I have a glassfish application and am trying to figure out what type of
security and how to implement it. I am eventually hoping to place this in a
cloud environment to host for customers.
The application calls for a remote admin to login and create users and
their passwords so that these users can login and use the application.
I was going through the Glassfish server docs and thought that since users
will not be hosting the app (I will), then it wouldn't make much sense for
them to use deployment descriptors or container managed security which
declaritive security appears to be. So it seems I would have to implement
programmatic security.
Am I on the right track here?