In this chapter, we learned how to secure resources represented by URLs in JEE applications. The process to secure resources declaratively is not completely generic in JEE; part of it is common across all servers, specifically configurations in web.xml. Configuration of declarative security realms differs across servers. However, JEE 8 has added new Java EE Security APIs that make annotation-based configuration portable for Java classes.

We learned how to secure folders in GlassFish and Tomcat servers. We also learned how to secure RESTful web services and invoke them with security credentials in a client application.