Back to Security Pattern Catalog

Container Managed Security

Classification Key : Core Security, Information Disclosure


Adding programmatic security solutions to an application involves extra work on development of security libraries and verification of the implementation. For many applications, the choice would be to use declarative security. How can security be added declaratively to an application?


Use standard security features provided by application container. Define application level roles at development time. Perform a mapping of these application level logical roles to users in the deployment environment at deployment time or thereafter.

Known Uses

Runtime authentication and authorization handled by container by configuring user realms for LDAP.

Related Patterns

Intercepting Web Agent


Sun Book


Authentication, Authorization, Container


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz