I have a question regarding Java EE security best practices. What are the advantages and disadvantages of using either annotations or a deployment descriptor to define Security for a web application? Are there cases where you favor one over the other?
Thank you in advance :)
Using annotations is elegant (you do not require additional XML files) but requires to recompile your code every time you made a change.