The following parties are responsible for administering security for enterprise applications:
System Administrator
The system administrator is responsible for setting up a database of users and assigning those users to the proper group. The system administrator is also responsible for setting properties on the Enterprise Server that enable the applications to run properly. In terms of security, some examples include setting up a default principal to role mapping, anonymous users, default users, and propagated identities. More information on system administrator responsibilities is found in Sun GlassFish Enterprise Server v3 Administration Guide. When needed for this tutorial, the steps for performing specific steps will also be provided herein.
Application Developer/Bean Provider
The application developer/bean provider is responsible for annotating the classes and methods of the enterprise application in order to provide information to the deployer about which methods need to have restricted access. This tutorial describes the steps necessary to complete this task.
Deployer
The deployer is responsible for taking the security view provided by the application developer and implementing that security upon deployment. This document provides the information needed to accomplish this task for the tutorial example applications. For more information on deployment, the best source for the Enterprise Server is the Sun GlassFish Enterprise Server v3 Application Deployment Guide.