Sun GlassFish Enterprise Server v3 Prelude Developer's Guide

Application Level Security

For an individually deployed web or EJB module, you define roles using @DeclareRoles annotations or role-name elements in the Java EE deployment descriptor files web.xml or ejb-jar.xml.

To map roles to principals and groups, define matching security-role-mapping elements in the sun-ejb-jar.xml or sun-web.xml file for each role-name used by the application. For more information, see Roles, Principals, and Principal to Role Mapping.