1.8. Enabling Declarative Security

The Java EE security elements that have been covered so far describe the security requirements only from the application's perspective. Because Java EE security elements declare logical roles, the application deployer maps the roles from the application domain onto the deployment environment. The Java EE specifications omit these application server-specific details.

To map application roles onto the deployment environment, you must specify a security manager that implements the Java EE security model using JBoss server specific deployment descriptors. The details behind the security configuration are discussed in Example 12.11, “ JndiUserAndPass Custom Login Module”.