Paul , can you post some link about JVM security options? it is possible to create authorization module with realm, like it is in EJB.
for example use my costum realm for user authorization to use my JNDI DataSource.
I have app on Glassfish server with remote EJBs, which use JPA for database query.
I discovery that unauthorized users can lookup preconfigured DataSource on Glassfish server.
how can I protect DataSource from unauthorized users?