I came across a tomcat example of jaas. In this example the user had set the realm as "org.apache.catalina.realm.JAASRealm". But the user was using database authentication mechanism. .i.e. in teh Login() method it had the code for access the database & getting the username and password...
So what the user of using this org.apache.catalina.realm.JAASRealm. I find that there are many other realms like org.apache.catalina.realm.JDBCRealm.
It's hard to say what exactly the code does without seeing it, but JAAS requires a LoginModule that checks the username/password against the user store - maybe that's what you were seeing?
Using JAASRealm is a bit different from the other realms, as it doesn't help so much with validating username/password (like JdbcRealm and DataSourceRealm), but rather hooks the user/role information up to the JAAS system. The benefit of using it is more about authorization than authentication.