Understanding security features in GlassFish
Besides being fully compliant with the Java EE security model, the GlassFish Server also supports several additional capabilities. Overall, the GlassFish Server's security features include the following:
Full compliance with the Java EE security model.
Supports multiple authentication realms, and supports customized realm.
Supports both declarative and programmatic security configuration.
Supports Java Authorization Contract for Containers (JACC) pluggable authorization (JSR-155).
Supports message-level security for web service components.
Supports single sign-on across all GlassFish Server applications within a single security domain.
Supports Programmatic logins.
In the following sections, we will discuss the security features of the GlassFish Server, and we will also introduce necessary utilities and tools which can be used to configure these security features. First, let's see how we can manage user authentication in GlassFish.