For more information about security in Java EE applications, see
Java EE 6 specification:
The Oracle GlassFish Server 3.0.1 Application Development Guide, which includes security information for application developers, such as information on security settings in the deployment descriptors specific to the GlassFish Server
The Oracle GlassFish Server 3.0.1 Administration Guide, which includes information on setting security settings for the GlassFish Server
Enterprise JavaBeans 3.1 specification:
Implementing Enterprise Web Services 1.3 specification:
Java SE security information:
http://download.oracle.com/javase/6/docs/technotes/guides/security/
Java Servlet 3.0 specification:
Java Authorization Contract for Containers 1.3 specification:
Java Authentication and Authorization Service (JAAS) Reference Guide:
http://download.oracle.com/javase/6/docs/technotes/guides/security/jaas/JAASRefGuide.html
Java Authentication and Authorization Service (JAAS): LoginModule Developer’s Guide:
http://download.oracle.com/javase/6/docs/technotes/guides/security/jaas/JAASLMDevGuide.html