Security, specifically authentication and authorization, is one of the least well understood parts of Java EE. This is despite the fact that most Java EE application servers, including GlassFish have extremely robust infrastructures for securing Java EE applications. This is doubly true for application servers like WebLogic which have extensive sets of authentication providers that can often be configured through simple point-and-click GUI interfaces. In this well-written blog post, Mainak Goswami explains how you can secure a Java EE/GlassFish application using LDAP (LDAP being the most widely used authentication provider in the enterprise). I thought it is useful to highlight that entry here.
Mainak explains step-by-step the basics of Java EE security, setting up LDAP in GlassFish, creating the secure application in NetBeans, setting up the GlassFish security realm, writing the secure application and configuring application security.