JBoss implementaiton of security is JBossSX. It both supports declarative J2EE (JEE) and role-based security model.
- Default implementation for declarative security model is JAAS.
Declarative: you declare the security roles and permissions using a standard XML message, rather than embedding in your code.
Secure access to EJBs and web components using ejb-jar.xml and web.xml deployment descriptors.
New from EJB 2.0, specify what identity an EJC should use when it invokes methods on other components.