If you want to create secure areas of a web application, you need to configure the security roles by
modifying the project's deployment descriptors.
When configuring the security roles for your web application, you define your security roles in web.xml.
If the target server for your application is the GlassFish server, you need
to edit glassfish-web.xml to map the security roles to the users and groups defined on
the server.
You map security roles by adding a principal or group to a security role.
A security role can have more than one principal or group.
You can use the IDE to help you edit glassfish-web.xml to map security roles.
To map security roles:
In the Projects window of the IDE, double-click glassfish-web.xml located in the Configuration Files directory of your web application project.
Click the Security tab in the visual editor.
Click Add Security Role Mapping to create a new security role.
The security roles are determined by the security roles defined in web.xml.
If web.xml already defines a security role, the role is listed in glassfish-web.xml.
For more on defining security roles in web.xml, see
web.xml Visual Editor: Security Roles
Expand the security role node to view the properties of the security role.
Click Add Principal or Add Group to open the Add Principal or Add Group dialog box.
In the dialog box, enter the name of the principal or group to add to the selected security role.
The name of the principal or group must match a name specified on the GlassFish server.
The principals and groups specified in glassfish-web.xml must be valid for the
realm as configured on the GlassFish application server.
For more on setting users and groups on the GlassFish server,
see Managing Users for the GlassFish Application Server.
For more on configuring security, see the chapter on securing applications in the Oracle GlassFish Server Application Development Guide: