In an enterprise computing environment, there are many security risks. The goal of the GlassFish Server is to provide highly secure, interoperable, and distributed component computing based on the Java EE security model. Security goals include:
Full compliance with the Java EE security model. This includes EJB and servlet role-based authorization.
Support for single sign-on across all GlassFish Server applications within a single security domain.
Support for web services message security.
Security support for application clients.
Support for several underlying authentication realms, such as simple file and Lightweight Directory Access Protocol (LDAP). Certificate authentication is also supported for Secure Socket Layer (SSL) client authentication. For Solaris, OS platform authentication is supported in addition to these.
Support for declarative security through GlassFish Server specific XML-based role mapping.
Support for Java Authorization Contract for Containers (JACC) pluggable authorization as included in the Java EE specification and defined by Java Specification Request (JSR) 115.
Support for JavaTM Authentication Service Provider Interface for Containers as included in the Java EE specification and defined by JSR 196.
Support for Web Services Interoperability Technologies (WSIT) as described in Metro Users Guide.