If you want to create secure areas of a web application, you need to configure the security roles by
modifying the project's deployment descriptors.
When configuring the security roles for your web application, you define your security roles in web.xml.
If you want to deploy your application to the Sun Java System Application Server, you need
to edit sun-web.xml to map the security roles to the users and groups defined on
the Sun Java System Application Server.
You map security roles by adding a principal or group to a security role.
A security role can have more than one principal or group.
You can use the IDE to help you edit sun-web.xml to map security roles.
To map security roles:
In the Projects window of the IDE, double-click sun-web.xml located in the Configuration Files directory.
Expand the Sun Web Application node in the left pane of the Sun Web Application visual editor and select a security role subnode.
The security roles subnodes are determined by the security roles defined in web.xml.
For more on defining security roles in web.xml, see
web.xml Visual Editor: Security Roles
In the Security Role Mapping pane for the security role, click Add Principal or Add Group
to open the Add Principal or Add Group dialog box.
In the dialog box, enter the name of the principal or group to add to the selected security role.
The name of the principal or group must match a name specified on the Sun Java System Application Server.
The principals and groups specified in sun-web.xml must be valid for the
realm as configured on the Sun Java System Application Server.
For more on setting users and groups on the Sun Java System Application Server,
see Managing Users for the Sun Java System Application Server.
For more on configuring security, see the chapter on securing applications in the Sun Java System Application Server Developer's Guide: