J2EE Questions and Answers

What is authorization?

The process by which access to a method or resource is determined. Authorization depends on the determination of whether the principal associated with a request

through authentication is in a given security role. A security role is a logical grouping of users defined by the person who assembles the application. A deployer maps security roles to security identities.

Security identities may be principals or groups in the operational environment.