Our application is having a authentication and authorization servlet framework. Right now we are doing authentication and authorization in web tier but I don't know how to do at EJB tier. I need to
limit the database search for particular userRole. These userRoles and access properties are predifined
using the servlet framework. Pls let me know how can I use the existing servlet framework or any other possibilities(java security etc.,). Our application won't support LDAP so cannot use java security.