There are two "kinds" of users -- application users and server admin users in GlassFish.
The application users are configured using authentication realm. Thus, say you deploy a blog
application to GlassFish and want to create users "joe", "blo" and "mac". Then, you create these users in default realm, configure your blogging application web.xml/sun-web.xml to use
that realm and applying security constraints. Alternatively, you can use LDAP or database etc.
By default, the above users will be stored in a file named "keyfile" in server's configuration folder.
Admin users are a big deal ;). They can administer your application server, but not the specific
applications you have deployed onto that server. An example of an admin user is the one whose credentials you enter on admin console login screen. Yes, you can do something
similar as well here as well. You can configure LDAP for this, or alternatively, you can create
another admin user who can login to the admin console and *administer* the server in his/her
own right. A special security realm for this purpose is called "admin-realm".
Note however that all admin users are same in GF. There is no role-based access control.
-Kedar
[Message sent by forum member 'km' (km)]
http://forums.java.net/jive/thread.jspa?messageID=356309