Getting Started Securing Enterprise Applications
The following parties are responsible for administering security for enterprise applications:
System administrator: Responsible for setting up a database of users and assigning them to the proper group. The system administrator is also responsible for setting GlassFish Serverproperties that enable the applications to run properly. Some security-related examples set up a default principal-to-role mapping, anonymous users, default users, and propagated identities. When needed for this tutorial, the steps for performing specific tasks are provided.
Application developer/bean provider: Responsible for annotating the classes and methods of the enterprise application in order to provide information to the deployer about which methods need to have restricted access. This tutorial describes the steps necessary to complete this task.
Deployer: Responsible for taking the security view provided by the application developer and implementing that security upon deployment. This document provides the information needed to accomplish this task for the tutorial example applications.