Hello
I am completely new to login and authentication concepts. I am working on a Glassfish web application that should present general content to any visitor, and some extra content for registered users logged in with username and password.
I have been reading the Java EE tutorial about security, and I thought that the Form-based or HTTP authentication would fulfill my needs ( the visitor is asked for credentials when trying to browse a secured content ).
However, my first guess was that the registred users should be stored in an external database along with their hashed and salted password. The security for web application in Glassfish seems to rely on the realm populated manually directly on the application server ( defining user and groups and mapping them to the Roles in the application ).
Did I misunderstood what security on Glassfish is intented to ? Or can a realm be a external database outside the application server ? Any link to documentation on this topic would be useful to me.
Thank you in advance
Tart