JSR-220: Enterprise JavaBeans 3.0:
http://jcp.org/en/jsr/detail?id=220
Chapter 24 of the CORBA/IIOP specification, Secure Interoperability:
http://www.omg.org/cgi-bin/doc?formal/02-06-60
Java Authentication and Authorization Service (JAAS) in Java 2, Standard Edition (J2SE) 1.4
http://java.sun.com/developer/technicalArticles/Security/jaasv2/index.html
Java Authentication and Authorization Service (JAAS) Reference Guide
http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html
Java Authentication and Authorization Service (JAAS): LoginModule Developer's Guide
http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASLMDevGuide.html
Java EE 5 Specification at
http://jcp.org/en/jsr/detail?id=244
Java 2 Standard Edition, v.1.5.0 security information:
http://java.sun.com/j2se/1.5.0/docs/guide/security/index.html
JSR 250: Common Annotations for the Java Platform:
http://jcp.org/en/jsr/detail?id=250
The API specification for Java Authorization Contract for Containers:
http://jcp.org/en/jsr/detail?id=115
The Developer's Guide for the Application Server includes security information for application developers:
http://docs.sun.com/doc/819-3659
The Administration Guide for the Application Server includes information on setting security settings for the Application Server:
http://docs.sun.com/doc/819-3658
The Application Deployment Guide for the Application Server:
http://docs.sun.com/doc/819-3660