It is a goal of the J2EE platform to separate security from business logic, providing declarative security controls for application components . However, some applications need more control over security than can be provided by this approach. A future version of this specification will include APIs to control authentication and authorization, most likely the APIs specified by the Java Authentication and Authorization Service (http://java.sun.com/security/jaas/index.html). |