In my previous post, I used Apache Shiro to authenticate users. However, I can use basic authentication from Glassfish server.
Just like weblogic.xml at work, sun-web.xml needs to be modified with role mapping.
Depending on the security realm (admin-realm, certificate, file), I can configure different realm. To be simple, I used file realm. By clicking Manage Users, you can add username/password. This information will be stored in the keyfile (C:\glassfish3\glassfish\domains\domain1\config). Same thing can be done through asadmin console.
Above example will use BASIC authentication. A login popup screen will be prompted to the users prior to access any url (based on the url pattern). The details of form based login is in the JEE 6 Tutorial.