Untitled

@Entity(name = "USERS")
public class User implements Serializable {

    private static final long serialVersionUID = 1L;
    @Id
    @Column(name = "USER_NAME")
    private String userName;
    @Column(name = "PASSWD", length = 32,
            columnDefinition = "VARCHAR(32)")
    private char[] password;
    @OneToOne(fetch = FetchType.EAGER,
      cascade = CascadeType.ALL, mappedBy = "user")
    private Role role;
    private String name;
    private String lastname;
    @ManyToOne
    private Province province;

    public User() {
    }

    public User(String userName, char[] password, ROLE role) {
        this.userName = userName;
        this.password = hashPassword(password);
        this.role = new Role(role, this);
    }

    public char[] getPassword() {
        return password;
    }

    public void setPassword(char[] password) {
        this.password = hashPassword(password);
    }

    public String getUserName() {
        return userName;
    }

    public void setUserName(String userName) {
        this.userName = userName;
    }

    public Role getRole() {
        return role;
    }

    public void setRole(Role role) {
        this.role = role;
        role.setUser(this);
    }

    public String getName() {
        return name;
    }

    public void setName(String name) {
        this.name = name;
    }

    public String getLastname() {
        return lastname;
    }

    public void setLastname(String lastname) {
        this.lastname = lastname;
    }

    public Province getProvince() {
        return province;
    }

    public void setProvince(Province province) {
        this.province = province;
    }

    @Override
    public boolean equals(Object obj) {
        if (obj == null) {
            return false;
        }
        if (getClass() != obj.getClass()) {
            return false;
        }
        final User other = (User) obj;
        if ((this.userName == null) ? (other.userName != null) :
                    !this.userName.equals(other.userName)) {
            return false;
        }
        return true;
    }

    @Override
    public int hashCode() {
        int hash = 3;
        hash = 83 * hash + (this.userName != null ? this.userName.hashCode() : 0);
        return hash;
    }

    @Override
    public String toString() {
        return "User{" + "userName=" + userName + ", password=" + password + ", role=" + role + '}';
    }


    private char[] hashPassword(char[] password) {
        char[] encoded = null;
        try {
            ByteBuffer passwdBuffer =
              Charset.defaultCharset().encode(CharBuffer.wrap(password));
            byte[] passwdBytes = passwdBuffer.array();
            MessageDigest mdEnc = MessageDigest.getInstance("MD5");
            mdEnc.update(passwdBytes, 0, password.length);
            encoded = new BigInteger(1, mdEnc.digest()).toString(16).toCharArray();
        } catch (NoSuchAlgorithmException ex) {
            Logger.getLogger(User.class.getName()).log(Level.SEVERE, null, ex);
        }

        return encoded;
    }
}


@Entity(name = "ROLES")
public class Role implements Serializable {

    public static enum ROLE {
        ADMINISTRATOR, USER
    }

    private static final long serialVersionUID = 1L;
    @Id
    @Column(name = "ROLE_NAME")
    @Enumerated(EnumType.STRING)
    private ROLE role;
    @Id
    @OneToOne
    @JoinColumn(name = "USER_NAME")
    private User user;

    protected Role() {
    }

    protected Role(ROLE role, User user) {
        this.role = role;
        this.user = user;
    }

    public ROLE getRole() {
        return role;
    }

    public void setRole(ROLE role) {
        this.role = role;
    }

    public User getUser() {
        return user;
    }

    public void setUser(User user) {
        this.user = user;
    }

    @Override
    public boolean equals(Object obj) {
        if (obj == null) {
            return false;
        }
        if (getClass() != obj.getClass()) {
            return false;
        }
        final Role other = (Role) obj;
        if (this.role != other.role) {
            return false;
        }
        if (this.user != other.user && (this.user == null ||
                    !this.user.equals(other.user))) {
            return false;
        }
        return true;
    }

    @Override
    public int hashCode() {
        int hash = 5;
        hash = 89 * hash + (this.role != null ? this.role.hashCode() : 0);
        hash = 89 * hash + (this.user != null ? this.user.hashCode() : 0);
        return hash;
    }

    @Override
    public String toString() {
        return "Role{" + "role=" + role + ", user=" + user + '}';
    }


}

<security-constraint>
   <display-name>Security Constraints</display-name>
   <web-resource-collection>
      <web-resource-name>Only Admin</web-resource-name>
      <description>only admin resources</description>
      <url-pattern>/admin/*</url-pattern>
   </web-resource-collection>
   <auth-constraint>
      <description/>
      <role-name>ADMINISTRATOR</role-name>
   </auth-constraint>
</security-constraint>
<login-config>
   <auth-method>FORM</auth-method>
   <realm-name>JDBCRealm</realm-name>
   <form-login-config>
      <form-login-page>/login.xhtml</form-login-page>
      <form-error-page>/login-error.xhtml</form-error-page>
   </form-login-config>
</login-config>
<security-role>
   <description>Administradores</description>
   <role-name>ADMINISTRATOR</role-name>
</security-role>
<security-role>
  <description>Usuario normal</description>
  <role-name>USER</role-name>
</security-role>