Create Web application, add authentification constraint in web.xml <security-constraint> <display-name> root </display-name> <web-resource-collection> <web-resource-name> secure </web-resource-name> <url-pattern> /* </url-pattern> </web-resource-collection> <auth-constraint> <role-name> USERR </role-name> </auth-constraint> </security-constraint> <login-config> <auth-method> BASIC </auth-method> <realm-name> file </realm-name> </login-config> <security-role> <description/> <role-name> USERR </role-name> </security-role> In glassfish-web.xml define Mapping role/groupname <glassfish-web-app error-url=""> <context-root> / </context-root> <security-role-mapping> <role-name> USERR </role-name> <group-name> USERGP </group-name> </security-role-mapping> </glassfish-web-app> Create user with group USERGP in file realm from glassfish administration console. Create a websocket enpoint @ServerEndpoint(value = "/endpoint" ) public class WSEndpoint { @Inject private Principal principal; @OnMessage public void onMsg(Session client, String msg) { System .out.println( "CLIENT USER = " +client.getUserPrincipal().getName()); // log user name in console System .out.println( "PRINCIPAL USER = " +principal.getName()); // log anonymous in console } @WebServlet(name = "TestAuth" , urlPatterns = { "/testauth" }) public class TestAuth extends HttpServlet { @Inject Principal principal; protected void processReq(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType( "text/html;charset=UTF-8" ); System .out.println( "REQUEST USER = " +request.getRemoteUser()); // log user name in console System .out.println( "PRINCIPAL USER = " +principal.getName()); // log anonymous in console } Create html page for test websocket <script> var ws = new WebSocket("ws://localhost:8080/endpoint"); function sendMsg () { ws.send(JSON.stringify("Message from client")); } </script> <body> <button onclick="sendMsg()">TEST</button> </body>