To protect passwords that would otherwise appear as clear text in your WSDL file, you can enter a Password application variable as a token. In the following example, a password application variable is created that uses the name SECRET and the password PROTECT.
From the Binding Components directory, under Servers -> GlassFish -> JBI in the Servers window, select the sun-http-binding.
The sun-http-binding Properties appear in the Properties window.
Click-on the Application Variables property ellipsis (...) button.
The Application Variables editor appears.
Click Add, select Password as your variable type, and click OK.
A new row is added to the Application Variables editor.
Enter SECRET as the name, and enter PROTECT as the value.
Because this is a password type, the characters of your password are displayed as asterisks.
Use the application variable name ${SECRET} as your WSDL password attribute, using the dollar sign and curly braces as shown.