The application developer is responsible for the following:
Specifying roles and role-based access restrictions for application components.
Defining an application’s authentication method and specifying the parts of the application that are secured.
An application developer can use tools such as deploytool to edit application deployment descriptors. These security tasks are discussed in more detail in the Security chapter of The J2EE 1.4 Tutorial, which can be viewed at http://java.sun.com/j2ee/1.4/docs/tutorial/doc/index.html.