Basic Authentication with Glassfish Web Apps

Create a User on the Server

Log-in to the server administration (usually my-domain:4848) and go to Configurationsserver-configSecurityRealmsfile.

Click on Manage Users and create one or more users.

all-green

Define a User in your Web App

Create or modify WEB-INF/web.xml

<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
		 http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
         version="3.1">

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Secure Application</web-resource-name>
            <url-pattern>/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>

        <auth-constraint>
            <role-name>cmeuser</role-name>
        </auth-constraint>
    </security-constraint>

    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>file</realm-name>
    </login-config>

    <security-role>
        <role-name>cmeuser</role-name>
    </security-role>

</web-app>

Create or modify WEB-INF/sun-web.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish Application Server 3.0 Servlet 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_3_0-0.dtd">
<sun-web-app>
    <security-role-mapping>
        <role-name>cmeuser</role-name>
        <group-name>cmeusers</group-name>
    </security-role-mapping>
</sun-web-app>

security-role-mapping will map role-name from web.xml to the users know to the server. The value for role-name therefore is not important, as long as it is mapped to an existing user on the server.