Security, specifically authentication and authorization, is one of the least well understood parts of Java EE. This is despite the fact that most Java EE application servers, including GlassFish have extremely robust infrastructures for securing Java EE applications. This is why it is no surprise that one of the most popular entries on celebrated Java EE advocate and German author Markus Eisele's blog is about securing GlassFish Java EE applications. I thought it is useful to highlight that entry here.
In the entry, Markus explains step-by-step how to setup the database with security data, setting up the database in GlassFish, creating the secure application in NetBeans, setting up the GlassFish security realm, write the secure application and configure application security.