Finally, it should be noted that many of the features described in this chapter can be specified at three levels: container, service, and resource level. Of special interest is the fact that we can configure security at the resource level. For example, we can set different authorization mechanisms for a service and its resources, so that stateless operations can be performed without authorization, but stateful operations do require an authorized user.

Throughout the following chapters, we will see exactly what can be configured at each of the three levels.