This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Security and the fly likes JAAS Realm Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "JAAS Realm" Watch "JAAS Realm" New topic

JAAS Realm

Nikhil Jain
Ranch Hand

Joined: May 15, 2005
Posts: 385

I came across a tomcat example of jaas. In this example the user had set the realm as "org.apache.catalina.realm.JAASRealm". But the user was using database authentication mechanism. .i.e. in teh Login() method it had the code for access the database & getting the username and password...

So what the user of using this org.apache.catalina.realm.JAASRealm. I find that there are many other realms like org.apache.catalina.realm.JDBCRealm.

how exactly should i use the realm?

SCJP 1.4, SCWCD 1.4, SCBCD 1.5
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 41089
It's hard to say what exactly the code does without seeing it, but JAAS requires a LoginModule that checks the username/password against the user store - maybe that's what you were seeing?

Using JAASRealm is a bit different from the other realms, as it doesn't help so much with validating username/password (like JdbcRealm and DataSourceRealm), but rather hooks the user/role information up to the JAAS system. The benefit of using it is more about authorization than authentication.

Ping & DNS - my free Android networking tools app
I agree. Here's the link:
subject: JAAS Realm
Similar Threads
JPA: get entity for current user
how to jaas question ?
Custom login module & additional parameters
Authentication for different user type
Implementing custom Realm to inject user Principals