In an enterprise computing environment, there are many security risks. The goal of the Sun GlassFish Enterprise Server is to provide highly secure, interoperable, and distributed component computing based on the Java EE security model. Security goals include:
Full compliance with the Java EE security model. This includes EJB and servlet role-based authorization.
Support for single sign-on across all Enterprise Server applications within a single security domain.
Support for several underlying authentication realms.
Support for declarative security through Enterprise Server specific XML-based role mapping.
Support for Java Authorization Contract for Containers (JACC) pluggable authorization as included in the Java EE specification and defined by Java Specification Request (JSR) 115.
Support for JavaTM Authentication Service Provider Interface for Containers as included in the Java EE specification and defined by JSR 196.
Support for Web Services Interoperability Technologies (WSIT) as described in The WSIT Tutorial.