The problem with direct forwarding is that the client sees it as being redirected. Browser security may not tolerate that. Also, by delegating a request to the app server, your HTTPD server can still deliver any static content that is part of the page. The data returned from the GlassFish server can then be folded into it.
This configuration is quite common, as it has been used and abused with Apache HTTPd and
Tomcat servers for years. GlassFish 3.1.2 supports the same mechanism with its own interface. You do not need to open your firewall to ephemeral port access, as the JK protocol manages data transfer in-band.