>
> Please remember that this is my first web application, and first time I have to rely on J2EE security model.
I know that, which is why we've been trying to give you an introductory overview of it. But I'm starting to think that your definition of web development and ours is very different.
Specifically:
> Most of the web applications today allows the users to register themselves, and this is not supported very well by glassfish.
You can't compare applications to the application platform. I think we've been trying to explain to you the proper way to *write* a Java EE application, when really what you've been asking us is how to *use* one. GlassFish, which is the reference implementation of Java EE, is the platform, or container, on top of which applications run. Self-registration is a feature of an application, which can choose to rely on the underlying platform to manage security or not.
I think you might be looking for a pre-packaged application like a portal or CMS. I can't give specific recommendations, but you might try
http://www.liferay.com/ and see if that meets your needs. At the risk of repeating the point too much, Liferay (and similar products) are applications that run on top of an application server like GlassFish. They already have the user provisioning built-in, and you can just worry about the content and not the business logic.
Cheers,
Bobby