Declarative vs programmatic security
I'm going to develope for the first time a web application using JEE with Servlets, and for the user's authentication and authorization I'm going to use container-managed security, as recommended by the JEE 6 tutorial, in a typical fashion: the user presents username/password once for the login, and next he/she presents a session id within a cookie. Finally, he/she can logout.
My question is: is it possible to achieve that only with declarative security, or am I forced to use programmatic security?
Thanks in advance!