Configuring authorization for GlassFish
As we have mentioned, Java EE application authorization is based on roles. Whether an authenticated user can access a resource or not depends on where the user's security principal or group membership can be mapped to an authorized role.
GlassFish uses server-specific deployment descriptors to manage the mapping between users/groups in a realm and roles in an application, and the authorization is based on application roles. The following example shows a security-role-mapping
element in the sun-web.xml
deployment descriptor for a web application.
<sun-web-app> <security-role-mapping> <role-name>User</role-name> <principal-name>tom</principal-name> <principal-name>jerry</principal-name> <group-name>MouseAndCat</group-name> </security-role-mapping> <security-role-mapping> <role-name>Admin</role-name> <principal-name>adminuser</principal-name> </security-role...