Next, we then need to provide a Resource Name , an optional Description , and URL
Pattern(s) for the pages belonging to our security constraint. A common practice is to
group all pages belonging to a security constraint under a sub folder of the Web Pages
folder, a practice we followed in our example. All administrative pages are under the
admin folder, therefore the URL pattern to access them is /admin/* , meaning any URL
beginning with /admin , after the context root of our application.In our application
we will have a single JSP named admin.jsp in the admin folder. This JSP will only be
accessible after the user enters a valid username/password combination.
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
<meta http-equiv="Content-Type" content="text/html;
Had this been a real admin page, you would have been
able to administer the system from here!
GlassFish-Specific Security Configuration
The configuration presented in this section is part of the Java EE specification, and,
as such, must take place regardless of what application server we are using to deploy
our application. Application server vendors may optionally require additional
steps. In this section we will cover the steps needed to deploy on GlassFish, the
Java EE application server bundled with NetBeans. Consult your application server
documentation for additional information on other application servers.