The J2EE application programming model insulates developers from mechanism-specific implementation details of application security. The J2EE platform provides this insulation in a way that enhances the portability of applications, allowing them to be deployed in diverse security environments.

Some of the material in this chapter assumes that you understand basic security concepts. To learn more about these concepts, we recommend that you explore before you begin this chapter.

If you need to make changes to the Application Server, and have administrator privileges, read the Application Server's Administration Guide.

If you are a developer who wants to add security to existing J2EE and web services applications, you are in the right place.