Java EE 6 Programmatic security, glassfish and JDBC realm

Question

I\'m exploring pure Java EE ways of doing programmatic security, especially login users, based on the jdbc realm from my glassfish server.

So basically, in my login

Answer 1

Well, there are two aspects to security in web applications : Authentication and Authorization. What you are using here is programmatic authentication (the way users are logging in) and declarative authorization (defining what users are allowed to see). There is no issue in mixing both, in my opinion.

If you keep your realm in your web.xml, your application will be more portable. (meaning you can deploy your war in e.g. a tomcat server without changes).