I guess this thread has the solution for you:
http://forum.java.sun.com/thread.jspa?threadID=735763&messageID=4236586
At least I hope this is what you are looking for.
Wolfram
>Hi, Its second time that i post this message with hope that i find some
>answer to this.
>
>we have an application running on glassfish and it is exposed to
>internet because we have some web services , some swing client and some
>non-java client.
>as you know we can lookup the server JNDI from a remote client if we
>have the ip address and port of the server.
>we need to let this port open to outside because our swing client need
>to perform some lookups.
>
>what make me worry is security of our system, because any one can try
>and lookup into our JNDI.
>
>is there any way to do some authentication before allowing any one to
>perform lookup?
>for example passing some user/password with initialContext() properties?
>
>
>thanks
>
>(...)