HTTP 403 With GlassFish

If you’re getting an HTTP 403 error message with an enterprise application deployed as an EAR file using JAAS security, then there is potentially a simple fix.

In GlassFish, you need to map the JAAS security role name to a GlassFish group name. This can be done in the sun-application.xml file as shown below:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-application PUBLIC
"-//Sun Microsystems, Inc.//DTD Application Server 9.0 Java EE Application 5.0//EN"
"http://www.sun.com/software/appserver/dtds/sun-application_5_0-0.dtd">
<sun-application>
    <security-role-mapping>
        <role-name>role_name</role-name>
        <group-name>group_name</group-name>
    </security-role-mapping>
</sun-application>

If you’re developing a web project packaged as a WAR file, you need to do a similar thing, but in the sun-web.xml file instead.