In this section, we'll cover how to configure a JAX-RS application to challenge the clients for valid authentication credentials.

The basic authentication configuration depends on the web container being used. Throughout this book, we have used the GlassFish server for every application that required a Java web container; therefore, this example also assumes GlassFish as the target server for running the RESTful web APIs. We'll only look at the basic authentication configuration for the latest version of GlassFish (version 4.x).

The problem to solve is restricting the access for RESTful web services by creating a set of users for a specific security realm. A security realm is a mechanism used for protecting application resources. It gives you the ability to protect a resource by defining the security constraints and user roles for granting or restricting access. Let's see how the security realms are defined in the GlassFish server for securing the deployed resources.