Web applications are created by a developer, who then gives, sells, or otherwise transfers the application to the deployer for installation into a runtime environment. It is useful for the developer to communicate attributes about how the security should be set up for a deployed application. As with the web application directory layout and deployment descriptor, the elements of this section are required only as a deployment representation, not a runtime representation. However, it is recommended that containers implement these elements as part of their runtime representation. |