As I'm playing with the idea to port some large applications from Java EE 5 to Java EE 6 I've been trying to gather info on how to create secure Java EE 6 applications.

I've summarized the result of my quest at my blog:

http://cup-of-java.blogspot.com/2012/03/java-ee-6-security.html

Any feedback is more than welcome. If anyone has other interesting ideas or design patterns for constructing secure Java EE 6 applications, please let me know.

Kind Regards,
Frank.