Getting Started

Protecting your application is about giving the user administrator the ability to limit who can access your application and what they can do with it. To do this, you must enable your application to identify the user (authentication) and determine if this user has permission (authorization) to do whatever your application requires.

This procedure provides an overview of how to require authentication and authorization for your application in the simplest way.

Prerequisites

You have determined that you can protect your application by limiting access to the entire application as a whole.

More information: Approaches to Protecting Applications.

Procedure

Require authentication.
Edit the deployment descriptor of your module to require an authentication method.

More information: Specifying Authentication for the Java Application.
Require authorization.
Edit the deployment descriptor of your module to require a role for authorization.

More information:
- For Web applications: Configuring Security Roles Using Annotations in Web Applications.
- For EJBs: Specifying Security.
Build and deploy your application.

Result

The administrator of the target system can build UME roles from the Java EE security roles deployed with your application. Next the administrator assigns the UME roles to users.