Authenticate users and securely determine who is currently executing Java code, regardless of whether the code is running as an application, an applet, a bean, or a servlet.
Authorize users to ensure that they have the access control rights (permissions) required to do the actions performed.