Running a secure application in Glassfish Embedded Server - Part II
By nitkal on Mar 17, 2010
Following the previous post illustrating how to run a secure ejb application on GlassFish embedded server, this post aims to focus on running a secure web application using GlassFish embedded server. Here is a sample web-app (with context-root - simpleweb) and restricts access to file users of group "tester". (Please examine the web.xml and sun-web.xml for details). It has been configured for BASIC auth using file-realm. To test this web-app, an embedded server could be configured to use an existing non-embedded GlassFish instance's filesystem. The web-app could then be deployed on this embedded server.
Server.Builder builder = new Server.Builder("web-test");
EmbeddedFileSystem.Builder efsBuilder = new EmbeddedFileSystem.Builder();
Server server = builder.build();
EmbeddedDeployer deployer = server.getDeployer();
String appName = deployer.deploy(new File(testWarDir, testWar), null);
System.out.println("Deployed " + appName);
The non-embedded GlassFish instance should be configured to contain file users of group tester (that has been configured in sun-web.xml of the web-app).
./asadmin create-file-user --groups tester testuser
Now, the web-app can be accessed from the browser. (http://localhost:8080/simpleweb). In response to the challenge, the username (testuser) and password are provided to access the protected page. Here is the complete test file.
PS - The Embedded API in GlassFish 3.1 has undergone some changes (from the API used in this blog post. Please refer to this link for the latest Embedded API)