Part I Development Tasks and Tools
1. Setting Up a Development Environment
Part II Developing Applications and Application Components
GlassFish Server Specific Security Features
Roles, Principals, and Principal to Role Mapping
How to Set a Realm for an Application or Module
Pluggable Audit Module Support
Changing Permissions for an Application
Enabling and Disabling the Security Manager
Configuring Message Security for Web Services
Message Security Responsibilities
Application Developer Responsibilities
Application Deployer Responsibilities
System Administrator Responsibilities
Application-Specific Message Protection
Using a Signature to Enable Message Protection for All Methods
Configuring Message Protection for a Specific Method Based on Digital Signatures
Understanding and Running the Sample Application
To Set Up the Sample Application
Programmatic Login Precautions
Granting Programmatic Login Permission
User Authentication for Single Sign-on
Adding Authentication Mechanisms to the Servlet Container
The GlassFish Server and JSR 196
Writing a Server Authentication Module
Sample Server Authentication Module
Compiling and Installing a Server Authentication Module
Configuring a Server Authentication Module
Binding a Server Authentication Module to Your Application
6. Using the Java Persistence API
7. Developing Web Applications
8. Using Enterprise JavaBeans Technology
9. Using Container-Managed Persistence
12. Developing Lifecycle Listeners
13. Developing OSGi-enabled Java EE Applications
Part III Using Services and APIs
14. Using the JDBC API for Database Access
15. Using the Transaction Service
16. Using the Java Naming and Directory Interface
This chapter describes how to write secure Java EE applications, which contain components that perform user authentication and access authorization for the business logic of Java EE components.
For information about administrative security for the Oracle GlassFish Server, see the Oracle GlassFish Server 3.1 Security Guide.
For general information about Java EE security, see Part VII, Security, in The Java EE 6 Tutorial.
The following topics are addressed here:
Note - The Web Profile of the GlassFish Server supports the EJB 3.1 Lite specification, which allows enterprise beans within web applications, among other features. The full GlassFish Server supports the entire EJB 3.1 specification. For details, see JSR 318.