Hi,
I'm using glassfish v2.1, and I like it :-)
I'd like to impose security realm based access restrictions on an HTTP
listener or Virtual Server (I don't care which, I have a 1-1 mapping.)
Access to all web applications via that listener/server would require
authentication (BASIC or DIGEST), and I'd like to avoid adding
security-constraints to all the web.xml-s.
I understand the great benefits of flexibility and specificity the
per-application web.xml security configuration offers, I just don't
need any of it now.
Pretty much as if I had an apache proxy in front of my app. server
doing the authentication, which I wanted to skip in this deployment,
since supposedly we don't need it for serving up static content
anymore :-)
My google-foo is failing me on this one, all I can find is certificate
based authentication in the listener (I'd like a file realm backed
basic or digest), and auditing in the server.
Thanks in advance for any advice!
Gabor Szokoli