For more information about security in Java EE applications, see:
Java EE 6 Specification:
The Sun GlassFish Enterprise Server v3 Application Development Guide includes security information for application developers.
The Sun GlassFish Enterprise Server v3 Administration Guide includes information on setting security settings for the Enterprise Server.
The Sun GlassFish Enterprise Server v3 Application Deployment Guide includes information on security settings in the deployment descriptors specific to the Enterprise Server.
EJB 3.1 Specification (JSR-318):
Implementing Enterprise Web Services 1.3 (JSR-109):
Java Platform, Standard Edition 6 security information:
http://java.sun.com/javase/6/docs/technotes/guides/security/
Java Servlet Specification, Version 3.0:
JSR 181: Web Services Metadata for the Java Platform:
JSR 250: Common Annotations for the Java Platform:
The Java SE discussion of annotations:
http://java.sun.com/javase/6/docs/technotes/guides/language/annotations.html
JSR 115: Java Authorization Contract for Containers 1.3:
Chapter 24 of the CORBA/IIOP specification, Secure Interoperability:
Java Authentication and Authorization Service (JAAS) in Java Platform, Standard Edition:
http://java.sun.com/developer/technicalArticles/Security/jaasv2/index.html
Java Authentication and Authorization Service (JAAS) Reference Guide:
http://java.sun.com/javase/6/docs/technotes/guides/security/jaas/JAASRefGuide.html
Java Authentication and Authorization Service (JAAS): LoginModule Developer’s Guide:
http://java.sun.com/javase/6/docs/technotes/guides/security/jaas/JAASLMDevGuide.html