The Enterprise Server enables you to specify a user's credentials in the JDBC realm instead of in the connection pool. Using the JDBC realm instead of the connection pool prevents other applications from browsing the database tables for the user's credentials. A user's credentials are the user's name and password.
By default, storage of passwords as clear text is not supported in the JDBC realm. Under normal circumstances, passwords should not be stored as clear text.
Create the database tables in which to store the users' credentials for the realm.
How to create the database tables depends on the database that you are using.
Add the users' credentials to the database tables that you created in Step 1.
How to add users' credentials to the database tables depends on the database that you are using.
Create a JDBC realm.
Use the Admin Console GUI for this purpose. For instructions for creating a JDBC realm, see the online help for the Admin Console GUI.
Specify the realm that you created in Step 3 as the realm for the application.
To specify the realm, modify the appropriate deployment descriptor for your application:
For an enterprise application in an Enterprise Archive (EAR) file, modify the sun-application.xml file.
For a web application in a Web Application Archive (WAR) file, modify the web.xml file.
For an enterprise bean in an EJB JAR file, modify the sun-ejb-jar.xml file.
For more information about how to specify a realm, see How to Set a Realm for an Application or Module in Sun GlassFish Enterprise Server 2.1 Developer’s Guide.
Assign a security role to users in the realm.
To assign a security role to a user, add a security-role-mapping element to the deployment descriptor that you modified in Step 4.
The following example shows a security-role-mapping element that assigns the security role Employee to user Calvin.
<security-role-mapping> <role-name>Employee</role-name> <principal-name>Calvin</principal-name> </security-role-mapping>