docs/technotes/guides/security/jaas/JAASLMDevGuide.html