This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I came across a tomcat example of jaas. In this example the user had set the realm as "org.apache.catalina.realm.JAASRealm". But the user was using database authentication mechanism. .i.e. in teh Login() method it had the code for access the database & getting the username and password...
So what the user of using this org.apache.catalina.realm.JAASRealm. I find that there are many other realms like org.apache.catalina.realm.JDBCRealm.
It's hard to say what exactly the code does without seeing it, but JAAS requires a LoginModule that checks the username/password against the user store - maybe that's what you were seeing?
Using JAASRealm is a bit different from the other realms, as it doesn't help so much with validating username/password (like JdbcRealm and DataSourceRealm), but rather hooks the user/role information up to the JAAS system. The benefit of using it is more about authorization than authentication.
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link: http://aspose.com