Which one of the following is a responsibility of the EJB Container with regards to EJB security?
Answer & explanation given is:
The EJB Container is required to provide a security domain and one or more principal realms to the enterprise bean's.
Answer 1 is correct, the EJB Container provides a security domain and one or more principal realms to the enterprise bean's. The EJB architecture does not specify how an EJB Server should implement a security domain, and does not define the scope of a security domain. A security domain can be implemented, managed, and administered by the EJB Server. The EJB Server can, but is not required to, provide support for multiple security domains, and/or multiple principal realms.
My doubt is on page 623 HF book, it says that EJB 2.0 container is only required to give "one security domain and one principal realm (multiple realm is not guaranteed)".
What is correct? Also, is there any difference between ejb 2.0 container and ejb 2.0 server because I see both terms used in ejbcertificate exam.