Hello,
I'm not a security expert and I'm not sure what kind of resources
you refer to, but here is a start.
If you are interested in EJBs get the
EJB Spec at
http://java.sun.com/products/ejb/docs.html Find the Security Management chapter and look at Bean Provider's Responsibilities. The spec is readable. See explanation of
isCallerInRole and getCallerPrincipal functions.
The same functions seem to be used in
Servlets.
For Servlet Spec
http://jcp.org/en/jsr/detail?id=154 For
JSP Spec
http://jcp.org/en/jsr/detail?id=152 http://java.sun.com/security/ has links to the JAAS Java Authentication
and Authorization Service API.
http://edocs.bea.com/wls/docs81/secintro/concepts.html - Security Concepts in Weblogic including JAAS.
Good Luck!!!