This chapter describes how to write secure Java EE applications, which contain components that perform user authentication and access authorization for the business logic of Java EE components.
For information about administrative security for the Oracle GlassFish Server, see the Oracle GlassFish Server 3.1 Security Guide.
For general information about Java EE security, see Part VII, Security, in The Java EE 6 Tutorial.
The following topics are addressed here:
Note - The Web Profile of the GlassFish Server supports the EJB 3.1 Lite specification, which allows enterprise beans within web applications, among other features. The full GlassFish Server supports the entire EJB 3.1 specification. For details, see JSR 318.