HTML and CSS Reference
As shown in the bolded lines, in the security constraint part, only weatherUser role is able to access the resources
under the protected folder ( /protected/* ). In the login configuration part, the authentication method is set to FORM
(i.e., form-based Authentication), the realm name is set to WeatherRealm , and finally in the form login configuration,
the login page is set to be home.xhtml (which is shown in Listing 12-3), while the error page (which will be shown
when the user fails to log in) is set to be error.xhtml . When the user login succeeds, the user will be forwarded to
weather.xhtml page under protected folder.
weatherUser role defined for the application must be mapped to groups defined on the application server. For
GlassFish, you can define the mapping between role and group in a configuration file ( glassfish-web.xml ) as shown
in Listing 12-5.
Listing 12-5. glassfish-web.xml File
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC ...>
As shown in the configuration file, role name ( weatherUser ) is mapped to an actual group name ( weather_user )
which exists in the realm repository ( WeatherRealm ).
WeatherRealm is the store of the users and groups for the weather application; as you may remember, we had an
APP_USER table which we used in order to store the application users. Thanks to JDBCRealm (which is supported in GlassFish
and some of the other Java EE application servers), you can make your existing users/groups database a realm; however, we
need to add another database table ( APP_GROUP ) in order to define the groups of the users as shown in Figure 12-1 .
Figure 12-1. Modifications in the weather application data model
Listing 12-6 shows the SQL statements which contain the attributes of both APP_USER and APP_GROUP and the
relation between them.