Can someone kindly explain to me what is the purpose of using the security roles, user managers and all that in the descriptor files? I quite honestly don't understand it. I mean..if I have a web-app that has a login screen that uses EJB to look up a login name and password in a database to allow someone in, why would there be server-level security and role facilities? Thanks.
- jndi entry Edmund Cheung
- Kevin Duffey