Security responsibilities are assigned to the following:
The application developer is responsible for the following:
Specifying roles and role-based access restrictions for application components.
Defining an application’s authentication method and specifying the parts of the application that are secured.
An application developer can use tools such as NetBeans to edit application deployment descriptors. These security tasks are discussed in more detail in the Security chapter of The Java EE 5 Tutorial, which can be viewed at Java EE 5 Tutorial.
The application deployer is responsible for:
Mapping users or groups (or both) to security roles.
Refining the privileges required to access component methods to suit the requirements of the specific deployment scenario.
The system administrator is responsible for:
Configuring security realms.
Managing user accounts and groups.
Managing audit logs.
Managing server certificates and configuring the server’s use of secure sockets layer (SSL).
Handling other miscellaneous system-wide security features, such as security maps for connector connection pools, additional JACC Providers, and so on.
A system administrator uses the Admin Console to manage server security settings and keytool to manage certificates. This document is intended primarily for system administrators.