Sun Java System Web Server 6.1 SP12 Programmer's Guide to Web Applications

J2SE Application Role Mapping

In the J2SE/Servlet security model, a client may be defined in terms of a security role. For example, a company might use its employee database to generate both a company-wide phone book application and payroll information. Obviously, while all employees might have access to phone numbers and email addresses, only some employees would have access to the salary information. Employees with the right to view or change salaries might be defined as having a special security role.

A role is different from a user group in that a role defines a function in an application, while a group is a set of users who are related in some way. For example, members of the groups astronauts, scientists, and (occasionally) politicians all fit into the role of SpaceShuttlePassenger.

In Sun Java System Web Server, roles correspond to users or groups (or both) configured in the active realm.