I have just read an article on javaworld about j2ee/jaas.
I understand that there will be apps that do care about the method level security of enterprise beans. be it session or entity. With entity beans, probably, this is J2EE answer to cope with database level user permissions.
But most apps hardly need this method level restrictions. All they are concerned about is the security at the WEB layer.
Now what i want is something like this that every request to enterprise bean carries 1 ROLE defined by me in my WEB APP. All of my enterprise beans will be security-constrained by that 1 ROLE.
How can i go about it? Please comment if you find that my approach is wrong. Please suggest what should i do then.