In this chapter, we will cover how to secure Java EE applications by taking advantage of GlassFish's built-in security features.
Java EE security relies on the Java Authentication and Authorization Service (JAAS) API. As we shall see, securing Java EE applications requires very little coding. For the most part, securing an application is achieved by setting up users and security groups to a security realm in the application server, then configuring our applications to rely on a specific security realm for authentication and authorization.
Some of the topics we will cover include:
Security realms are, in essence, ...