In this chapter, we will cover how to secure Java EE applications by taking advantage of GlassFish's built-in security features.
Java EE security relies on the Java Authentication and Authorization Service (JAAS) API. As we will see, securing Java EE applications requires very little coding for the most part. Securing an application is achieved by setting up users and security groups to a security realm in the application server and then configuring our applications to rely on a specific security realm for authentication and authorization.
Some of the topics we will cover in this chapter include: