Enterprise Server enables you to specify a user's credentials (user name and password) in the JDBC realm instead of in the connection pool. Using the jdbc type realm instead of the connection pool prevents other applications from browsing the database tables for user credentials.
By default, storage of passwords as clear text is not supported in the JDBC realm. Under normal circumstances, passwords should not be stored as clear text.
Create the database tables in which to store user credentials for the realm.
How you create the database tables depends on the database that you are using.
Add user credentials to the database tables that you created.
How you add user credentials to the database tables depends on the database that you are using.
Create a JDBC connection pool for the database.
Create a JDBC resource for the database.
Create a realm.
For instructions, see To Create an Authentication Realm.
The JAAS context should be jdbcDigestRealm for digest authentication or jdbcRealm for other authentication types.
Modify the deployment descriptor to specify the jdbc realm.
Modify the deployment descriptor that is associated with your application.
For an enterprise application in an Enterprise Archive (EAR) file, modify the sun-application.xml file.
For a web application in a Web Application Archive (WAR) file, modify the web.xml file.
For an enterprise bean in an EJB JAR file, modify the sun-ejb-jar.xml file.
For more information about how to specify a realm, see How to Configure a Realm in Sun GlassFish Enterprise Server v3 Application Development Guide.
Assign security roles to users in the realm.
To assign a security role to a user, add a security-role-mapping element to the deployment descriptor that you modified.
Verify that the database is running.
If needed, see To Start the Database
To apply the authentication, restart the server.
See To Restart a Domain.
This example shows a security-role-mapping element that assigns the security role Employee to user Calvin
<security-role-mapping> <role-name>Employee</role-name> <principal-name>Calvin</principal-name> </security-role-mapping>